Google Git
Sign in
boringssl/boringssl.git/c1c81613ce5ed39c7ebd0150385ec74b30c4037d^!/.
commit
c1c81613ce5ed39c7ebd0150385ec74b30c4037d
[log]
author
David Benjamin <davidben@google.com>
Fri Nov 09 17:14:15 2018 -0600
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Tue Nov 13 03:22:04 2018 +0000
tree
27b0c0d3686d293d02f0cf5304c9a15c15c10837
parent
9f152adfcfef4e6d4d4a680460bb75f2e0754a08 [diff]
Rename EC_MAX_SCALAR_*.

These are used for field elements too.

Change-Id: I74e3dbcafdce34ad507f64a0718e0420b56b51ae
Reviewed-on: https://boringssl-review.googlesource.com/c/33070
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
index 34383e8..717e054 100644
--- a/crypto/fipsmodule/ec/ec.c
+++ b/crypto/fipsmodule/ec/ec.c

@@ -316,7 +316,7 @@
 
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
                                  const BIGNUM *b, BN_CTX *ctx) {
-  if (BN_num_bytes(p) > EC_MAX_SCALAR_BYTES) {
+  if (BN_num_bytes(p) > EC_MAX_BYTES) {
     OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FIELD);
     return NULL;
   }
@@ -350,7 +350,7 @@
     return 0;
   }
 
-  if (BN_num_bytes(order) > EC_MAX_SCALAR_BYTES) {
+  if (BN_num_bytes(order) > EC_MAX_BYTES) {
     OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
     return 0;
   }
@@ -966,9 +966,8 @@
 
   // The above does not guarantee |group->field| is not one word larger than
   // |group->order|, so read one extra carry word.
-  BN_ULONG carry = group->order.width < EC_MAX_SCALAR_WORDS
-                       ? x.words[group->order.width]
-                       : 0;
+  BN_ULONG carry =
+      group->order.width < EC_MAX_WORDS ? x.words[group->order.width] : 0;
   bn_reduce_once(out->words, x.words, carry, group->order.d,
                  group->order.width);
   return 1;

diff --git a/crypto/fipsmodule/ec/internal.h b/crypto/fipsmodule/ec/internal.h
index 7c7937b..a34ae98 100644
--- a/crypto/fipsmodule/ec/internal.h
+++ b/crypto/fipsmodule/ec/internal.h

@@ -85,10 +85,10 @@
 // Cap the size of all field elements and scalars, including custom curves, to
 // 66 bytes, large enough to fit secp521r1 and brainpoolP512r1, which appear to
 // be the largest fields anyone plausibly uses.
-#define EC_MAX_SCALAR_BYTES 66
-#define EC_MAX_SCALAR_WORDS ((66 + BN_BYTES - 1) / BN_BYTES)
+#define EC_MAX_BYTES 66
+#define EC_MAX_WORDS ((EC_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
 
-OPENSSL_COMPILE_ASSERT(EC_MAX_SCALAR_WORDS <= BN_SMALL_MAX_WORDS,
+OPENSSL_COMPILE_ASSERT(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
                        bn_small_functions_applicable);
 
 // An EC_SCALAR is an integer fully reduced modulo the order. Only the first
@@ -96,8 +96,8 @@
 // and must not be mixed between groups.
 typedef union {
   // bytes is the representation of the scalar in little-endian order.
-  uint8_t bytes[EC_MAX_SCALAR_BYTES];
-  BN_ULONG words[EC_MAX_SCALAR_WORDS];
+  uint8_t bytes[EC_MAX_BYTES];
+  BN_ULONG words[EC_MAX_WORDS];
 } EC_SCALAR;
 
 // An EC_FELEM represents a field element. Only the first |field->width| words
@@ -106,8 +106,8 @@
 // represented in Montgomery-form) may vary between |EC_METHOD|s.
 typedef union {
   // bytes is the representation of the field element in little-endian order.
-  uint8_t bytes[EC_MAX_SCALAR_BYTES];
-  BN_ULONG words[EC_MAX_SCALAR_WORDS];
+  uint8_t bytes[EC_MAX_BYTES];
+  BN_ULONG words[EC_MAX_WORDS];
 } EC_FELEM;
 
 // An EC_RAW_POINT represents an elliptic curve point. Unlike |EC_POINT|, it is

diff --git a/crypto/fipsmodule/ec/scalar.c b/crypto/fipsmodule/ec/scalar.c
index 35e3765..82f2a50 100644
--- a/crypto/fipsmodule/ec/scalar.c
+++ b/crypto/fipsmodule/ec/scalar.c

@@ -54,7 +54,7 @@
 void ec_scalar_add(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
                    const EC_SCALAR *b) {
   const BIGNUM *order = &group->order;
-  BN_ULONG tmp[EC_MAX_SCALAR_WORDS];
+  BN_ULONG tmp[EC_MAX_WORDS];
   bn_mod_add_words(r->words, a->words, b->words, order->d, tmp, order->width);
   OPENSSL_cleanse(tmp, sizeof(tmp));
 }

diff --git a/crypto/fipsmodule/ec/wnaf.c b/crypto/fipsmodule/ec/wnaf.c
index c0c2809..fd1b480 100644
--- a/crypto/fipsmodule/ec/wnaf.c
+++ b/crypto/fipsmodule/ec/wnaf.c

@@ -180,14 +180,14 @@
   size_t bits = BN_num_bits(&group->order);
   size_t wNAF_len = bits + 1;
 
-  int8_t g_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
+  int8_t g_wNAF[EC_MAX_BYTES * 8 + 1];
   EC_RAW_POINT g_precomp[EC_WNAF_TABLE_SIZE];
   assert(wNAF_len <= OPENSSL_ARRAY_SIZE(g_wNAF));
   const EC_RAW_POINT *g = &group->generator->raw;
   ec_compute_wNAF(group, g_wNAF, g_scalar, bits, EC_WNAF_WINDOW_BITS);
   compute_precomp(group, g_precomp, g, EC_WNAF_TABLE_SIZE);
 
-  int8_t p_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
+  int8_t p_wNAF[EC_MAX_BYTES * 8 + 1];
   EC_RAW_POINT p_precomp[EC_WNAF_TABLE_SIZE];
   assert(wNAF_len <= OPENSSL_ARRAY_SIZE(p_wNAF));
   ec_compute_wNAF(group, p_wNAF, p_scalar, bits, EC_WNAF_WINDOW_BITS);

diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c b/crypto/fipsmodule/ecdsa/ecdsa.c
index 0e89b43..e1395b7 100644
--- a/crypto/fipsmodule/ecdsa/ecdsa.c
+++ b/crypto/fipsmodule/ecdsa/ecdsa.c

@@ -93,7 +93,7 @@
   //
   // Montgomery multiplication accepts the looser bounds, so this isn't strictly
   // necessary, but it is a cleaner abstraction and has no performance impact.
-  BN_ULONG tmp[EC_MAX_SCALAR_WORDS];
+  BN_ULONG tmp[EC_MAX_WORDS];
   bn_reduce_once_in_place(out->words, 0 /* no carry */, order->d, tmp,
                           order->width);
 }