From 7b2795a323b41e7b148bcd6f6318d67efccb0ce4 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Thu, 8 Sep 2022 17:40:10 -0400
Subject: [PATCH] Replace even more ad-hoc bytes/integer conversions.

Change-Id: I5e1d37106d7df8e8aaede295e8eb74c971553fd5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54365
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
---
 crypto/poly1305/poly1305.c | 52 +++++++++++++++-----------------------
 ssl/ssl_lib.cc             | 11 ++------
 2 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index 3017e327ed..94853b8dee 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -27,17 +27,6 @@
 
 #if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64)
 
-// We can assume little-endian.
-static uint32_t U8TO32_LE(const uint8_t *m) {
-  uint32_t r;
-  OPENSSL_memcpy(&r, m, sizeof(r));
-  return r;
-}
-
-static void U32TO8_LE(uint8_t *m, uint32_t v) {
-  OPENSSL_memcpy(m, &v, sizeof(v));
-}
-
 static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; }
 
 struct poly1305_state_st {
@@ -75,10 +64,10 @@ static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in,
   }
 
 poly1305_donna_16bytes:
-  t0 = U8TO32_LE(in);
-  t1 = U8TO32_LE(in + 4);
-  t2 = U8TO32_LE(in + 8);
-  t3 = U8TO32_LE(in + 12);
+  t0 = CRYPTO_load_u32_le(in);
+  t1 = CRYPTO_load_u32_le(in + 4);
+  t2 = CRYPTO_load_u32_le(in + 8);
+  t3 = CRYPTO_load_u32_le(in + 12);
 
   in += 16;
   len -= 16;
@@ -141,10 +130,10 @@ static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in,
   }
   len = 0;
 
-  t0 = U8TO32_LE(mp + 0);
-  t1 = U8TO32_LE(mp + 4);
-  t2 = U8TO32_LE(mp + 8);
-  t3 = U8TO32_LE(mp + 12);
+  t0 = CRYPTO_load_u32_le(mp + 0);
+  t1 = CRYPTO_load_u32_le(mp + 4);
+  t2 = CRYPTO_load_u32_le(mp + 8);
+  t3 = CRYPTO_load_u32_le(mp + 12);
 
   state->h0 += t0 & 0x3ffffff;
   state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
@@ -166,10 +155,10 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) {
   }
 #endif
 
-  t0 = U8TO32_LE(key + 0);
-  t1 = U8TO32_LE(key + 4);
-  t2 = U8TO32_LE(key + 8);
-  t3 = U8TO32_LE(key + 12);
+  t0 = CRYPTO_load_u32_le(key + 0);
+  t1 = CRYPTO_load_u32_le(key + 4);
+  t2 = CRYPTO_load_u32_le(key + 8);
+  t3 = CRYPTO_load_u32_le(key + 12);
 
   // precompute multipliers
   state->r0 = t0 & 0x3ffffff;
@@ -305,21 +294,22 @@ void CRYPTO_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) {
   state->h3 = (state->h3 & nb) | (g3 & b);
   state->h4 = (state->h4 & nb) | (g4 & b);
 
-  f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);
+  f0 = ((state->h0) | (state->h1 << 26)) +
+       (uint64_t)CRYPTO_load_u32_le(&state->key[0]);
   f1 = ((state->h1 >> 6) | (state->h2 << 20)) +
-       (uint64_t)U8TO32_LE(&state->key[4]);
+       (uint64_t)CRYPTO_load_u32_le(&state->key[4]);
   f2 = ((state->h2 >> 12) | (state->h3 << 14)) +
-       (uint64_t)U8TO32_LE(&state->key[8]);
+       (uint64_t)CRYPTO_load_u32_le(&state->key[8]);
   f3 = ((state->h3 >> 18) | (state->h4 << 8)) +
-       (uint64_t)U8TO32_LE(&state->key[12]);
+       (uint64_t)CRYPTO_load_u32_le(&state->key[12]);
 
-  U32TO8_LE(&mac[0], f0);
+  CRYPTO_store_u32_le(&mac[0], f0);
   f1 += (f0 >> 32);
-  U32TO8_LE(&mac[4], f1);
+  CRYPTO_store_u32_le(&mac[4], f1);
   f2 += (f1 >> 32);
-  U32TO8_LE(&mac[8], f2);
+  CRYPTO_store_u32_le(&mac[8], f2);
   f3 += (f2 >> 32);
-  U32TO8_LE(&mac[12], f3);
+  CRYPTO_store_u32_le(&mac[12], f3);
 }
 
 #endif  // !BORINGSSL_HAS_UINT128 || !OPENSSL_X86_64
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index f073e3ba56..1b2e9f41da 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -2822,13 +2822,6 @@ int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
   return 1;
 }
 
-static uint64_t be_to_u64(const uint8_t in[8]) {
-  return (((uint64_t)in[0]) << 56) | (((uint64_t)in[1]) << 48) |
-         (((uint64_t)in[2]) << 40) | (((uint64_t)in[3]) << 32) |
-         (((uint64_t)in[4]) << 24) | (((uint64_t)in[5]) << 16) |
-         (((uint64_t)in[6]) << 8) | ((uint64_t)in[7]);
-}
-
 uint64_t SSL_get_read_sequence(const SSL *ssl) {
   // TODO(davidben): Internally represent sequence numbers as uint64_t.
   if (SSL_is_dtls(ssl)) {
@@ -2836,11 +2829,11 @@ uint64_t SSL_get_read_sequence(const SSL *ssl) {
     assert(ssl->d1->r_epoch == (ssl->d1->bitmap.max_seq_num >> 48));
     return ssl->d1->bitmap.max_seq_num;
   }
-  return be_to_u64(ssl->s3->read_sequence);
+  return CRYPTO_load_u64_be(ssl->s3->read_sequence);
 }
 
 uint64_t SSL_get_write_sequence(const SSL *ssl) {
-  uint64_t ret = be_to_u64(ssl->s3->write_sequence);
+  uint64_t ret = CRYPTO_load_u64_be(ssl->s3->write_sequence);
   if (SSL_is_dtls(ssl)) {
     assert((ret >> 48) == 0);
     ret |= ((uint64_t)ssl->d1->w_epoch) << 48;