]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 93fcd8f)
crypto/ed25519: fix TestAllocations in FIPS mode
authorFilippo Valsorda <filippo@golang.org>
Wed, 20 Nov 2024 15:11:49 +0000 (16:11 +0100)
committerGopher Robot <gobot@golang.org>
Wed, 20 Nov 2024 16:57:48 +0000 (16:57 +0000)
Change-Id: Ic36e95dba29d43e73ddf105d538c4795bc4ce557
Reviewed-on: https://go-review.googlesource.com/c/go/+/630097
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
src/crypto/internal/fips/ed25519/cast.go patch | blob | history

diff --git a/src/crypto/internal/fips/ed25519/cast.go b/src/crypto/internal/fips/ed25519/cast.go
index aa6ba668c02910e5301a87197f817c66a37ec686..8ac7a6f6884165a45b5adeacc50ad00829fbe182 100644 (file)
--- a/src/crypto/internal/fips/ed25519/cast.go
+++ b/src/crypto/internal/fips/ed25519/cast.go
@@ -14,19 +14,25 @@ import (
 
 func fipsPCT(k *PrivateKey) error {
        return fips.PCT("Ed25519 sign and verify PCT", func() error {
-               msg := []byte("PCT")
-               sig := Sign(k, msg)
-               // Note that this runs pub.a.SetBytes. If we wanted to make key generation
-               // in FIPS mode faster, we could reuse A from GenerateKey. But another thing
-               // that could make it faster is just _not doing a useless self-test_.
-               pub, err := NewPublicKey(k.PublicKey())
-               if err != nil {
-                       return err
-               }
-               return Verify(pub, msg, sig)
+               return pairwiseTest(k)
        })
 }
 
+// pairwiseTest needs to be a top-level function declaration to let the calls
+// inline and their allocations not escape.
+func pairwiseTest(k *PrivateKey) error {
+       msg := []byte("PCT")
+       sig := Sign(k, msg)
+       // Note that this runs pub.a.SetBytes. If we wanted to make key generation
+       // in FIPS mode faster, we could reuse A from GenerateKey. But another thing
+       // that could make it faster is just _not doing a useless self-test_.
+       pub, err := NewPublicKey(k.PublicKey())
+       if err != nil {
+               return err
+       }
+       return Verify(pub, msg, sig)
+}
+
 func signWithoutSelfTest(priv *PrivateKey, message []byte) []byte {
        signature := make([]byte, signatureSize)
        return signWithDom(signature, priv, message, domPrefixPure, "")
Go GOST TLS 1.3