From b68f8ca89a2fb6b33d1e78fadc33d1c35693f6b8 Mon Sep 17 00:00:00 2001
From: Keith Randall <khr@golang.org>
Date: Fri, 22 Nov 2024 15:19:35 -0800
Subject: [PATCH] crypto/internal: keep fips140/aes.NewCTR from allocating

Return a *CTR from an always-inlineable function, so the allocation
can be lifted to the callsite.

Put the potentially uninlineable code in a separate function that returns a CTR.

Fixes #70499

Change-Id: I2531a2516e4c00aba65407f3bc24a7c21dd8f842
Reviewed-on: https://go-review.googlesource.com/c/go/+/631317
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/crypto/internal/fips140/aes/ctr.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/crypto/internal/fips140/aes/ctr.go b/src/crypto/internal/fips140/aes/ctr.go
index ec1959a225..f612034d85 100644
--- a/src/crypto/internal/fips140/aes/ctr.go
+++ b/src/crypto/internal/fips140/aes/ctr.go
@@ -18,11 +18,18 @@ type CTR struct {
 }
 
 func NewCTR(b *Block, iv []byte) *CTR {
+	// Allocate the CTR here, in an easily inlineable function, so
+	// the allocation can be done in the caller's stack frame
+	// instead of the heap.  See issue 70499.
+	c := newCTR(b, iv)
+	return &c
+}
+func newCTR(b *Block, iv []byte) CTR {
 	if len(iv) != BlockSize {
 		panic("bad IV length")
 	}
 
-	return &CTR{
+	return CTR{
 		b:      *b,
 		ivlo:   byteorder.BEUint64(iv[8:16]),
 		ivhi:   byteorder.BEUint64(iv[0:8]),
-- 
2.48.1