cybercyst/go
1
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-05-20 14:53:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert "crypto/internal/boring: use noescape and nocallback cgo directives"

Browse Source 
This reverts CL 525035.

Reason for revert: breaks many Google-internal tests (#63739), suspected miscompilation

Change-Id: I8cbebca0a187d12e16c405b2373c754e4a397ef4
Reviewed-on: https://go-review.googlesource.com/c/go/+/537598
Reviewed-by: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
This commit is contained in:
Michael Stapelberg 2023-10-25 15:04:45 +00:00 committed by Gopher Robot
parent b5f87b5407
commit 067f28ad73
2 changed files with 41 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/crypto/cipher/gcm_test.go
View File

@ -654,39 +654,3 @@ func TestGCMAsm(t *testing.T) {
} }
} }
} }
func BenchmarkGCMSeal(b *testing.B) {
key, _ := hex.DecodeString("ab72c77b97cb5fe9a382d9fe81ffdbed")
nonce, _ := hex.DecodeString("54cc7dc2c37ec006bcc6d1db")
plaintext, _ := hex.DecodeString("f1cc3818e421876bb6b8bbd6c9")
aes, _ := aes.NewCipher(key)
aesgcm, _ := cipher.NewGCM(aes)
ciphertext := make([]byte, 32)
b.SetBytes(int64(len(plaintext)))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = aesgcm.Seal(ciphertext[:0], nonce, plaintext, nil)
}
}
func BenchmarkGCMOpen(b *testing.B) {
key, _ := hex.DecodeString("ab72c77b97cb5fe9a382d9fe81ffdbed")
nonce, _ := hex.DecodeString("54cc7dc2c37ec006bcc6d1db")
plaintext, _ := hex.DecodeString("f1cc3818e421876bb6b8bbd6c9")
aes, _ := aes.NewCipher(key)
aesgcm, _ := cipher.NewGCM(aes)
ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
b.SetBytes(int64(len(ciphertext)))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := aesgcm.Open(plaintext[:0], nonce, ciphertext, nil)
if err != nil {
b.Fatal(err)
}
}
}

55
src/crypto/internal/boring/aes.go
View File

@ -7,11 +7,40 @@
package boring package boring
/* /*
#include "goboringcrypto.h" #include "goboringcrypto.h"
#cgo noescape _goboringcrypto_EVP_AEAD_CTX_seal
#cgo nocallback _goboringcrypto_EVP_AEAD_CTX_seal // These wrappers allocate out_len on the C stack, and check that it matches the expected
#cgo noescape _goboringcrypto_EVP_AEAD_CTX_open // value, to avoid having to pass a pointer from Go, which would escape to the heap.
#cgo nocallback _goboringcrypto_EVP_AEAD_CTX_open
int EVP_AEAD_CTX_seal_wrapper(const GO_EVP_AEAD_CTX *ctx, uint8_t *out,
size_t exp_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
size_t out_len;
int ok = _goboringcrypto_EVP_AEAD_CTX_seal(ctx, out, &out_len, exp_out_len,
nonce, nonce_len, in, in_len, ad, ad_len);
if (out_len != exp_out_len) {
return 0;
}
return ok;
};
int EVP_AEAD_CTX_open_wrapper(const GO_EVP_AEAD_CTX *ctx, uint8_t *out,
size_t exp_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
size_t out_len;
int ok = _goboringcrypto_EVP_AEAD_CTX_open(ctx, out, &out_len, exp_out_len,
nonce, nonce_len, in, in_len, ad, ad_len);
if (out_len != exp_out_len) {
return 0;
}
return ok;
};
*/ */
import "C" import "C"
import ( import (
@ -289,16 +318,15 @@ func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
panic("cipher: invalid buffer overlap") panic("cipher: invalid buffer overlap")
} }
var outLen C.size_t outLen := C.size_t(len(plaintext) + gcmTagSize)
expOutLen := C.size_t(len(plaintext) + gcmTagSize) ok := C.EVP_AEAD_CTX_seal_wrapper(
ok := C._goboringcrypto_EVP_AEAD_CTX_seal(
&g.ctx, &g.ctx,
(*C.uint8_t)(unsafe.Pointer(&dst[n])), &outLen, expOutLen, (*C.uint8_t)(unsafe.Pointer(&dst[n])), outLen,
base(nonce), C.size_t(len(nonce)), base(nonce), C.size_t(len(nonce)),
base(plaintext), C.size_t(len(plaintext)), base(plaintext), C.size_t(len(plaintext)),
base(additionalData), C.size_t(len(additionalData))) base(additionalData), C.size_t(len(additionalData)))
runtime.KeepAlive(g) runtime.KeepAlive(g)
if ok == 0 || outLen != expOutLen { if ok == 0 {
panic(fail("EVP_AEAD_CTX_seal")) panic(fail("EVP_AEAD_CTX_seal"))
} }
return dst[:n+int(outLen)] return dst[:n+int(outLen)]
@ -329,16 +357,15 @@ func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, er
panic("cipher: invalid buffer overlap") panic("cipher: invalid buffer overlap")
} }
var outLen C.size_t outLen := C.size_t(len(ciphertext) - gcmTagSize)
expOutLen := C.size_t(len(ciphertext) - gcmTagSize) ok := C.EVP_AEAD_CTX_open_wrapper(
ok := C._goboringcrypto_EVP_AEAD_CTX_open(
&g.ctx, &g.ctx,
base(dst[n:]), &outLen, expOutLen, base(dst[n:]), outLen,
base(nonce), C.size_t(len(nonce)), base(nonce), C.size_t(len(nonce)),
base(ciphertext), C.size_t(len(ciphertext)), base(ciphertext), C.size_t(len(ciphertext)),
base(additionalData), C.size_t(len(additionalData))) base(additionalData), C.size_t(len(additionalData)))
runtime.KeepAlive(g) runtime.KeepAlive(g)
if ok == 0 || outLen != expOutLen { if ok == 0 {
return nil, errOpen return nil, errOpen
} }
return dst[:n+int(outLen)], nil return dst[:n+int(outLen)], nil