Skip to content

Commit 4cb22ee

Browse files
mundaymbradfitz
mundaym
authored and
bradfitz
committed
[release-branch.go1.13] crypto/ecdsa: remove s390x assembly
This is a revert of CL 174437 and equivalent to CL 201360. The size of the params block passed into the KDSA instruction is incorrect and this appears to result in out-of-bounds writes that cause a panic in the crypto/x509 tests when run on a machine that supports KDSA. Remove this assembly for now. We can revisit the use of the KDSA instruction in a future release. Fixes #34928. Change-Id: I7ad2fe9714b47ad04abc25f18aa235b9d2aef062 Reviewed-on: https://go-review.googlesource.com/c/go/+/201361 Run-TryBot: Michael Munday <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]>
1 parent 985804b commit 4cb22ee

File tree

5 files changed

+4
-251
lines changed

5 files changed

+4
-251
lines changed

src/crypto/ecdsa/ecdsa.go

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -189,21 +189,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
189189

190190
// See [NSA] 3.4.1
191191
c := priv.PublicKey.Curve
192-
e := hashToInt(hash, c)
193-
r, s, err = sign(priv, &csprng, c, e)
194-
return
195-
}
196-
197-
func signGeneric(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve, e *big.Int) (r, s *big.Int, err error) {
198192
N := c.Params().N
199193
if N.Sign() == 0 {
200194
return nil, nil, errZeroParam
201195
}
202-
203196
var k, kInv *big.Int
204197
for {
205198
for {
206-
k, err = randFieldElement(c, *csprng)
199+
k, err = randFieldElement(c, csprng)
207200
if err != nil {
208201
r = nil
209202
return
@@ -221,6 +214,8 @@ func signGeneric(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve
221214
break
222215
}
223216
}
217+
218+
e := hashToInt(hash, c)
224219
s = new(big.Int).Mul(priv.D, r)
225220
s.Add(s, e)
226221
s.Mul(s, kInv)
@@ -229,6 +224,7 @@ func signGeneric(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve
229224
break
230225
}
231226
}
227+
232228
return
233229
}
234230

@@ -246,12 +242,8 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
246242
return false
247243
}
248244
e := hashToInt(hash, c)
249-
return verify(pub, c, e, r, s)
250-
}
251245

252-
func verifyGeneric(pub *PublicKey, c elliptic.Curve, e, r, s *big.Int) bool {
253246
var w *big.Int
254-
N := c.Params().N
255247
if in, ok := c.(invertible); ok {
256248
w = in.Inverse(s)
257249
} else {

src/crypto/ecdsa/ecdsa_noasm.go

Lines changed: 0 additions & 22 deletions
This file was deleted.

src/crypto/ecdsa/ecdsa_s390x.go

Lines changed: 0 additions & 153 deletions
This file was deleted.

src/crypto/ecdsa/ecdsa_s390x.s

Lines changed: 0 additions & 31 deletions
This file was deleted.

src/crypto/ecdsa/ecdsa_s390x_test.go

Lines changed: 0 additions & 33 deletions
This file was deleted.

0 commit comments

Comments
 (0)