libgo: update to Go1.16beta1 release

This does not yet include support for the //go:embed directive added in this release. * Makefile.am (check-runtime): Don't create check-runtime-dir. (mostlyclean-local): Don't remove check-runtime-dir. (check-go-tool, check-vet): Copy in go.mod and modules.txt. (check-cgo-test, check-carchive-test): Add go.mod file. * Makefile.in: Regenerate. Reviewed-on: https://go-review.googlesource.com/c/gofrontend/+/280172
author: Ian Lance Taylor <iant@golang.org> 2020-12-23 09:57:37 -0800
committer: Ian Lance Taylor <iant@golang.org> 2020-12-30 15:13:24 -0800
commit: cfcbb4227fb20191e04eb8d7766ae6202f526afd (patch)
tree: e2effea96f6f204451779f044415c2385e45042b /libgo/go/crypto/ecdsa
parent: 0696141107d61483f38482b941549959a0d7f613 (diff)
download: gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.zip
gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.tar.gz
gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.tar.bz2
1 files changed, 27 insertions, 32 deletions
diff --git a/libgo/go/crypto/ecdsa/ecdsa_s390x.go b/libgo/go/crypto/ecdsa/ecdsa_s390x.go
index dcbbef3..de51cab 100644
--- a/libgo/go/crypto/ecdsa/ecdsa_s390x.go
+++ b/libgo/go/crypto/ecdsa/ecdsa_s390x.go
@@ -43,26 +43,29 @@ func canUseKDSA(c elliptic.Curve) (functionCode uint64, blockSize int, ok bool)
 	return 0, 0, false // A mismatch
 }
 
-// zeroExtendAndCopy pads src with leading zeros until it has the size given.
-// It then copies the padded src into the dst. Bytes beyond size in dst are
-// not modified.
-func zeroExtendAndCopy(dst, src []byte, size int) {
-	nz := size - len(src)
-	if nz < 0 {
-		panic("src is too long")
-	}
-	// the compiler should replace this loop with a memclr call
-	z := dst[:nz]
-	for i := range z {
-		z[i] = 0
+func hashToBytes(dst, hash []byte, c elliptic.Curve) {
+	l := len(dst)
+	if n := c.Params().N.BitLen(); n == l*8 {
+		// allocation free path for curves with a length that is a whole number of bytes
+		if len(hash) >= l {
+			// truncate hash
+			copy(dst, hash[:l])
+			return
+		}
+		// pad hash with leading zeros
+		p := l - len(hash)
+		for i := 0; i < p; i++ {
+			dst[i] = 0
+		}
+		copy(dst[p:], hash)
+		return
 	}
-	copy(dst[nz:size], src[:size-nz])
-	return
+	// TODO(mundaym): avoid hashToInt call here
+	hashToInt(hash, c).FillBytes(dst)
 }
 
 func sign(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve, hash []byte) (r, s *big.Int, err error) {
 	if functionCode, blockSize, ok := canUseKDSA(c); ok {
-		e := hashToInt(hash, c)
 		for {
 			var k *big.Int
 			k, err = randFieldElement(c, *csprng)
@@ -91,17 +94,12 @@ func sign(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve, hash
 			// different curves and is set by canUseKDSA function.
 			var params [4096]byte
 
-			startingOffset := 2 * blockSize // Set the starting location for copying
 			// Copy content into the parameter block. In the sign case,
 			// we copy hashed message, private key and random number into
-			// the parameter block. Since those are consecutive components in the parameter
-			// block, we use a for loop here.
-			for i, v := range []*big.Int{e, priv.D, k} {
-				startPosition := startingOffset + i*blockSize
-				endPosition := startPosition + blockSize
-				zeroExtendAndCopy(params[startPosition:endPosition], v.Bytes(), blockSize)
-			}
-
+			// the parameter block.
+			hashToBytes(params[2*blockSize:3*blockSize], hash, c)
+			priv.D.FillBytes(params[3*blockSize : 4*blockSize])
+			k.FillBytes(params[4*blockSize : 5*blockSize])
 			// Convert verify function code into a sign function code by adding 8.
 			// We also need to set the 'deterministic' bit in the function code, by
 			// adding 128, in order to stop the instruction using its own random number
@@ -126,7 +124,6 @@ func sign(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve, hash
 
 func verify(pub *PublicKey, c elliptic.Curve, hash []byte, r, s *big.Int) bool {
 	if functionCode, blockSize, ok := canUseKDSA(c); ok {
-		e := hashToInt(hash, c)
 		// The parameter block looks like the following for verify:
 		// 	+---------------------+
 		// 	|   Signature(R)      |
@@ -151,13 +148,11 @@ func verify(pub *PublicKey, c elliptic.Curve, hash []byte, r, s *big.Int) bool {
 		// Copy content into the parameter block. In the verify case,
 		// we copy signature (r), signature(s), hashed message, public key x component,
 		// and public key y component into the parameter block.
-		// Since those are consecutive components in the parameter block, we use a for loop here.
-		for i, v := range []*big.Int{r, s, e, pub.X, pub.Y} {
-			startPosition := i * blockSize
-			endPosition := startPosition + blockSize
-			zeroExtendAndCopy(params[startPosition:endPosition], v.Bytes(), blockSize)
-		}
-
+		r.FillBytes(params[0*blockSize : 1*blockSize])
+		s.FillBytes(params[1*blockSize : 2*blockSize])
+		hashToBytes(params[2*blockSize:3*blockSize], hash, c)
+		pub.X.FillBytes(params[3*blockSize : 4*blockSize])
+		pub.Y.FillBytes(params[4*blockSize : 5*blockSize])
 		return kdsa(functionCode, &params) == 0
 	}
 	return verifyGeneric(pub, c, hash, r, s)
author	Ian Lance Taylor <iant@golang.org>	2020-12-23 09:57:37 -0800
committer	Ian Lance Taylor <iant@golang.org>	2020-12-30 15:13:24 -0800
commit	cfcbb4227fb20191e04eb8d7766ae6202f526afd (patch)
tree	e2effea96f6f204451779f044415c2385e45042b /libgo/go/crypto/ecdsa
parent	0696141107d61483f38482b941549959a0d7f613 (diff)
download	gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.zip gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.tar.gz gcc-cfcbb4227fb20191e04eb8d7766ae6202f526afd.tar.bz2