11diff --git a/src/crypto/ecdsa/ecdsa_hash_sign_verify.go b/src/crypto/ecdsa/ecdsa_hash_sign_verify.go
22new file mode 100644
3- index 0000000000..50a39f5d0a
3+ index 0000000000..977b21958f
44--- /dev/null
55+++ b/src/crypto/ecdsa/ecdsa_hash_sign_verify.go
6- @@ -0,0 +1,45 @@
6+ @@ -0,0 +1,96 @@
77+ package ecdsa
88+
99+ import (
1010+ "crypto"
1111+ "crypto/internal/randutil"
12+ + "errors"
1213+ "io"
14+ + "math/big"
1315+
1416+ boring "crypto/internal/backend"
17+ +
18+ + "golang.org/x/crypto/cryptobyte"
19+ + "golang.org/x/crypto/cryptobyte/asn1"
1520+ )
1621+
17- + func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) ([]byte, error) {
22+ + func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) (*big.Int, *big.Int, error) {
23+ + randutil.MaybeReadByte(rand)
24+ +
25+ + if boring.Enabled() {
26+ + sig, err := HashSignASN1(rand, priv, msg, h)
27+ + if err != nil {
28+ + return nil, nil, err
29+ + }
30+ + r, s := new(big.Int), new(big.Int)
31+ + var inner cryptobyte.String
32+ + input := cryptobyte.String(sig)
33+ + if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
34+ + !input.Empty() ||
35+ + !inner.ReadASN1Integer(r) ||
36+ + !inner.ReadASN1Integer(s) ||
37+ + !inner.Empty() {
38+ + return nil, nil, errors.New("invalid ASN.1 from HashSignECDSA")
39+ + }
40+ + return r, s, nil
41+ + }
42+ + boring.UnreachableExceptTests()
43+ +
44+ + hash := h.New()
45+ + hash.Write(msg)
46+ + d := hash.Sum(nil)
47+ +
48+ + return Sign(rand, priv, d)
49+ + }
50+ +
51+ + func HashSignASN1(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) ([]byte, error) {
1852+ randutil.MaybeReadByte(rand)
1953+
2054+ if boring.Enabled() {
@@ -33,7 +67,24 @@ index 0000000000..50a39f5d0a
3367+ return SignASN1(rand, priv, d)
3468+ }
3569+
36- + func HashVerify(pub *PublicKey, msg, sig []byte, h crypto.Hash) bool {
70+ + func HashVerify(pub *PublicKey, msg []byte, r, s *big.Int, h crypto.Hash) bool {
71+ + if boring.Enabled() {
72+ + sig, err := encodeSignature(r.Bytes(), s.Bytes())
73+ + if err != nil {
74+ + return false
75+ + }
76+ + return HashVerifyASN1(pub, h, msg, sig)
77+ + }
78+ + boring.UnreachableExceptTests()
79+ +
80+ + hash := h.New()
81+ + hash.Write(msg)
82+ + d := hash.Sum(nil)
83+ +
84+ + return Verify(pub, d, r, s)
85+ + }
86+ +
87+ + func HashVerifyASN1(pub *PublicKey, h crypto.Hash, msg, sig []byte) bool {
3788+ if boring.Enabled() {
3889+ bpk, err := boringPublicKey(pub)
3990+ if err != nil {
@@ -51,7 +102,7 @@ index 0000000000..50a39f5d0a
51102+ }
52103diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify_test.go b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go
53104new file mode 100644
54- index 0000000000..65ca8a4b77
105+ index 0000000000..b73b03e975
55106--- /dev/null
56107+++ b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go
57108@@ -0,0 +1,43 @@
@@ -73,23 +124,23 @@ index 0000000000..65ca8a4b77
73124+
74125+ msg := []byte("testing")
75126+ h := crypto.SHA256
76- + hsm, err := HashSign (rand.Reader, priv, msg, h)
127+ + hsm, err := HashSignASN1 (rand.Reader, priv, msg, h)
77128+ if err != nil {
78129+ t.Errorf("%s: error signing: %s", tag, err)
79130+ return
80131+ }
81132+
82- + if !HashVerify (&priv.PublicKey, msg, hsm, h ) {
133+ + if !HashVerifyASN1 (&priv.PublicKey, h, msg, hsm ) {
83134+ t.Errorf("%s: Verify failed", tag)
84135+ }
85136+
86137+ msg[0] ^= 0xff
87- + if HashVerify (&priv.PublicKey, msg, hsm, h ) {
138+ + if HashVerifyASN1 (&priv.PublicKey, h, msg, hsm ) {
88139+ t.Errorf("%s: Verify should not have succeeded", tag)
89140+ }
90141+ }
91142+
92- + func TestHashSignAndHashVerify (t *testing.T) {
143+ + func TestHashSignAndHashVerifyASN1 (t *testing.T) {
93144+ testHashSignAndHashVerify(t, elliptic.P256(), "p256")
94145+
95146+ if testing.Short() && !boring.Enabled() {
0 commit comments