[dev.boringcrypto] crypto/internal/boring: avoid an allocation in AES…

…-GCM Seal and Open name old time/op new time/op delta AESGCMSeal1K-8 668ns ± 1% 643ns ± 1% -3.74% (p=0.008 n=5+5) AESGCMOpen1K-8 664ns ± 2% 640ns ± 2% -3.59% (p=0.016 n=5+5) AESGCMSign8K-8 1.44µs ± 1% 1.41µs ± 2% ~ (p=0.087 n=5+5) AESGCMSeal8K-8 3.32µs ± 1% 3.31µs ± 2% ~ (p=0.690 n=5+5) AESGCMOpen8K-8 3.34µs ± 2% 3.27µs ± 2% -2.07% (p=0.032 n=5+5) name old speed new speed delta AESGCMSeal1K-8 1.53GB/s ± 1% 1.59GB/s ± 1% +3.90% (p=0.008 n=5+5) AESGCMOpen1K-8 1.54GB/s ± 2% 1.60GB/s ± 2% +3.71% (p=0.016 n=5+5) AESGCMSign8K-8 5.67GB/s ± 2% 5.79GB/s ± 2% ~ (p=0.095 n=5+5) AESGCMSeal8K-8 2.47GB/s ± 1% 2.47GB/s ± 2% ~ (p=0.690 n=5+5) AESGCMOpen8K-8 2.45GB/s ± 2% 2.50GB/s ± 2% +2.11% (p=0.032 n=5+5) name old alloc/op new alloc/op delta AESGCMSeal1K-8 8.00B ± 0% 0.00B -100.00% (p=0.008 n=5+5) AESGCMOpen1K-8 8.00B ± 0% 0.00B -100.00% (p=0.008 n=5+5) AESGCMSign8K-8 8.00B ± 0% 0.00B -100.00% (p=0.008 n=5+5) AESGCMSeal8K-8 8.00B ± 0% 0.00B -100.00% (p=0.008 n=5+5) AESGCMOpen8K-8 8.00B ± 0% 0.00B -100.00% (p=0.008 n=5+5) name old allocs/op new allocs/op delta AESGCMSeal1K-8 1.00 ± 0% 0.00 -100.00% (p=0.008 n=5+5) AESGCMOpen1K-8 1.00 ± 0% 0.00 -100.00% (p=0.008 n=5+5) AESGCMSign8K-8 1.00 ± 0% 0.00 -100.00% (p=0.008 n=5+5) AESGCMSeal8K-8 1.00 ± 0% 0.00 -100.00% (p=0.008 n=5+5) AESGCMOpen8K-8 1.00 ± 0% 0.00 -100.00% (p=0.008 n=5+5) Change-Id: Ie2de0ad6b2f59b33af267b4e04aa6dff97b4ab75 Reviewed-on: https://go-review.googlesource.com/133836 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
golang · Sep 7, 2018 · 693875e · 693875e
1 parent 4d1aa48
commit 693875e
Showing 1 changed file with 42 additions and 13 deletions.
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
@@ -9,7 +9,42 @@
 
 package boring
 
-// #include "goboringcrypto.h"
+/*
+
+#include "goboringcrypto.h"
+
+// These wrappers allocate out_len on the C stack, and check that it matches the expected
+// value, to avoid having to pass a pointer from Go, which would escape to the heap.
+
+int EVP_AEAD_CTX_seal_wrapper(const GO_EVP_AEAD_CTX *ctx, uint8_t *out,
+							  size_t exp_out_len,
+							  const uint8_t *nonce, size_t nonce_len,
+							  const uint8_t *in, size_t in_len,
+							  const uint8_t *ad, size_t ad_len) {
+	size_t out_len;
+	int ok = _goboringcrypto_EVP_AEAD_CTX_seal(ctx, out, &out_len, exp_out_len,
+		nonce, nonce_len, in, in_len, ad, ad_len);
+	if (out_len != exp_out_len) {
+		return 0;
+	}
+	return ok;
+};
+
+int EVP_AEAD_CTX_open_wrapper(const GO_EVP_AEAD_CTX *ctx, uint8_t *out,
+							  size_t exp_out_len,
+							  const uint8_t *nonce, size_t nonce_len,
+							  const uint8_t *in, size_t in_len,
+							  const uint8_t *ad, size_t ad_len) {
+	size_t out_len;
+	int ok = _goboringcrypto_EVP_AEAD_CTX_open(ctx, out, &out_len, exp_out_len,
+		nonce, nonce_len, in, in_len, ad, ad_len);
+	if (out_len != exp_out_len) {
+		return 0;
+	}
+	return ok;
+};
+
+*/
 import "C"
 import (
 	"crypto/cipher"
@@ -289,20 +324,17 @@ func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
 		panic("cipher: invalid buffer overlap")
 	}
 
-	var outLen C.size_t
-	ok := C._goboringcrypto_EVP_AEAD_CTX_seal(
+	outLen := C.size_t(len(plaintext) + gcmTagSize)
+	ok := C.EVP_AEAD_CTX_seal_wrapper(
 		&g.ctx,
-		(*C.uint8_t)(unsafe.Pointer(&dst[n])), &outLen, C.size_t(len(plaintext)+gcmTagSize),
+		(*C.uint8_t)(unsafe.Pointer(&dst[n])), outLen,
 		base(nonce), C.size_t(len(nonce)),
 		base(plaintext), C.size_t(len(plaintext)),
 		base(additionalData), C.size_t(len(additionalData)))
 	runtime.KeepAlive(g)
 	if ok == 0 {
 		panic(fail("EVP_AEAD_CTX_seal"))
 	}
-	if outLen != C.size_t(len(plaintext)+gcmTagSize) {
-		panic("boringcrypto: internal confusion about GCM tag size")
-	}
 	return dst[:n+int(outLen)]
 }
 
@@ -331,20 +363,17 @@ func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, er
 		panic("cipher: invalid buffer overlap")
 	}
 
-	var outLen C.size_t
-	ok := C._goboringcrypto_EVP_AEAD_CTX_open(
+	outLen := C.size_t(len(ciphertext) - gcmTagSize)
+	ok := C.EVP_AEAD_CTX_open_wrapper(
 		&g.ctx,
-		base(dst[n:]), &outLen, C.size_t(len(ciphertext)-gcmTagSize),
+		base(dst[n:]), outLen,
 		base(nonce), C.size_t(len(nonce)),
 		base(ciphertext), C.size_t(len(ciphertext)),
 		base(additionalData), C.size_t(len(additionalData)))
 	runtime.KeepAlive(g)
 	if ok == 0 {
 		return nil, errOpen
 	}
-	if outLen != C.size_t(len(ciphertext)-gcmTagSize) {
-		panic("boringcrypto: internal confusion about GCM tag size")
-	}
 	return dst[:n+int(outLen)], nil
 }