1 files changed, 42 insertions, 0 deletions

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index 02848fd595..a3fa743e66 100644
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -21,11 +21,13 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/elliptic"
+	"crypto/internal/boring"
 	"crypto/sha512"
 	"encoding/asn1"
 	"errors"
 	"io"
 	"math/big"
+	"sync/atomic"
 )
 
 // A invertible implements fast inverse mod Curve.Params().N
@@ -47,12 +49,16 @@ const (
 type PublicKey struct {
 	elliptic.Curve
 	X, Y *big.Int
+
+	boring atomic.Value
 }
 
 // PrivateKey represents a ECDSA private key.
 type PrivateKey struct {
 	PublicKey
 	D *big.Int
+
+	boring atomic.Value
 }
 
 type ecdsaSignature struct {
@@ -69,6 +75,15 @@ func (priv *PrivateKey) Public() crypto.PublicKey {
 // hardware module. Common uses should use the Sign function in this package
 // directly.
 func (priv *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
+	if boring.Enabled && rand == boring.RandReader {
+		b, err := boringPrivateKey(priv)
+		if err != nil {
+			return nil, err
+		}
+		return boring.SignMarshalECDSA(b, msg)
+	}
+	boring.UnreachableExceptTests()
+
 	r, s, err := Sign(rand, priv, msg)
 	if err != nil {
 		return nil, err
@@ -98,6 +113,15 @@ func randFieldElement(c elliptic.Curve, rand io.Reader) (k *big.Int, err error)
 
 // GenerateKey generates a public and private key pair.
 func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) {
+	if boring.Enabled && rand == boring.RandReader {
+		x, y, d, err := boring.GenerateKeyECDSA(c.Params().Name)
+		if err != nil {
+			return nil, err
+		}
+		return &PrivateKey{PublicKey: PublicKey{Curve: c, X: x, Y: y}, D: d}, nil
+	}
+	boring.UnreachableExceptTests()
+
 	k, err := randFieldElement(c, rand)
 	if err != nil {
 		return nil, err
@@ -149,6 +173,15 @@ var errZeroParam = errors.New("zero parameter")
 // returns the signature as a pair of integers. The security of the private key
 // depends on the entropy of rand.
 func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
+	if boring.Enabled && rand == boring.RandReader {
+		b, err := boringPrivateKey(priv)
+		if err != nil {
+			return nil, nil, err
+		}
+		return boring.SignECDSA(b, hash)
+	}
+	boring.UnreachableExceptTests()
+
 	// Get min(log2(q) / 2, 256) bits of entropy from rand.
 	entropylen := (priv.Curve.Params().BitSize + 7) / 16
 	if entropylen > 32 {
@@ -225,6 +258,15 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
 // Verify verifies the signature in r, s of hash using the public key, pub. Its
 // return value records whether the signature is valid.
 func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
+	if boring.Enabled {
+		b, err := boringPublicKey(pub)
+		if err != nil {
+			return false
+		}
+		return boring.VerifyECDSA(b, hash, r, s)
+	}
+	boring.UnreachableExceptTests()
+
 	// See [NSA] 3.4.2
 	c := pub.Curve
 	N := c.Params().N