6 files changed, 63 insertions, 57 deletions

diff --git a/src/crypto/internal/boring/bbig/big.go b/src/crypto/internal/boring/bbig/big.go
new file mode 100644
index 00000000000..5ce46972b31
--- /dev/null
+++ b/src/crypto/internal/boring/bbig/big.go
@@ -0,0 +1,33 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bbig
+
+import (
+	"crypto/internal/boring"
+	"math/big"
+	"unsafe"
+)
+
+func Enc(b *big.Int) boring.BigInt {
+	if b == nil {
+		return nil
+	}
+	x := b.Bits()
+	if len(x) == 0 {
+		return boring.BigInt{}
+	}
+	return unsafe.Slice((*uint)(&x[0]), len(x))
+}
+
+func Dec(b boring.BigInt) *big.Int {
+	if b == nil {
+		return nil
+	}
+	if len(b) == 0 {
+		return new(big.Int)
+	}
+	x := unsafe.Slice((*big.Word)(&b[0]), len(b))
+	return new(big.Int).SetBits(x)
+}
diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go
index dd9eac569b8..d46166e4e16 100644
--- a/src/crypto/internal/boring/boring.go
+++ b/src/crypto/internal/boring/boring.go
@@ -17,7 +17,6 @@ import "C"
 import (
 	"crypto/internal/boring/sig"
 	_ "crypto/internal/boring/syso"
-	"math/big"
 	"math/bits"
 	"unsafe"
 )
@@ -60,7 +59,7 @@ type fail string
 
 func (e fail) Error() string { return "boringcrypto: " + string(e) + " failed" }
 
-func wbase(b []big.Word) *C.uint8_t {
+func wbase(b BigInt) *C.uint8_t {
 	if len(b) == 0 {
 		return nil
 	}
@@ -69,20 +68,19 @@ func wbase(b []big.Word) *C.uint8_t {
 
 const wordBytes = bits.UintSize / 8
 
-func bigToBN(x *big.Int) *C.GO_BIGNUM {
-	raw := x.Bits()
-	return C._goboringcrypto_BN_le2bn(wbase(raw), C.size_t(len(raw)*wordBytes), nil)
+func bigToBN(x BigInt) *C.GO_BIGNUM {
+	return C._goboringcrypto_BN_le2bn(wbase(x), C.size_t(len(x)*wordBytes), nil)
 }
 
-func bnToBig(bn *C.GO_BIGNUM) *big.Int {
-	raw := make([]big.Word, (C._goboringcrypto_BN_num_bytes(bn)+wordBytes-1)/wordBytes)
-	if C._goboringcrypto_BN_bn2le_padded(wbase(raw), C.size_t(len(raw)*wordBytes), bn) == 0 {
+func bnToBig(bn *C.GO_BIGNUM) BigInt {
+	x := make(BigInt, (C._goboringcrypto_BN_num_bytes(bn)+wordBytes-1)/wordBytes)
+	if C._goboringcrypto_BN_bn2le_padded(wbase(x), C.size_t(len(x)*wordBytes), bn) == 0 {
 		panic("boringcrypto: bignum conversion failed")
 	}
-	return new(big.Int).SetBits(raw)
+	return x
 }
 
-func bigToBn(bnp **C.GO_BIGNUM, b *big.Int) bool {
+func bigToBn(bnp **C.GO_BIGNUM, b BigInt) bool {
 	if *bnp != nil {
 		C._goboringcrypto_BN_free(*bnp)
 		*bnp = nil
diff --git a/src/crypto/internal/boring/doc.go b/src/crypto/internal/boring/doc.go
index 64f41e3c823..6060fe5951a 100644
--- a/src/crypto/internal/boring/doc.go
+++ b/src/crypto/internal/boring/doc.go
@@ -12,3 +12,8 @@ package boring
 //
 // BoringCrypto is only available on linux/amd64 systems.
 const Enabled = available
+
+// A BigInt is the raw words from a BigInt.
+// This definition allows us to avoid importing math/big.
+// Conversion between BigInt and *big.Int is in crypto/internal/boring/bbig.
+type BigInt []uint
diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go
index 20612e6a2c0..884c4b746d2 100644
--- a/src/crypto/internal/boring/ecdsa.go
+++ b/src/crypto/internal/boring/ecdsa.go
@@ -10,15 +10,13 @@ package boring
 // #include "goboringcrypto.h"
 import "C"
 import (
-	"encoding/asn1"
 	"errors"
-	"math/big"
 	"runtime"
 	"unsafe"
 )
 
 type ecdsaSignature struct {
-	R, S *big.Int
+	R, S BigInt
 }
 
 type PrivateKeyECDSA struct {
@@ -53,7 +51,7 @@ func curveNID(curve string) (C.int, error) {
 	return 0, errUnknownCurve
 }
 
-func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
+func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) {
 	key, err := newECKey(curve, X, Y)
 	if err != nil {
 		return nil, err
@@ -67,7 +65,7 @@ func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
 	return k, nil
 }
 
-func newECKey(curve string, X, Y *big.Int) (*C.GO_EC_KEY, error) {
+func newECKey(curve string, X, Y BigInt) (*C.GO_EC_KEY, error) {
 	nid, err := curveNID(curve)
 	if err != nil {
 		return nil, err
@@ -100,7 +98,7 @@ func newECKey(curve string, X, Y *big.Int) (*C.GO_EC_KEY, error) {
 	return key, nil
 }
 
-func NewPrivateKeyECDSA(curve string, X, Y *big.Int, D *big.Int) (*PrivateKeyECDSA, error) {
+func NewPrivateKeyECDSA(curve string, X, Y BigInt, D BigInt) (*PrivateKeyECDSA, error) {
 	key, err := newECKey(curve, X, Y)
 	if err != nil {
 		return nil, err
@@ -123,22 +121,6 @@ func NewPrivateKeyECDSA(curve string, X, Y *big.Int, D *big.Int) (*PrivateKeyECD
 	return k, nil
 }
 
-func SignECDSA(priv *PrivateKeyECDSA, hash []byte) (r, s *big.Int, err error) {
-	// We could use ECDSA_do_sign instead but would need to convert
-	// the resulting BIGNUMs to *big.Int form. If we're going to do a
-	// conversion, converting the ASN.1 form is more convenient and
-	// likely not much more expensive.
-	sig, err := SignMarshalECDSA(priv, hash)
-	if err != nil {
-		return nil, nil, err
-	}
-	var esig ecdsaSignature
-	if _, err := asn1.Unmarshal(sig, &esig); err != nil {
-		return nil, nil, err
-	}
-	return esig.R, esig.S, nil
-}
-
 func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
 	size := C._goboringcrypto_ECDSA_size(priv.key)
 	sig := make([]byte, size)
@@ -150,20 +132,13 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
 	return sig[:sigLen], nil
 }
 
-func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, r, s *big.Int) bool {
-	// We could use ECDSA_do_verify instead but would need to convert
-	// r and s to BIGNUM form. If we're going to do a conversion, marshaling
-	// to ASN.1 is more convenient and likely not much more expensive.
-	sig, err := asn1.Marshal(ecdsaSignature{r, s})
-	if err != nil {
-		return false
-	}
+func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool {
 	ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), pub.key) != 0
 	runtime.KeepAlive(pub)
 	return ok
 }
 
-func GenerateKeyECDSA(curve string) (X, Y, D *big.Int, err error) {
+func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) {
 	nid, err := curveNID(curve)
 	if err != nil {
 		return nil, nil, nil, err
diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go
index df165885849..bb88fb00048 100644
--- a/src/crypto/internal/boring/notboring.go
+++ b/src/crypto/internal/boring/notboring.go
@@ -12,7 +12,6 @@ import (
 	"crypto/cipher"
 	"crypto/internal/boring/sig"
 	"hash"
-	"math/big"
 )
 
 const available = false
@@ -55,22 +54,19 @@ func NewAESCipher(key []byte) (cipher.Block, error) { panic("boringcrypto: not a
 type PublicKeyECDSA struct{ _ int }
 type PrivateKeyECDSA struct{ _ int }
 
-func GenerateKeyECDSA(curve string) (X, Y, D *big.Int, err error) {
+func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) {
 	panic("boringcrypto: not available")
 }
-func NewPrivateKeyECDSA(curve string, X, Y, D *big.Int) (*PrivateKeyECDSA, error) {
+func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) {
 	panic("boringcrypto: not available")
 }
-func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
-	panic("boringcrypto: not available")
-}
-func SignECDSA(priv *PrivateKeyECDSA, hash []byte) (r, s *big.Int, err error) {
+func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) {
 	panic("boringcrypto: not available")
 }
 func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
 	panic("boringcrypto: not available")
 }
-func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, r, s *big.Int) bool {
+func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool {
 	panic("boringcrypto: not available")
 }
 
@@ -95,13 +91,13 @@ func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
 func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
 	panic("boringcrypto: not available")
 }
-func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) {
 	panic("boringcrypto: not available")
 }
-func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) (*PrivateKeyRSA, error) {
+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) {
 	panic("boringcrypto: not available")
 }
-func NewPublicKeyRSA(N, E *big.Int) (*PublicKeyRSA, error) { panic("boringcrypto: not available") }
+func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) { panic("boringcrypto: not available") }
 func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) {
 	panic("boringcrypto: not available")
 }
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index 642287709e5..64c83c21c5b 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -14,14 +14,13 @@ import (
 	"crypto/subtle"
 	"errors"
 	"hash"
-	"math/big"
 	"runtime"
 	"strconv"
 	"unsafe"
 )
 
-func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
-	bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) {
+	bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) {
 		return nil, nil, nil, nil, nil, nil, nil, nil, e
 	}
 
@@ -47,7 +46,7 @@ type PublicKeyRSA struct {
 	_key *C.GO_RSA
 }
 
-func NewPublicKeyRSA(N, E *big.Int) (*PublicKeyRSA, error) {
+func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) {
 	key := C._goboringcrypto_RSA_new()
 	if key == nil {
 		return nil, fail("RSA_new")
@@ -78,7 +77,7 @@ type PrivateKeyRSA struct {
 	_key *C.GO_RSA
 }
 
-func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) (*PrivateKeyRSA, error) {
+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) {
 	key := C._goboringcrypto_RSA_new()
 	if key == nil {
 		return nil, fail("RSA_new")