Change 'try_sign' to pub in ED25519 module (#832)

* Make 'try_sign' pub in ED25519

 - to allow users to sign using ed25519 without risking a
   panic, try_sign is made pub again.

Signed-of-by: Elena Gantner <[email protected]>

* Update aws-lc-rs/src/ed25519.rs

Add a note that try_sign should also not be used for FIPS.

* Fix clippy; update external test to use try_sign

---------

Co-authored-by: Andrew Hopkins <[email protected]>
Co-authored-by: Justin Smith <[email protected]>

Author: 3 people

aws-lc-rs/src/ed25519.rs

@@ -402,8 +402,15 @@ impl Ed25519KeyPair {
         Self::try_sign(self, msg).expect("ED25519 signing failed")
     }
 
+    /// Returns the signature of the message `msg`.
+    ///
+    // # FIPS
+    // This method must not be used.
+    //
+    /// # Errors
+    /// Returns `error::Unspecified` if the signing operation fails.
     #[inline]
-    fn try_sign(&self, msg: &[u8]) -> Result<Signature, Unspecified> {
+    pub fn try_sign(&self, msg: &[u8]) -> Result<Signature, Unspecified> {
         let sig_bytes = self.evp_pkey.sign(msg, None, No_EVP_PKEY_CTX_consumer)?;
 
         Ok(Signature::new(|slice| {

aws-lc-rs/tests/ed25519_tests.rs

@@ -32,7 +32,7 @@ fn test_signature_ed25519() {
             let expected_sig = test_case.consume_bytes("SIG");
 
             let key_pair = Ed25519KeyPair::from_seed_unchecked(&seed).unwrap();
-            let actual_sig = key_pair.sign(&msg);
+            let actual_sig = key_pair.try_sign(&msg)?;
             assert_eq!(&expected_sig[..], actual_sig.as_ref());
 
             let key_pair = Ed25519KeyPair::from_seed_and_public_key(&seed, &public_key).unwrap();