Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/internal/fips140/drbg: remove global lock #71155

Closed
rsc opened this issue Jan 7, 2025 · 1 comment
Closed

crypto/internal/fips140/drbg: remove global lock #71155

rsc opened this issue Jan 7, 2025 · 1 comment
Labels
BugReport Issues describing a possible bug in the Go implementation. FixPending Issues that have a fix which has not yet been reviewed or submitted. NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Milestone
Go1.24

Comments

@rsc
Copy link
Contributor

rsc commented Jan 7, 2025

There is still a global lock in the drbg package, so that crypto/rand.Read during fips mode will have significantly more contention than without. Worse, the code is inside the fips140 boundary, meaning it will take years for any change made after the release to be recertified and propagate out into actual (fips140) usage.

I believe we should change the drbg state to be per-P, before the release. This only affects the fips140 code path, not ordinary programs running in the default (non-fips140) mode, so it should be fairly low risk.

I will look into doing this.

/cc @FiloSottile
@rsc rsc added this to the Go1.24 milestone Jan 7, 2025
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/641097 mentions this issue: crypto/internal/fips140/drbg: avoid global lock on rand state

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. FixPending Issues that have a fix which has not yet been reviewed or submitted. labels Jan 7, 2025
@gabyhelp gabyhelp added the BugReport Issues describing a possible bug in the Go implementation. label Jan 7, 2025
wyf9661 pushed a commit to wyf9661/go that referenced this issue Jan 21, 2025
@rsc @wyf9661
crypto/internal/fips140/drbg: avoid global lock on rand state
19aaef3 
Having a global lock on the random state (used only in FIPS-140 mode)
introduces contention in concurrent programs. Use an approximately
per-P random state instead, using sync.Pool to manage per-P state.

This code is important to land for the Go 1.24 release because it is
part of the FIPS-140 module that will be validated and certified,
so it will live for a long time. We otherwise wouldn't be able to
correct this contention for at least a year, perhaps more.

At the same time, the code is only used in the FIPS-140 mode,
so there is no risk to normal programs.

Fixes golang#71155.

Change-Id: I6b779f15ddfdf232f608f5cda08f75906e58114f
Reviewed-on: https://go-review.googlesource.com/c/go/+/641097
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BugReport Issues describing a possible bug in the Go implementation. FixPending Issues that have a fix which has not yet been reviewed or submitted. NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Projects
None yet
Milestone
Go1.24
Development

No branches or pull requests
4 participants
@rsc @dmitshur @gopherbot @gabyhelp