gopherbot
commented
6 days ago Change https://go.dev/cl/620795 mentions this issue: crypto/internal/fips: add service indicator mechanism
Open FiloSottile opened 1 week ago
gopherbot
commented
6 days ago Change https://go.dev/cl/620795 mentions this issue: crypto/internal/fips: add service indicator mechanism
FiloSottile
commented
6 days ago There's a concrete proposal at https://go.dev/cl/620795, but I'd like guidance from @golang/runtime if that's the right way to go about it. I found some padding in the g struct to store the value in.
gabyhelp
commented
6 days ago Related Issues and Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
randall77
commented
6 days ago I think a uint8 in every G seems reasonable. (Aside: we need to bundle booleans in the G into a bitset, so we would only need 1 bit, not 1 byte.)
As part of #69536 we have to store something called a "service indicator" which is annoyingly and somewhat rigidly regulated.
Essentially, we need to keep a bit of state that's per-goroutine so that the module consumer (the standard library) can theoretically access it. This will be used to record whether the cryptographic operations performed by a goroutine since the last check were approved or not. For now we don't need to make any external API for it.
@golang/runtime, is it ok to add a uint8 to the g and push setter and getter functions with linkname to crypto/internal/fips? I don't know how to assess the cost of an extra byte on the g. Should we build tag it out of non-FIPS builds?
/cc @cpu @rolandshoemaker