dagood
commented
1 month ago I wasn't able to repro this with CNG, so the current plan is to leave it as is for 1.23.0.
Closed dagood closed 4 days ago
dagood
commented
1 month ago I wasn't able to repro this with CNG, so the current plan is to leave it as is for 1.23.0.
qmuntal
commented
4 days ago Looks like this doesn't affect the CNG implementation. Closing.
The reproducer at https://github.com/golang-fips/go/issues/187#issuecomment-2145511252 didn't actually hit an issue with the latest microsoft/main (https://github.com/microsoft/go/commit/77f45f8554027fe20fb411b40328192354e58703) with goexperiment=cngcrypto.
(The reproducer does work for me on the same Microsoft Go commit on Linux with goexperiment=opensslcrypto.)
Something similar to the context caching that's done in golang-fips/openssl is the cipher handle being created just once:
https://github.com/microsoft/go-crypto-winnative/blob/ffb1756badd67919b682a0333a5796a95792c169/cng/aes.go#L26-L39
https://github.com/golang-fips/openssl/pull/146/files#diff-42437c18353097be678980396318801f6da7d00408ff840ea22a016e2203d674L162
I'm not sure at this point that we need to make any changes.
/cc @qmuntal @gdams