runtime: store per-goroutine FIPS service indicator #69911
Labels
compiler/runtime
Issues related to the Go compiler and/or runtime.
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
As part of #69536 we have to store something called a "service indicator" which is annoyingly and somewhat rigidly regulated.
Essentially, we need to keep a bit of state that's per-goroutine so that the module consumer (the standard library) can theoretically access it. This will be used to record whether the cryptographic operations performed by a goroutine since the last check were approved or not. For now we don't need to make any external API for it.
@golang/runtime, is it ok to add a uint8 to the g and push setter and getter functions with linkname to crypto/internal/fips? I don't know how to assess the cost of an extra byte on the g. Should we build tag it out of non-FIPS builds?
/cc @cpu @rolandshoemaker
The text was updated successfully, but these errors were encountered: