Skip to content

runtime: store per-goroutine FIPS service indicator #69911

New issue
New issue
Closed
Closed
runtime: store per-goroutine FIPS service indicator#69911
Assignees
FiloSottile
Labels
NeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.compiler/runtimeIssues related to the Go compiler and/or runtime.
Milestone
Go1.24
@FiloSottile

Description

@FiloSottile
FiloSottile
opened on Oct 16, 2024

As part of #69536 we have to store something called a "service indicator" which is annoyingly and somewhat rigidly regulated.

Essentially, we need to keep a bit of state that's per-goroutine so that the module consumer (the standard library) can theoretically access it. This will be used to record whether the cryptographic operations performed by a goroutine since the last check were approved or not. For now we don't need to make any external API for it.

@golang/runtime, is it ok to add a uint8 to the g and push setter and getter functions with linkname to crypto/internal/fips? I don't know how to assess the cost of an extra byte on the g. Should we build tag it out of non-FIPS builds?

/cc @cpu @rolandshoemaker

Metadata

Metadata

Assignees

Labels

NeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.compiler/runtimeIssues related to the Go compiler and/or runtime.

Type

No type

Projects

Go Compiler / Runtime

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions