diff options
| author | Filippo Valsorda <filippo@golang.org> | 2025-09-15 18:58:04 +0200 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-11-26 16:01:17 -0800 |
| commit | 2b8dbb35b0d6a5601ae9b6f1d1de106774251214 (patch) | |
| tree | 23808a88ac3a9bf593bd86428e1449e1d7068957 /src/testing/testing.go | |
| parent | 21ebed0ac0a3f733811bea2355ed85d3b1bf6fbd (diff) | |
| download | go-2b8dbb35b0d6a5601ae9b6f1d1de106774251214.tar.xz | |
crypto,testing/cryptotest: ignore random io.Reader params, add SetGlobalRandom
First, we centralize all random bytes generation through drbg.Read. The
rest of the FIPS 140-3 module can't use external functions anyway, so
drbg.Read needs to have all the logic.
Then, make sure that the crypto/... tree uses drbg.Read (or the new
crypto/internal/rand.Reader wrapper) instead of crypto/rand, so it is
unaffected by applications setting crypto/rand.Reader.
Next, pass all unspecified random io.Reader parameters through the new
crypto/internal/rand.CustomReader, which just redirects to drbg.Read
unless GODEBUG=cryptocustomrand=1 is set. Move all the calls to
MaybeReadByte there, since it's only needed for these custom Readers.
Finally, add testing/cryptotest.SetGlobalRandom which sets
crypto/rand.Reader to a locked deterministic source and overrides
drbg.Read. This way SetGlobalRandom should affect all cryptographic
randomness in the standard library.
Fixes #70942
Co-authored-by: qiulaidongfeng <2645477756@qq.com>
Change-Id: I6a6a69641311d9fac318abcc6d79677f0e406100
Reviewed-on: https://go-review.googlesource.com/c/go/+/724480
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'src/testing/testing.go')
| -rw-r--r-- | src/testing/testing.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/testing/testing.go b/src/testing/testing.go index 0d1d08ca89..34b45b41b9 100644 --- a/src/testing/testing.go +++ b/src/testing/testing.go @@ -1749,7 +1749,7 @@ func pcToName(pc uintptr) string { return frame.Function } -const parallelConflict = `testing: test using t.Setenv or t.Chdir can not use t.Parallel` +const parallelConflict = `testing: test using t.Setenv, t.Chdir, or cryptotest.SetGlobalRandom can not use t.Parallel` // Parallel signals that this test is to be run in parallel with (and only with) // other parallel tests. When a test is run multiple times due to use of @@ -1820,6 +1820,13 @@ func (t *T) Parallel() { t.lastRaceErrors.Store(int64(race.Errors())) } +// checkParallel is called by [testing/cryptotest.SetGlobalRandom]. +// +//go:linkname checkParallel testing.checkParallel +func checkParallel(t *T) { + t.checkParallel() +} + func (t *T) checkParallel() { // Non-parallel subtests that have parallel ancestors may still // run in parallel with other tests: they are only non-parallel |