Skip to content

Prevent RandReader.Read argument from escaping to the heap #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 11, 2024
Merged

Prevent RandReader.Read argument from escaping to the heap #202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e5661bc
prevent RandReader.Read argument from escaping to the heap
qmuntal Oct 8, 2024
a85271b
Apply suggestions from code review
qmuntal Oct 10, 2024
69fa2ee
code review feedback
qmuntal Oct 10, 2024
7be4d35
Update cgo_go124.go
dagood Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions cgo_go124.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
//go:build go1.24 && !cmd_go_bootstrap

package openssl

// The following noescape and nocallback directives are used to prevent the Go
// compiler from allocating function parameters on the heap. See
// https://github.com/golang/go/blob/0733682e5ff4cd294f5eccb31cbe87a543147bc6/src/cmd/cgo/doc.go#L439-L461
//
// If possible, write a C wrapper function to optimize a call rather than using
// this feature so the optimization will work for all supported Go versions.
//
// This is just a performance optimization. Only add functions that have been
// observed to benefit from these directives, not every function that is merely
// expected to meet the noescape/nocallback criteria.

// #cgo noescape go_openssl_RAND_bytes
// #cgo nocallback go_openssl_RAND_bytes
import "C"
13 changes: 13 additions & 0 deletions openssl_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,19 @@ package openssl_test

import (
"fmt"
"go/version"
"os"
"runtime"
"strings"
"testing"
"time"

"github.com/golang-fips/openssl/v2"
)

// sink is used to prevent the compiler from optimizing out the allocations.
var sink uint8

// getVersion returns the OpenSSL version to use for testing.
func getVersion() string {
v := os.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
Expand Down Expand Up @@ -78,3 +83,11 @@ func TestCheckVersion(t *testing.T) {
t.Fatalf("FIPS mismatch: want %v, got %v", want, fips)
}
}

// compareCurrentVersion compares v with [runtime.Version].
// See [go/versions.Compare] for information about
// v format and comparison rules.
func compareCurrentVersion(v string) int {
ver := strings.TrimPrefix(runtime.Version(), "devel ")
return version.Compare(ver, v)
}
2 changes: 0 additions & 2 deletions pbkdf2_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,6 @@ func TestWithUnsupportedHash(t *testing.T) {
}
}

var sink uint8

func benchmark(b *testing.B, h func() hash.Hash) {
password := make([]byte, h().Size())
salt := make([]byte, 8)
Expand Down
17 changes: 17 additions & 0 deletions rand_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,20 @@ func TestRand(t *testing.T) {
t.Fatal(err)
}
}

func TestAllocations(t *testing.T) {
n := int(testing.AllocsPerRun(10, func() {
buf := make([]byte, 32)
openssl.RandReader.Read(buf)
sink ^= buf[0]
}))
want := 1
if compareCurrentVersion("go1.24") >= 0 {
// The go1.24 compiler is able to optimize the allocation away.
// See cgo_go124.go for more information.
want = 0
}
if n > want {
t.Errorf("allocs = %d, want %d", n, want)
}
}
Loading