From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 8 Oct 2025 11:30:34 +0000 (+0200)
Subject: crypto/internal/fips140/entropy: fix benign race
X-Git-Tag: go1.26rc1~628
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=f6b9d56affb75103507f2b6ed4ffa98ca899b39d;p=gostls13.git

crypto/internal/fips140/entropy: fix benign race

Fixes #75690
Fixes #75842

Change-Id: I6a6a696420f51f28f48535c34cf347e2cbd4add5
Reviewed-on: https://go-review.googlesource.com/c/go/+/710058
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---

diff --git a/src/crypto/internal/fips140/entropy/entropy.go b/src/crypto/internal/fips140/entropy/entropy.go
index 273f05c817..f5b2f53752 100644
--- a/src/crypto/internal/fips140/entropy/entropy.go
+++ b/src/crypto/internal/fips140/entropy/entropy.go
@@ -123,7 +123,9 @@ func (s *source) Sample() uint8 {
 	// Perform a few memory accesses in an unpredictable pattern to expose the
 	// next measurement to as much system noise as possible.
 	memory, lcgState := s.memory, s.lcgState
-	_ = memory[0] // hoist the nil check out of touchMemory
+	if memory == nil { // remove the nil check from the inlined touchMemory calls
+		panic("entropy: nil memory buffer")
+	}
 	for range 64 {
 		lcgState = 1664525*lcgState + 1013904223
 		// Discard the lower bits, which tend to fall into short cycles.
diff --git a/src/crypto/internal/fips140test/entropy_test.go b/src/crypto/internal/fips140test/entropy_test.go
index ef6909efba..a33e2e7bbc 100644
--- a/src/crypto/internal/fips140test/entropy_test.go
+++ b/src/crypto/internal/fips140test/entropy_test.go
@@ -241,7 +241,7 @@ func TestEntropyUnchanged(t *testing.T) {
 	// entropy source through the Entropy Source Validation program,
 	// independently of the FIPS 140-3 module. It must not change even across
 	// FIPS 140-3 module versions, in order to reuse the ESV certificate.
-	exp := "1b68d4c091ef66c6006602e4ed3ac10f8a82ad193708ec99d63b145e3baa3e6c"
+	exp := "2541273241ae8aafe55026328354ed3799df1e2fb308b2097833203a42911b53"
 	if got := hex.EncodeToString(h.Sum(nil)); got != exp {
 		t.Errorf("hash of crypto/internal/fips140/entropy = %s, want %s", got, exp)
 	}
@@ -249,12 +249,12 @@ func TestEntropyUnchanged(t *testing.T) {
 
 func TestEntropyRace(t *testing.T) {
 	// Check that concurrent calls to Seed don't trigger the race detector.
-	for range 2 {
+	for range 16 {
 		go func() {
 			_, _ = entropy.Seed(&memory)
 		}()
 	}
-	// Same, with the higher-level DRBG. More concurrent calls to hit the Pool.
+	// Same, with the higher-level DRBG.
 	for range 16 {
 		go func() {
 			var b [64]byte