Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Mon, 15 Sep 2025 16:58:04 +0000 (18:58 +0200)
committer	Gopher Robot <gobot@golang.org>
	Thu, 27 Nov 2025 00:01:17 +0000 (16:01 -0800)
commit	2b8dbb35b0d6a5601ae9b6f1d1de106774251214
tree	23808a88ac3a9bf593bd86428e1449e1d7068957	tree
parent	21ebed0ac0a3f733811bea2355ed85d3b1bf6fbd	commit \| diff

crypto,testing/cryptotest: ignore random io.Reader params, add SetGlobalRandom

First, we centralize all random bytes generation through drbg.Read. The
rest of the FIPS 140-3 module can't use external functions anyway, so
drbg.Read needs to have all the logic.

Then, make sure that the crypto/... tree uses drbg.Read (or the new
crypto/internal/rand.Reader wrapper) instead of crypto/rand, so it is
unaffected by applications setting crypto/rand.Reader.

Next, pass all unspecified random io.Reader parameters through the new
crypto/internal/rand.CustomReader, which just redirects to drbg.Read
unless GODEBUG=cryptocustomrand=1 is set. Move all the calls to
MaybeReadByte there, since it's only needed for these custom Readers.

Finally, add testing/cryptotest.SetGlobalRandom which sets
crypto/rand.Reader to a locked deterministic source and overrides
drbg.Read. This way SetGlobalRandom should affect all cryptographic
randomness in the standard library.

Fixes #70942

Co-authored-by: qiulaidongfeng <2645477756@qq.com>
Change-Id: I6a6a69641311d9fac318abcc6d79677f0e406100
Reviewed-on: https://go-review.googlesource.com/c/go/+/724480
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

api/next/70942.txt	[new file with mode: 0644]	blob
doc/godebug.md		diff \| blob \| history
doc/next/6-stdlib/99-minor/crypto/dsa/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/crypto/ecdh/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/crypto/ecdsa/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/crypto/ed25519/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/crypto/rand/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/crypto/rsa/70924.md	[new file with mode: 0644]	blob
doc/next/6-stdlib/99-minor/testing/cryptotest/70942.md	[new file with mode: 0644]	blob
src/crypto/dsa/dsa.go		diff \| blob \| history
src/crypto/ecdh/ecdh.go		diff \| blob \| history
src/crypto/ecdh/nist.go		diff \| blob \| history
src/crypto/ecdh/x25519.go		diff \| blob \| history
src/crypto/ecdsa/ecdsa.go		diff \| blob \| history
src/crypto/ecdsa/ecdsa_legacy.go		diff \| blob \| history
src/crypto/ed25519/ed25519.go		diff \| blob \| history
src/crypto/hpke/kem.go		diff \| blob \| history
src/crypto/hpke/pq.go		diff \| blob \| history
src/crypto/internal/fips140/drbg/rand.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/pkcs1v22.go		diff \| blob \| history
src/crypto/internal/rand/rand.go	[new file with mode: 0644]	blob
src/crypto/internal/rand/rand_fipsv1.0.go	[new file with mode: 0644]	blob
src/crypto/internal/rand/rand_fipsv2.0.go	[new file with mode: 0644]	blob
src/crypto/internal/sysrand/rand.go		diff \| blob \| history
src/crypto/mlkem/mlkem.go		diff \| blob \| history
src/crypto/rand/rand.go		diff \| blob \| history
src/crypto/rand/util.go		diff \| blob \| history
src/crypto/rsa/pkcs1v15.go		diff \| blob \| history
src/crypto/rsa/rsa.go		diff \| blob \| history
src/crypto/tls/handshake_test.go		diff \| blob \| history
src/go/build/deps_test.go		diff \| blob \| history
src/internal/godebugs/table.go		diff \| blob \| history
src/runtime/metrics/doc.go		diff \| blob \| history
src/testing/cryptotest/rand.go	[new file with mode: 0644]	blob
src/testing/cryptotest/rand_test.go	[new file with mode: 0644]	blob
src/testing/testing.go		diff \| blob \| history