Skip to content

crypto/cipher: document that GCM AEADs are safe for concurrent use#80341

Open
soreavis wants to merge 1 commit into
golang:masterfrom
soreavis:gcm-concurrency-doc
Open

crypto/cipher: document that GCM AEADs are safe for concurrent use#80341
soreavis wants to merge 1 commit into
golang:masterfrom
soreavis:gcm-concurrency-doc

Conversation

@soreavis

@soreavis soreavis commented Jul 9, 2026

Copy link
Copy Markdown

The AEAD returned by NewGCM keeps no mutable state after construction:
Seal and Open read only the key material and tables set up at
construction time and write only to the destination and stack-local
buffers. It is therefore safe for concurrent use whenever the
underlying cipher.Block is, as is the case for the Block returned by
aes.NewCipher.

Note that through the legacy gcmAble hook a Block can supply its own
AEAD implementation, whose concurrency behavior this package cannot
guarantee; the hook is unexported and slated for removal, so the
wording treats concurrency safety as a requirement on such
implementations.

Document this on NewGCM, and add a test that shares one AEAD across
goroutines running Seal and Open round-trips with distinct nonces, so
the race detector can check the property. The test covers the AES and
fallback implementations via testAllImplementations.

Fixes #41689

The AEAD returned by NewGCM keeps no mutable state after construction:
Seal and Open read only the key material and tables set up at
construction time and write only to the destination and stack-local
buffers. It is therefore safe for concurrent use whenever the
underlying cipher.Block is, as is the case for the Block returned by
aes.NewCipher.

Note that through the legacy gcmAble hook a Block can supply its own
AEAD implementation, whose concurrency behavior this package cannot
guarantee; the hook is unexported and slated for removal, so the
wording treats concurrency safety as a requirement on such
implementations.

Document this on NewGCM, and add a test that shares one AEAD across
goroutines running Seal and Open round-trips with distinct nonces, so
the race detector can check the property. The test covers the AES and
fallback implementations via testAllImplementations.

Fixes golang#41689
@gopherbot

Copy link
Copy Markdown
Contributor

This PR (HEAD: fcdbeb0) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/799066.

Important tips:

  • Don't comment on this PR. All discussion takes place in Gerrit.
  • You need a Gmail or other Google account to log in to Gerrit.
  • To change your code in response to feedback:
    • Push a new commit to the branch used by your GitHub PR.
    • A new "patch set" will then appear in Gerrit.
    • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
    • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
    • Multiple commits in the PR will be squashed by GerritBot.
  • The title and description of the GitHub PR are used to construct the final commit message.
    • Edit these as needed via the GitHub web interface (not via Gerrit or git).
    • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
  • See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

crypto: document that the GCM AEADs are safe for concurrent use if the underlying cipher.Block is

2 participants