Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

math/rand (or crypto/rsa): non-deterministic output after go1.11.2 #29290

Closed
lukateras opened this issue Dec 16, 2018 · 2 comments
Closed

math/rand (or crypto/rsa): non-deterministic output after go1.11.2 #29290

lukateras opened this issue Dec 16, 2018 · 2 comments
Labels
FrozenDueToAge

Comments

@lukateras
Copy link

lukateras commented Dec 16, 2018
edited
Loading

What version of Go are you using (go version)?

# Both versions are affected:
$ go version
go version go1.11.2 linux/amd64
$ go version
go version go1.11.4 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/yegortimoshenko/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/yegortimoshenko/.local/share/go:/nix/store/yh6p6ky7w2nfa64r3r7vhr5d5s1p87bk-go-1.11.2/share/go"
GOPROXY=""
GORACE=""
GOROOT="/nix/store/yh6p6ky7w2nfa64r3r7vhr5d5s1p87bk-go-1.11.2/share/go"
GOTMPDIR=""
GOTOOLDIR="/nix/store/yh6p6ky7w2nfa64r3r7vhr5d5s1p87bk-go-1.11.2/share/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/run/user/1000/go-build002404125=/tmp/go-build -gno-record-gcc-switches"

What did you do?

https://play.golang.org/p/v9ajjMHKx5M

What did you expect to see?

Consistent output between invocations, across all platforms.

What did you see instead?

When I run this program built locally with go1.11.2 or go1.11.4, I'm sometimes getting 1810a846745d4bc329c923c76786416d75dbd711eb369a824ebcff3078d22519, sometimes b2d4c5a6c6683cab81962ba61e71a2dec2869ce947078958413b686a0ca48c7f.

When I run this program built locally with go1.10.3, I'm always getting 1810a846745d4bc329c923c76786416d75dbd711eb369a824ebcff3078d22519.

When I run this program on play.golang.org, I'm always getting b2d4c5a6c6683cab81962ba61e71a2dec2869ce947078958413b686a0ca48c7f.

Additional notes

Creating a wrapped Source that locks and unlocks mutex on each Source.Int63() call doesn't resolve the issue: https://play.golang.org/p/JgJ4kM3UjY8

This is not specific to PRNG implementation, either. When I replace math/rand Source PRNG with PCG RNG, the issue still persists.

Some invocations seem to consume more RNG values, as seen in this example: https://play.golang.org/p/W1bTSIb5FYD (always 426 on play.golang.org, always 206 on go1.10.3, 206 or 426 on go1.11.2 and go1.11.4).
@magical
Copy link
Contributor

magical commented Dec 16, 2018

I believe this is intentional. From the Go 1.11 release notes:

Certain crypto operations, including ecdsa.Sign, rsa.EncryptPKCS1v15 and rsa.GenerateKey, now randomly read an extra byte of randomness to ensure tests don't rely on internal behavior.

See also #21915

@lukateras
Copy link
Author

You are right, thanks.

@anthonyfok anthonyfok mentioned this issue Jan 1, 2019
Closed
@golang golang locked and limited conversation to collaborators Dec 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@magical @lukateras @gopherbot