[release-branch.go1.24] all: merge master (e966a27) into release-branch.go1.24

Merge List:

+ 2025-01-08 e966a27 crypto/internal/fips140/drbg: avoid global lock on rand state

Change-Id: I1ca8f6bf2ba14ff3d5c4183a26cbd51ac20dad0a

Author: prattmic

src/crypto/internal/fips140/drbg/rand.go

@@ -13,8 +13,15 @@ import (
 	"sync"
 )
 
-var mu sync.Mutex
-var drbg *Counter
+var drbgs = sync.Pool{
+	New: func() any {
+		var c *Counter
+		entropy.Depleted(func(seed *[48]byte) {
+			c = NewCounter(seed)
+		})
+		return c
+	},
+}
 
 // Read fills b with cryptographically secure random bytes. In FIPS mode, it
 // uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG).
@@ -33,14 +40,8 @@ func Read(b []byte) {
 	additionalInput := new([SeedSize]byte)
 	sysrand.Read(additionalInput[:16])
 
-	mu.Lock()
-	defer mu.Unlock()
-
-	if drbg == nil {
-		entropy.Depleted(func(seed *[48]byte) {
-			drbg = NewCounter(seed)
-		})
-	}
+	drbg := drbgs.Get().(*Counter)
+	defer drbgs.Put(drbg)
 
 	for len(b) > 0 {
 		size := min(len(b), maxRequestSize)

src/crypto/internal/fips140/drbg/rand_test.go

@@ -0,0 +1,27 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package drbg
+
+import (
+	"crypto/internal/fips140"
+	"testing"
+)
+
+func BenchmarkDBRG(b *testing.B) {
+	old := fips140.Enabled
+	defer func() {
+		fips140.Enabled = old
+	}()
+	fips140.Enabled = true
+
+	const N = 64
+	b.SetBytes(N)
+	b.RunParallel(func(pb *testing.PB) {
+		buf := make([]byte, N)
+		for pb.Next() {
+			Read(buf)
+		}
+	})
+}