-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrand.go
77 lines (67 loc) · 2.03 KB
/
rand.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package rand provides cryptographically secure random bytes from the
// operating system.
package sysrand
import (
"os"
"sync"
"sync/atomic"
"time"
_ "unsafe"
)
var firstUse atomic.Bool
func warnBlocked() {
println("crypto/rand: blocked for 60 seconds waiting to read random data from the kernel")
}
// fatal is [runtime.fatal], pushed via linkname.
//
//go:linkname fatal
func fatal(string)
var testingOnlyFailRead bool
// Read fills b with cryptographically secure random bytes from the operating
// system. It always fills b entirely and crashes the program irrecoverably if
// an error is encountered. The operating system APIs are documented to never
// return an error on all but legacy Linux systems.
func Read(b []byte) {
if firstUse.CompareAndSwap(false, true) {
// First use of randomness. Start timer to warn about
// being blocked on entropy not being available.
t := time.AfterFunc(time.Minute, warnBlocked)
defer t.Stop()
}
if err := read(b); err != nil || testingOnlyFailRead {
var errStr string
if !testingOnlyFailRead {
errStr = err.Error()
} else {
errStr = "testing simulated failure"
}
fatal("crypto/rand: failed to read random data (see https://go.dev/issue/66821): " + errStr)
panic("unreachable") // To be sure.
}
}
// The urandom fallback is only used on Linux kernels before 3.17 and on AIX.
var urandomOnce sync.Once
var urandomFile *os.File
var urandomErr error
func urandomRead(b []byte) error {
urandomOnce.Do(func() {
urandomFile, urandomErr = os.Open("/dev/urandom")
})
if urandomErr != nil {
return urandomErr
}
for len(b) > 0 {
n, err := urandomFile.Read(b)
// Note that we don't ignore EAGAIN because it should not be possible to
// hit for a blocking read from urandom, although there were
// unreproducible reports of it at https://go.dev/issue/9205.
if err != nil {
return err
}
b = b[n:]
}
return nil
}