diff options
| author | Filippo Valsorda <filippo@golang.org> | 2024-11-04 13:05:46 +0100 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-11-19 00:29:26 +0000 |
| commit | f705cf8f96bef3f61ba65e62b0b9123d718d0d12 (patch) | |
| tree | 1358a1eb00173e6c2e3d86519f6bbc0abf836351 /src | |
| parent | c4aea467842efc3baf6cd2f5ad19fe23d7304c2e (diff) | |
| download | go-f705cf8f96bef3f61ba65e62b0b9123d718d0d12.tar.xz | |
crypto/rand: replace crypto/aes with internal/chacha8rand for plan9
We will need to import this functionality from the FIPS module, and we
can't import AES from there. Plan 9 is not going to be FIPS validated
anyway, so we can use non-approved cryptography.
For #69536
Change-Id: I7921ec0829b576de2e80f3a7d0a9a776ff387684
Reviewed-on: https://go-review.googlesource.com/c/go/+/624975
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/rand/rand_plan9.go | 64 |
1 files changed, 28 insertions, 36 deletions
diff --git a/src/crypto/rand/rand_plan9.go b/src/crypto/rand/rand_plan9.go index 0614d85ba7..a9b0b5857f 100644 --- a/src/crypto/rand/rand_plan9.go +++ b/src/crypto/rand/rand_plan9.go @@ -5,76 +5,68 @@ package rand import ( - "crypto/aes" "internal/byteorder" + "internal/chacha8rand" "io" "os" "sync" - "time" ) const randomDevice = "/dev/random" // This is a pseudorandom generator that seeds itself by reading from // /dev/random. The read function always returns the full amount asked for, or -// else it returns an error. The generator is a fast key erasure RNG. +// else it returns an error. var ( mu sync.Mutex seeded sync.Once seedErr error - key [32]byte + state chacha8rand.State ) func read(b []byte) error { seeded.Do(func() { - t := time.AfterFunc(time.Minute, func() { - println("crypto/rand: blocked for 60 seconds waiting to read random data from the kernel") - }) - defer t.Stop() entropy, err := os.Open(randomDevice) if err != nil { seedErr = err return } defer entropy.Close() - _, seedErr = io.ReadFull(entropy, key[:]) + var seed [32]byte + _, err = io.ReadFull(entropy, seed[:]) + if err != nil { + seedErr = err + return + } + state.Init(seed) }) if seedErr != nil { return seedErr } mu.Lock() - blockCipher, err := aes.NewCipher(key[:]) - if err != nil { - mu.Unlock() - return err + defer mu.Unlock() + + for len(b) >= 8 { + if x, ok := state.Next(); ok { + byteorder.BePutUint64(b, x) + b = b[8:] + } else { + state.Refill() + } } - var ( - counter uint64 - block [aes.BlockSize]byte - ) - inc := func() { - counter++ - if counter == 0 { - panic("crypto/rand counter wrapped") + for len(b) > 0 { + if x, ok := state.Next(); ok { + var buf [8]byte + byteorder.BePutUint64(buf[:], x) + n := copy(b, buf[:]) + b = b[n:] + } else { + state.Refill() } - byteorder.LePutUint64(block[:], counter) } - blockCipher.Encrypt(key[:aes.BlockSize], block[:]) - inc() - blockCipher.Encrypt(key[aes.BlockSize:], block[:]) - inc() - mu.Unlock() + state.Reseed() - for len(b) >= aes.BlockSize { - blockCipher.Encrypt(b[:aes.BlockSize], block[:]) - inc() - b = b[aes.BlockSize:] - } - if len(b) > 0 { - blockCipher.Encrypt(block[:], block[:]) - copy(b, block[:]) - } return nil } |