]> git.apps.os.sepia.ceph.com Git - fscrypt.git/commit
crypto: add secure random reader using getrandom
authorJoe Richey <joerichey@google.com>
Thu, 2 Mar 2017 19:58:07 +0000 (11:58 -0800)
committerJoe Richey joerichey@google.com <joerichey@google.com>
Tue, 2 May 2017 20:39:18 +0000 (13:39 -0700)
commit49b3026574ab692cfabcabe90751b163a76df31b
treec638076dd5faeadf84afd49fcf15728f68181eba
parent53d15f466a665e4e564af3afdcbcfe9ff1c91331
crypto: add secure random reader using getrandom

This commit adds in RandReader, a cryptographically secure io.Reader
that will fail when the os has insufficient randomness. This is done
using the getrandom() syscall in non-blocking mode.
  see: http://man7.org/linux/man-pages/man2/getrandom.2.html
Any kernel new enough to have filesystem encryption will also have this
syscall.

This RandReader is preferable to the one provided by the standard
library in crypto/rand. See the bugs:
https://github.com/golang/go/issues/11833
https://github.com/golang/go/issues/19274
This will be removed when go updates the crypto/rand implementation.

Change-Id: Icccaf07bc6011b95cd31a5c268e7486807dcffe2
crypto/crypto_test.go
crypto/rand.go [new file with mode: 0644]