git.apps.os.sepia.ceph.com Git - fscrypt.git/commit

crypto: add secure random reader using getrandom

This commit adds in RandReader, a cryptographically secure io.Reader
that will fail when the os has insufficient randomness. This is done
using the getrandom() syscall in non-blocking mode.
see: http://man7.org/linux/man-pages/man2/getrandom.2.html
Any kernel new enough to have filesystem encryption will also have this
syscall.

This RandReader is preferable to the one provided by the standard
library in crypto/rand. See the bugs:
https://github.com/golang/go/issues/11833
https://github.com/golang/go/issues/19274
This will be removed when go updates the crypto/rand implementation.

Change-Id: Icccaf07bc6011b95cd31a5c268e7486807dcffe2

author	Joe Richey <joerichey@google.com>
	Thu, 2 Mar 2017 19:58:07 +0000 (11:58 -0800)
committer	Joe Richey joerichey@google.com <joerichey@google.com>
	Tue, 2 May 2017 20:39:18 +0000 (13:39 -0700)
commit	49b3026574ab692cfabcabe90751b163a76df31b
tree	c638076dd5faeadf84afd49fcf15728f68181eba	tree \| snapshot
parent	53d15f466a665e4e564af3afdcbcfe9ff1c91331	commit \| diff

crypto/crypto_test.go		diff \| blob \| history
crypto/rand.go	[new file with mode: 0644]	blob