vikarti.anatra/safing-portbase
1
0
Fork 0
mirror of https://github.com/safing/portbase synced 2025-09-01 01:59:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make second OS rng feed async to improve resilience against empty rand pool

Browse source
This commit is contained in:
Daniel 2020-05-29 10:56:50 +02:00
parent 07501148ea
commit 91181f38bf
1 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
rng/rng.go
View file

@ -1,6 +1,7 @@
package rng
import (
"context"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
@ -49,14 +50,22 @@ func start() error {
return errors.New("failed to initialize rng")
}
// explicitly add randomness
osEntropy := make([]byte, minFeedEntropy/8)
_, err := rand.Read(osEntropy)
if err != nil {
return fmt.Errorf("could not read entropy from os: %s", err)
}
rng.Reseed(osEntropy)
// add another (async) OS rng seed
module.StartWorker("initial rng feed", func(_ context.Context) error {
// get entropy from OS
osEntropy := make([]byte, minFeedEntropy/8)
_, err := rand.Read(osEntropy)
if err != nil {
return fmt.Errorf("could not read entropy from os: %s", err)
}
// feed
rngLock.Lock()
rng.Reseed(osEntropy)
rngLock.Unlock()
return nil
})
// mark as ready
rngReady = true
// random source: OS