panic("boringcrypto: invalid code execution")
}
}
+
+type fail string
+
+func (e fail) Error() string { return "boringcrypto: " + string(e) + " failed" }
// UnreachableExceptTests marks code that should be unreachable
// when BoringCrypto is in use. It is a no-op without BoringCrypto.
func UnreachableExceptTests() {}
+
+type randReader int
+
+func (randReader) Read(b []byte) (int, error) {
+ panic("boringcrypto: not available")
+}
+
+const RandReader = randReader(0)
--- /dev/null
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,amd64
+// +build !cmd_go_bootstrap
+
+package boring
+
+// #include "goboringcrypto.h"
+import "C"
+import "unsafe"
+
+type randReader int
+
+func (randReader) Read(b []byte) (int, error) {
+ // Note: RAND_bytes should never fail; the return value exists only for historical reasons.
+ // We check it even so.
+ if len(b) > 0 && C._goboringcrypto_RAND_bytes((*C.uint8_t)(unsafe.Pointer(&b[0])), C.size_t(len(b))) == 0 {
+ return 0, fail("RAND_bytes")
+ }
+ return len(b), nil
+}
+
+const RandReader = randReader(0)
"bufio"
"crypto/aes"
"crypto/cipher"
+ "crypto/internal/boring"
"io"
"os"
"runtime"
// This is sufficient on Linux, OS X, and FreeBSD.
func init() {
+ if boring.Enabled {
+ Reader = boring.RandReader
+ return
+ }
if runtime.GOOS == "plan9" {
Reader = newReader(nil)
} else {
var altGetRandom func([]byte) (ok bool)
func (r *devReader) Read(b []byte) (n int, err error) {
+ boring.Unreachable()
if altGetRandom != nil && r.name == urandomDevice && altGetRandom(b) {
return len(b), nil
}
}
func (r *reader) Read(b []byte) (n int, err error) {
+ boring.Unreachable()
r.mu.Lock()
defer r.mu.Unlock()
n = len(b)