From: Jason A. Donenfeld Date: Fri, 4 Mar 2022 20:03:53 +0000 (+0100) Subject: crypto/rand: remove all buffering X-Git-Tag: go1.19beta1~628 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=3ae414c31e59c9ee210fa3606f36cf0ea36b9906;p=gostls13.git crypto/rand: remove all buffering The kernel's RNG is fast enough, and buffering means taking locks, which we don't want to do. So just remove all buffering. This also means the randomness we get is "fresher". That also means we don't need any locking, making this potentially faster if multiple cores are hitting GetRandom() at the same time on newer Linuxes. Also, change the build tag of the tests to be 'unix' instead of enumerating them. Change-Id: Ia773fab768270d2aa20c0649f4171c5326b71d02 Reviewed-on: https://go-review.googlesource.com/c/go/+/390038 Reviewed-by: Filippo Valsorda Run-TryBot: Jason Donenfeld Auto-Submit: Jason Donenfeld Reviewed-by: Ian Lance Taylor TryBot-Result: Gopher Robot --- diff --git a/src/crypto/rand/rand_batched_test.go b/src/crypto/rand/rand_batched_test.go index 7a981e7892..dfb9517d5e 100644 --- a/src/crypto/rand/rand_batched_test.go +++ b/src/crypto/rand/rand_batched_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris +//go:build unix package rand diff --git a/src/crypto/rand/rand_unix.go b/src/crypto/rand/rand_unix.go index 2dd4158888..07715bd5ee 100644 --- a/src/crypto/rand/rand_unix.go +++ b/src/crypto/rand/rand_unix.go @@ -10,11 +10,11 @@ package rand import ( - "bufio" "errors" "io" "os" "sync" + "sync/atomic" "syscall" "time" ) @@ -29,7 +29,7 @@ func init() { type reader struct { f io.Reader mu sync.Mutex - used bool // whether this reader has been used + used uint32 // Atomic: 0 - never used, 1 - used, but f == nil, 2 - used, and f != nil } // altGetRandom if non-nil specifies an OS-specific function to get @@ -37,24 +37,11 @@ type reader struct { var altGetRandom func([]byte) (ok bool) // batched returns a function that calls f to populate a []byte by chunking it -// into subslices of, at most, readMax bytes, buffering min(readMax, 4096) -// bytes at a time. +// into subslices of, at most, readMax bytes. func batched(f func([]byte) error, readMax int) func([]byte) bool { - bufferSize := 4096 - if bufferSize > readMax { - bufferSize = readMax - } - fullBuffer := make([]byte, bufferSize) - var buf []byte return func(out []byte) bool { - // First we copy any amount remaining in the buffer. - n := copy(out, buf) - out, buf = out[n:], buf[n:] - - // Then, if we're requesting more than the buffer size, - // generate directly into the output, chunked by readMax. - for len(out) >= len(fullBuffer) { - read := len(out) - (len(out) % len(fullBuffer)) + for len(out) > 0 { + read := len(out) if read > readMax { read = readMax } @@ -63,22 +50,6 @@ func batched(f func([]byte) error, readMax int) func([]byte) bool { } out = out[read:] } - - // If there's a partial block left over, fill the buffer, - // and copy in the remainder. - if len(out) > 0 { - if f(fullBuffer[:]) != nil { - return false - } - buf = fullBuffer[:] - n = copy(out, buf) - out, buf = out[n:], buf[n:] - } - - if len(out) > 0 { - panic("crypto/rand batching failed to fill buffer") - } - return true } } @@ -88,10 +59,7 @@ func warnBlocked() { } func (r *reader) Read(b []byte) (n int, err error) { - r.mu.Lock() - defer r.mu.Unlock() - if !r.used { - r.used = true + if atomic.CompareAndSwapUint32(&r.used, 0, 1) { // First use of randomness. Start timer to warn about // being blocked on entropy not being available. t := time.AfterFunc(time.Minute, warnBlocked) @@ -100,14 +68,20 @@ func (r *reader) Read(b []byte) (n int, err error) { if altGetRandom != nil && altGetRandom(b) { return len(b), nil } - if r.f == nil { - f, err := os.Open(urandomDevice) - if err != nil { - return 0, err + if atomic.LoadUint32(&r.used) != 2 { + r.mu.Lock() + if r.used != 2 { + f, err := os.Open(urandomDevice) + if err != nil { + r.mu.Unlock() + return 0, err + } + r.f = hideAgainReader{f} + atomic.StoreUint32(&r.used, 2) } - r.f = bufio.NewReader(hideAgainReader{f}) + r.mu.Unlock() } - return r.f.Read(b) + return io.ReadFull(r.f, b) } // hideAgainReader masks EAGAIN reads from /dev/urandom.