mirror of
https://github.com/golang/go.git
synced 2025-12-08 06:10:04 +00:00
2b8dbb35b0
First, we centralize all random bytes generation through drbg.Read. The rest of the FIPS 140-3 module can't use external functions anyway, so drbg.Read needs to have all the logic. Then, make sure that the crypto/... tree uses drbg.Read (or the new crypto/internal/rand.Reader wrapper) instead of crypto/rand, so it is unaffected by applications setting crypto/rand.Reader. Next, pass all unspecified random io.Reader parameters through the new crypto/internal/rand.CustomReader, which just redirects to drbg.Read unless GODEBUG=cryptocustomrand=1 is set. Move all the calls to MaybeReadByte there, since it's only needed for these custom Readers. Finally, add testing/cryptotest.SetGlobalRandom which sets crypto/rand.Reader to a locked deterministic source and overrides drbg.Read. This way SetGlobalRandom should affect all cryptographic randomness in the standard library. Fixes #70942 Co-authored-by: qiulaidongfeng <2645477756@qq.com> Change-Id: I6a6a69641311d9fac318abcc6d79677f0e406100 Reviewed-on: https://go-review.googlesource.com/c/go/+/724480 Reviewed-by: Nicholas Husin <nsh@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
|---|---|---|
| .. | ||
| 49097.txt | ||
| 51945.txt | ||
| 56866.txt | ||
| 61642.txt | ||
| 63963.txt | ||
| 65716.txt | ||
| 65954.txt | ||
| 66631.txt | ||
| 67546.txt | ||
| 67813.txt | ||
| 68021.txt | ||
| 70352.txt | ||
| 70942.txt | ||
| 71206.txt | ||
| 71287.txt | ||
| 73161.txt | ||
| 73627.txt | ||
| 73794.txt | ||
| 74425.txt | ||
| 74630.txt | ||
| 75108.txt | ||
| 75300.txt | ||
| 75301.txt | ||
| 75302.txt | ||
| 75325.txt | ||
| 75562.txt | ||
| 75772.txt | ||
| 75849.txt | ||
| 76031.txt | ||