diff options
| author | Jakob Unterwurzacher | 2021-08-25 12:36:38 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2021-08-25 12:39:17 +0200 |
| commit | 61ef6b00a675456ee05d40f1ce44d693bc4be350 (patch) | |
| tree | 2ce32b48bb31ff728622d75e110075f5a43a7cf4 /internal/configfile/config_file.go | |
| parent | b3d26b7264f3c025a48d19cb2784b83fc84a0ee4 (diff) | |
-devrandom: make flag a no-op
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option:
commit f3c777d5eaa682d878c638192311e52f9c204294
Author: @slackner
Date: Sun Nov 19 13:30:04 2017 +0100
main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
getrandom() syscall would be blocking (Go Bug #19274)
* Kernel versions prior to 3.17 do not support getrandom(), and there
is no check if the random generator has been properly initialized
before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.
https://github.com/rfjakob/gocryptfs/issues/596
Diffstat (limited to 'internal/configfile/config_file.go')
| -rw-r--r-- | internal/configfile/config_file.go | 25 |
1 files changed, 1 insertions, 24 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index c1f93af..951dce8 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -5,9 +5,7 @@ package configfile import ( "encoding/json" "fmt" - "io" "io/ioutil" - "log" "syscall" "os" @@ -61,21 +59,6 @@ type ConfFile struct { filename string } -// randBytesDevRandom gets "n" random bytes from /dev/random or panics -func randBytesDevRandom(n int) []byte { - f, err := os.Open("/dev/random") - if err != nil { - log.Panic("Failed to open /dev/random: " + err.Error()) - } - defer f.Close() - b := make([]byte, n) - _, err = io.ReadFull(f, b) - if err != nil { - log.Panic("Failed to read random bytes: " + err.Error()) - } - return b -} - // CreateArgs exists because the argument list to Create became too long. type CreateArgs struct { Filename string @@ -84,7 +67,6 @@ type CreateArgs struct { LogN int Creator string AESSIV bool - Devrandom bool Fido2CredentialID []byte Fido2HmacSalt []byte DeterministicNames bool @@ -136,12 +118,7 @@ func Create(args *CreateArgs) error { } { // Generate new random master key - var key []byte - if args.Devrandom { - key = randBytesDevRandom(cryptocore.KeyLen) - } else { - key = cryptocore.RandBytes(cryptocore.KeyLen) - } + key := cryptocore.RandBytes(cryptocore.KeyLen) tlog.PrintMasterkeyReminder(key) // Encrypt it using the password // This sets ScryptObject and EncryptedKey |