aboutsummaryrefslogtreecommitdiff
path: root/internal/configfile/config_file.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-08-25 12:36:38 +0200
committerJakob Unterwurzacher2021-08-25 12:39:17 +0200
commit61ef6b00a675456ee05d40f1ce44d693bc4be350 (patch)
tree2ce32b48bb31ff728622d75e110075f5a43a7cf4 /internal/configfile/config_file.go
parentb3d26b7264f3c025a48d19cb2784b83fc84a0ee4 (diff)
-devrandom: make flag a no-op
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
Diffstat (limited to 'internal/configfile/config_file.go')
-rw-r--r--internal/configfile/config_file.go25
1 files changed, 1 insertions, 24 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index c1f93af..951dce8 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -5,9 +5,7 @@ package configfile
import (
"encoding/json"
"fmt"
- "io"
"io/ioutil"
- "log"
"syscall"
"os"
@@ -61,21 +59,6 @@ type ConfFile struct {
filename string
}
-// randBytesDevRandom gets "n" random bytes from /dev/random or panics
-func randBytesDevRandom(n int) []byte {
- f, err := os.Open("/dev/random")
- if err != nil {
- log.Panic("Failed to open /dev/random: " + err.Error())
- }
- defer f.Close()
- b := make([]byte, n)
- _, err = io.ReadFull(f, b)
- if err != nil {
- log.Panic("Failed to read random bytes: " + err.Error())
- }
- return b
-}
-
// CreateArgs exists because the argument list to Create became too long.
type CreateArgs struct {
Filename string
@@ -84,7 +67,6 @@ type CreateArgs struct {
LogN int
Creator string
AESSIV bool
- Devrandom bool
Fido2CredentialID []byte
Fido2HmacSalt []byte
DeterministicNames bool
@@ -136,12 +118,7 @@ func Create(args *CreateArgs) error {
}
{
// Generate new random master key
- var key []byte
- if args.Devrandom {
- key = randBytesDevRandom(cryptocore.KeyLen)
- } else {
- key = cryptocore.RandBytes(cryptocore.KeyLen)
- }
+ key := cryptocore.RandBytes(cryptocore.KeyLen)
tlog.PrintMasterkeyReminder(key)
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey