mirror of https://github.com/status-im/consul.git
Use a cryptographically secure seed
`SeededSecurely` is present if someone or something wants to query the way the library was seeded. Obtained from: nomad
This commit is contained in:
parent
0c5a487838
commit
d695bcaae6
18
lib/rand.go
18
lib/rand.go
|
@ -1,6 +1,9 @@
|
||||||
package lib
|
package lib
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
crand "crypto/rand"
|
||||||
|
"math"
|
||||||
|
"math/big"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
@ -8,11 +11,24 @@ import (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
once sync.Once
|
once sync.Once
|
||||||
|
|
||||||
|
// SeededSecurely is set to true if a cryptographically secure seed
|
||||||
|
// was used to initialize rand. When false, the start time is used
|
||||||
|
// as a seed.
|
||||||
|
SeededSecurely bool
|
||||||
)
|
)
|
||||||
|
|
||||||
// SeedMathRand provides weak, but guaranteed seeding, which is better than
|
// SeedMathRand provides weak, but guaranteed seeding, which is better than
|
||||||
// running with Go's default seed of 1. A call to SeedMathRand() is expected
|
// running with Go's default seed of 1. A call to SeedMathRand() is expected
|
||||||
// to be called via init(), but never a second time.
|
// to be called via init(), but never a second time.
|
||||||
func SeedMathRand() {
|
func SeedMathRand() {
|
||||||
once.Do(func() { rand.Seed(time.Now().UTC().UnixNano()) })
|
once.Do(func() {
|
||||||
|
n, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
|
||||||
|
if err != nil {
|
||||||
|
rand.Seed(time.Now().UTC().UnixNano())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
rand.Seed(n.Int64())
|
||||||
|
SeededSecurely = true
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue