make the security guarantees more wish-washy

jrick · Jun 12, 2024 · b6bc033 · b6bc033
1 parent 53f96d8
commit b6bc033
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/peer/internal/uprng/uprng.go b/peer/internal/uprng/uprng.go
@@ -19,7 +19,7 @@ import (
 var Reader io.Reader
 
 func init() {
-	Reader = new(prng)
+	Reader = newPRNG()
 }
 
 const (
@@ -39,19 +39,26 @@ type prng struct {
 	mu     sync.Mutex
 }
 
+func newPRNG() *prng {
+	p := new(prng)
+	p.seed()
+	return p
+}
+
+// seed reseeds the prng with kernel and existing cipher entropy, if the
+// cipher has been originally seeded.
+// Panics only during intial seeding if a crypto/rand read errors.
 func (p *prng) seed() {
 	_, err := cryptorand.Read(key)
-	if err != nil {
+	if err != nil && p.cipher == nil {
 		panic(err)
 	}
 	if p.cipher != nil {
 		p.cipher.XORKeyStream(key, key)
 	}
 
-	cipher, err := chacha20.NewUnauthenticatedCipher(key, nonce)
-	if err != nil {
-		panic(err)
-	}
+	// never errors with correct key and nonce sizes
+	cipher, _ := chacha20.NewUnauthenticatedCipher(key, nonce)
 
 	for i := range key {
 		key[i] = 0