From b6bc033a11819a2ec43f17d99d9d1db1df61210c Mon Sep 17 00:00:00 2001
From: Josh Rickmar <jrick@companyzero.com>
Date: Wed, 12 Jun 2024 19:14:14 +0000
Subject: [PATCH] make the security guarantees more wish-washy

---
 peer/internal/uprng/uprng.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/peer/internal/uprng/uprng.go b/peer/internal/uprng/uprng.go
index c2fc97fc4..03e0e1792 100644
--- a/peer/internal/uprng/uprng.go
+++ b/peer/internal/uprng/uprng.go
@@ -19,7 +19,7 @@ import (
 var Reader io.Reader
 
 func init() {
-	Reader = new(prng)
+	Reader = newPRNG()
 }
 
 const (
@@ -39,19 +39,26 @@ type prng struct {
 	mu     sync.Mutex
 }
 
+func newPRNG() *prng {
+	p := new(prng)
+	p.seed()
+	return p
+}
+
+// seed reseeds the prng with kernel and existing cipher entropy, if the
+// cipher has been originally seeded.
+// Panics only during intial seeding if a crypto/rand read errors.
 func (p *prng) seed() {
 	_, err := cryptorand.Read(key)
-	if err != nil {
+	if err != nil && p.cipher == nil {
 		panic(err)
 	}
 	if p.cipher != nil {
 		p.cipher.XORKeyStream(key, key)
 	}
 
-	cipher, err := chacha20.NewUnauthenticatedCipher(key, nonce)
-	if err != nil {
-		panic(err)
-	}
+	// never errors with correct key and nonce sizes
+	cipher, _ := chacha20.NewUnauthenticatedCipher(key, nonce)
 
 	for i := range key {
 		key[i] = 0