From 91181f38bfc58d772dbacf8327047d858814d2fa Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Fri, 29 May 2020 10:56:50 +0200
Subject: [PATCH] Make second OS rng feed async to improve resilience against
 empty rand pool

---
 rng/rng.go | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/rng/rng.go b/rng/rng.go
index ae99159b..4a017baf 100644
--- a/rng/rng.go
+++ b/rng/rng.go
@@ -1,6 +1,7 @@
 package rng
 
 import (
+	"context"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
@@ -49,14 +50,22 @@ func start() error {
 		return errors.New("failed to initialize rng")
 	}
 
-	// explicitly add randomness
-	osEntropy := make([]byte, minFeedEntropy/8)
-	_, err := rand.Read(osEntropy)
-	if err != nil {
-		return fmt.Errorf("could not read entropy from os: %s", err)
-	}
-	rng.Reseed(osEntropy)
-
+	// add another (async) OS rng seed
+	module.StartWorker("initial rng feed", func(_ context.Context) error {
+		// get entropy from OS
+		osEntropy := make([]byte, minFeedEntropy/8)
+		_, err := rand.Read(osEntropy)
+		if err != nil {
+			return fmt.Errorf("could not read entropy from os: %s", err)
+		}
+		// feed
+		rngLock.Lock()
+		rng.Reseed(osEntropy)
+		rngLock.Unlock()
+		return nil
+	})
+
+	// mark as ready
 	rngReady = true
 
 	// random source: OS