src/crypto/rand/rand.go - go - Git at Google

 // Copyright 2010 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // Package rand implements a cryptographically secure
 // random number generator.
 package rand

 import (
 	"crypto/internal/boring"
 	"crypto/internal/fips140"
 	"crypto/internal/fips140/drbg"
 	"crypto/internal/sysrand"
 	"io"
 	_ "unsafe"
 )

 // Reader is a global, shared instance of a cryptographically
 // secure random number generator. It is safe for concurrent use.
 //
 //   - On Linux, FreeBSD, Dragonfly, and Solaris, Reader uses getrandom(2).
 //   - On legacy Linux (< 3.17), Reader opens /dev/urandom on first use.
 //   - On macOS, iOS, and OpenBSD Reader, uses arc4random_buf(3).
 //   - On NetBSD, Reader uses the kern.arandom sysctl.
 //   - On Windows, Reader uses the ProcessPrng API.
 //   - On js/wasm, Reader uses the Web Crypto API.
 //   - On wasip1/wasm, Reader uses random_get.
 //
 // In FIPS 140-3 mode, the output passes through an SP 800-90A Rev. 1
 // Deterministric Random Bit Generator (DRBG).
 var Reader io.Reader

 func init() {
 	if boring.Enabled {
 		Reader = boring.RandReader
 		return
 	}
 	Reader = &reader{}
 }

 type reader struct {
 	drbg.DefaultReader
 }

 func (r *reader) Read(b []byte) (n int, err error) {
 	boring.Unreachable()
 	if fips140.Enabled {
 		drbg.Read(b)
 	} else {
 		sysrand.Read(b)
 	}
 	return len(b), nil
 }

 // fatal is [runtime.fatal], pushed via linkname.
 //
 //go:linkname fatal
 func fatal(string)

 // Read fills b with cryptographically secure random bytes. It never returns an
 // error, and always fills b entirely.
 //
 // Read calls [io.ReadFull] on [Reader] and crashes the program irrecoverably if
 // an error is returned. The default Reader uses operating system APIs that are
 // documented to never return an error on all but legacy Linux systems.
 func Read(b []byte) (n int, err error) {
 	// We don't want b to escape to the heap, but escape analysis can't see
 	// through a potentially overridden Reader, so we special-case the default
 	// case which we can keep non-escaping, and in the general case we read into
 	// a heap buffer and copy from it.
 	if r, ok := Reader.(*reader); ok {
 		_, err = r.Read(b)
 	} else {
 		bb := make([]byte, len(b))
 		_, err = io.ReadFull(Reader, bb)
 		copy(b, bb)
 	}
 	if err != nil {
 		fatal("crypto/rand: failed to read random data (see https://go.dev/issue/66821): " + err.Error())
 		panic("unreachable") // To be sure.
 	}
 	return len(b), nil
 }
	// Copyright 2010 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// Package rand implements a cryptographically secure
	// random number generator.
	package rand

	import (
	"crypto/internal/boring"
	"crypto/internal/fips140"
	"crypto/internal/fips140/drbg"
	"crypto/internal/sysrand"
	"io"
	_ "unsafe"
	)

	// Reader is a global, shared instance of a cryptographically
	// secure random number generator. It is safe for concurrent use.
	//
	// - On Linux, FreeBSD, Dragonfly, and Solaris, Reader uses getrandom(2).
	// - On legacy Linux (< 3.17), Reader opens /dev/urandom on first use.
	// - On macOS, iOS, and OpenBSD Reader, uses arc4random_buf(3).
	// - On NetBSD, Reader uses the kern.arandom sysctl.
	// - On Windows, Reader uses the ProcessPrng API.
	// - On js/wasm, Reader uses the Web Crypto API.
	// - On wasip1/wasm, Reader uses random_get.
	//
	// In FIPS 140-3 mode, the output passes through an SP 800-90A Rev. 1
	// Deterministric Random Bit Generator (DRBG).
	var Reader io.Reader

	func init() {
	if boring.Enabled {
	Reader = boring.RandReader
	return
	}
	Reader = &reader{}
	}

	type reader struct {
	drbg.DefaultReader
	}

	func (r *reader) Read(b []byte) (n int, err error) {
	boring.Unreachable()
	if fips140.Enabled {
	drbg.Read(b)
	} else {
	sysrand.Read(b)
	}
	return len(b), nil
	}

	// fatal is [runtime.fatal], pushed via linkname.
	//
	//go:linkname fatal
	func fatal(string)

	// Read fills b with cryptographically secure random bytes. It never returns an
	// error, and always fills b entirely.
	//
	// Read calls [io.ReadFull] on [Reader] and crashes the program irrecoverably if
	// an error is returned. The default Reader uses operating system APIs that are
	// documented to never return an error on all but legacy Linux systems.
	func Read(b []byte) (n int, err error) {
	// We don't want b to escape to the heap, but escape analysis can't see
	// through a potentially overridden Reader, so we special-case the default
	// case which we can keep non-escaping, and in the general case we read into
	// a heap buffer and copy from it.
	if r, ok := Reader.(*reader); ok {
	_, err = r.Read(b)
	} else {
	bb := make([]byte, len(b))
	_, err = io.ReadFull(Reader, bb)
	copy(b, bb)
	}
	if err != nil {
	fatal("crypto/rand: failed to read random data (see https://go.dev/issue/66821): " + err.Error())
	panic("unreachable") // To be sure.
	}
	return len(b), nil
	}