Replace crypto/rand with internal rand package

PiperOrigin-RevId: 200784607
Change-Id: I39aa6ee632936dcbb00fc298adccffa606e9f4c0

16 files changed, 67 insertions, 10 deletions

diff --git a/pkg/dhcp/BUILD b/pkg/dhcp/BUILD
index b40860aac..3564da7e7 100644
--- a/pkg/dhcp/BUILD
+++ b/pkg/dhcp/BUILD
@@ -11,6 +11,7 @@ go_library(
     ],
     importpath = "gvisor.googlesource.com/gvisor/pkg/dhcp",
     deps = [
+        "//pkg/rand",
         "//pkg/tcpip",
         "//pkg/tcpip/network/ipv4",
         "//pkg/tcpip/stack",
diff --git a/pkg/dhcp/client.go b/pkg/dhcp/client.go
index 37deb69ff..09b724b48 100644
--- a/pkg/dhcp/client.go
+++ b/pkg/dhcp/client.go
@@ -7,12 +7,12 @@ package dhcp
 import (
 	"bytes"
 	"context"
-	"crypto/rand"
 	"fmt"
 	"log"
 	"sync"
 	"time"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/network/ipv4"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/stack"
diff --git a/pkg/rand/BUILD b/pkg/rand/BUILD
new file mode 100644
index 000000000..2bb59f895
--- /dev/null
+++ b/pkg/rand/BUILD
@@ -0,0 +1,11 @@
+package(licenses = ["notice"])  # Apache 2.0
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "rand",
+    srcs = ["rand.go"],
+    importpath = "gvisor.googlesource.com/gvisor/pkg/rand",
+    visibility = ["//:sandbox"],
+    deps = ["@org_golang_x_sys//unix:go_default_library"],
+)
diff --git a/pkg/rand/rand.go b/pkg/rand/rand.go
new file mode 100644
index 000000000..37ac07620
--- /dev/null
+++ b/pkg/rand/rand.go
@@ -0,0 +1,39 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package rand implements a cryptographically secure pseudorandom number
+// generator.
+package rand
+
+import (
+	"io"
+
+	"golang.org/x/sys/unix"
+)
+
+// reader implements an io.Reader that returns pseudorandom bytes.
+type reader struct{}
+
+// Read implements io.Reader.Read.
+func (reader) Read(p []byte) (int, error) {
+	return unix.Getrandom(p, 0)
+}
+
+// Reader is the default reader.
+var Reader io.Reader = reader{}
+
+// Read reads from the default reader.
+func Read(b []byte) (int, error) {
+	return io.ReadFull(Reader, b)
+}
diff --git a/pkg/sentry/fs/dev/BUILD b/pkg/sentry/fs/dev/BUILD
index 42049ecb5..d33a19c2f 100644
--- a/pkg/sentry/fs/dev/BUILD
+++ b/pkg/sentry/fs/dev/BUILD
@@ -33,6 +33,7 @@ go_library(
         "//pkg/abi/linux",
         "//pkg/amutex",
         "//pkg/log",
+        "//pkg/rand",
         "//pkg/sentry/context",
         "//pkg/sentry/device",
         "//pkg/sentry/fs",
diff --git a/pkg/sentry/fs/dev/random.go b/pkg/sentry/fs/dev/random.go
index 0402f9355..33a045a05 100644
--- a/pkg/sentry/fs/dev/random.go
+++ b/pkg/sentry/fs/dev/random.go
@@ -15,9 +15,8 @@
 package dev
 
 import (
-	"crypto/rand"
-
 	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/fs/ramfs"
diff --git a/pkg/sentry/loader/BUILD b/pkg/sentry/loader/BUILD
index 08cb3a777..b7aebd9ec 100644
--- a/pkg/sentry/loader/BUILD
+++ b/pkg/sentry/loader/BUILD
@@ -39,6 +39,7 @@ go_library(
         "//pkg/binary",
         "//pkg/cpuid",
         "//pkg/log",
+        "//pkg/rand",
         "//pkg/refs",
         "//pkg/sentry/arch",
         "//pkg/sentry/context",
diff --git a/pkg/sentry/loader/loader.go b/pkg/sentry/loader/loader.go
index a68ab33e7..3cda0fe6f 100644
--- a/pkg/sentry/loader/loader.go
+++ b/pkg/sentry/loader/loader.go
@@ -17,13 +17,13 @@ package loader
 
 import (
 	"bytes"
-	"crypto/rand"
 	"io"
 	"path"
 
 	"gvisor.googlesource.com/gvisor/pkg/abi"
 	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
 	"gvisor.googlesource.com/gvisor/pkg/cpuid"
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
diff --git a/pkg/sentry/syscalls/linux/BUILD b/pkg/sentry/syscalls/linux/BUILD
index f9e0a4be3..7cfd37fb1 100644
--- a/pkg/sentry/syscalls/linux/BUILD
+++ b/pkg/sentry/syscalls/linux/BUILD
@@ -70,6 +70,7 @@ go_library(
         "//pkg/eventchannel",
         "//pkg/log",
         "//pkg/metric",
+        "//pkg/rand",
         "//pkg/sentry/arch",
         "//pkg/sentry/context",
         "//pkg/sentry/fs",
diff --git a/pkg/sentry/syscalls/linux/sys_random.go b/pkg/sentry/syscalls/linux/sys_random.go
index 2dd59b1c3..be31e6b17 100644
--- a/pkg/sentry/syscalls/linux/sys_random.go
+++ b/pkg/sentry/syscalls/linux/sys_random.go
@@ -15,10 +15,10 @@
 package linux
 
 import (
-	"crypto/rand"
 	"io"
 	"math"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/safemem"
diff --git a/pkg/tcpip/network/hash/BUILD b/pkg/tcpip/network/hash/BUILD
index 96805c690..1e76fed36 100644
--- a/pkg/tcpip/network/hash/BUILD
+++ b/pkg/tcpip/network/hash/BUILD
@@ -7,5 +7,8 @@ go_library(
     srcs = ["hash.go"],
     importpath = "gvisor.googlesource.com/gvisor/pkg/tcpip/network/hash",
     visibility = ["//visibility:public"],
-    deps = ["//pkg/tcpip/header"],
+    deps = [
+        "//pkg/rand",
+        "//pkg/tcpip/header",
+    ],
 )
diff --git a/pkg/tcpip/network/hash/hash.go b/pkg/tcpip/network/hash/hash.go
index e5a696158..60227d515 100644
--- a/pkg/tcpip/network/hash/hash.go
+++ b/pkg/tcpip/network/hash/hash.go
@@ -6,9 +6,9 @@
 package hash
 
 import (
-	"crypto/rand"
 	"encoding/binary"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/header"
 )
 
diff --git a/pkg/tcpip/transport/tcp/BUILD b/pkg/tcpip/transport/tcp/BUILD
index d0eb8b8bd..f38f58e87 100644
--- a/pkg/tcpip/transport/tcp/BUILD
+++ b/pkg/tcpip/transport/tcp/BUILD
@@ -51,6 +51,7 @@ go_library(
     importpath = "gvisor.googlesource.com/gvisor/pkg/tcpip/transport/tcp",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/rand",
         "//pkg/sleep",
         "//pkg/state",
         "//pkg/tcpip",
diff --git a/pkg/tcpip/transport/tcp/accept.go b/pkg/tcpip/transport/tcp/accept.go
index e78a56cf5..85adeef0e 100644
--- a/pkg/tcpip/transport/tcp/accept.go
+++ b/pkg/tcpip/transport/tcp/accept.go
@@ -5,7 +5,6 @@
 package tcp
 
 import (
-	"crypto/rand"
 	"crypto/sha1"
 	"encoding/binary"
 	"hash"
@@ -13,6 +12,7 @@ import (
 	"sync"
 	"time"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sleep"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/header"
diff --git a/pkg/tcpip/transport/tcp/connect.go b/pkg/tcpip/transport/tcp/connect.go
index 0571ceaa5..9aaabe0b1 100644
--- a/pkg/tcpip/transport/tcp/connect.go
+++ b/pkg/tcpip/transport/tcp/connect.go
@@ -5,11 +5,11 @@
 package tcp
 
 import (
-	"crypto/rand"
 	"sync"
 	"sync/atomic"
 	"time"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sleep"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/buffer"
diff --git a/pkg/tcpip/transport/tcp/endpoint.go b/pkg/tcpip/transport/tcp/endpoint.go
index 3f87c4cac..b21c2b4ab 100644
--- a/pkg/tcpip/transport/tcp/endpoint.go
+++ b/pkg/tcpip/transport/tcp/endpoint.go
@@ -5,12 +5,12 @@
 package tcp
 
 import (
-	"crypto/rand"
 	"math"
 	"sync"
 	"sync/atomic"
 	"time"
 
+	"gvisor.googlesource.com/gvisor/pkg/rand"
 	"gvisor.googlesource.com/gvisor/pkg/sleep"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip"
 	"gvisor.googlesource.com/gvisor/pkg/tcpip/buffer"