From 273cc9cef8a647a365219d5b568305aa045418f9 Mon Sep 17 00:00:00 2001 From: greatroar <61184462+greatroar@users.noreply.github.com> Date: Wed, 17 Jun 2020 10:43:58 +0200 Subject: [PATCH] lib/rand: Various minor fixes (#6752) crypto/rand output is cryptographically secure by the Go library documentation's promise. That, rather than strength (= passes randomness tests) is the property that Syncthing needs). --- lib/protocol/bep_extensions.go | 2 +- lib/rand/random.go | 22 +++++++++++----------- lib/rand/random_test.go | 6 +++--- lib/tlsutil/tlsutil.go | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/protocol/bep_extensions.go b/lib/protocol/bep_extensions.go index b42b05073..ef691928f 100644 --- a/lib/protocol/bep_extensions.go +++ b/lib/protocol/bep_extensions.go @@ -367,7 +367,7 @@ func (i *IndexID) Unmarshal(bs []byte) error { } func NewIndexID() IndexID { - return IndexID(rand.Int64()) + return IndexID(rand.Uint64()) } func (f Folder) Description() string { diff --git a/lib/rand/random.go b/lib/rand/random.go index 2faa04b70..1775de160 100644 --- a/lib/rand/random.go +++ b/lib/rand/random.go @@ -21,17 +21,17 @@ var Reader = cryptoRand.Reader const randomCharset = "2345679abcdefghijkmnopqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ" var ( - // defaultSecureSource is a concurrency safe math/rand.Source with a - // cryptographically sound base. + // defaultSecureSource is a concurrency-safe, cryptographically secure + // math/rand.Source. defaultSecureSource = newSecureSource() // defaultSecureRand is a math/rand.Rand based on the secure source. defaultSecureRand = mathRand.New(defaultSecureSource) ) -// String returns a strongly random string of characters (taken from -// randomCharset) of the specified length. The returned string contains ~5.8 -// bits of entropy per character, due to the character set used. +// String returns a cryptographically secure random string of characters +// (taken from randomCharset) of the specified length. The returned string +// contains ~5.8 bits of entropy per character, due to the character set used. func String(l int) string { bs := make([]byte, l) for i := range bs { @@ -40,18 +40,18 @@ func String(l int) string { return string(bs) } -// Int63 returns a strongly random int63. +// Int63 returns a cryptographically secure random int63. func Int63() int64 { return defaultSecureSource.Int63() } -// Int64 returns a strongly random int64. -func Int64() int64 { - return int64(defaultSecureSource.Uint64()) +// Uint64 returns a cryptographically secure strongly random uint64. +func Uint64() uint64 { + return defaultSecureSource.Uint64() } -// Intn returns, as an int, a non-negative strongly random number in [0,n). -// It panics if n <= 0. +// Intn returns, as an int, a cryptographically secure non-negative +// random number in [0,n). It panics if n <= 0. func Intn(n int) int { return defaultSecureRand.Intn(n) } diff --git a/lib/rand/random_test.go b/lib/rand/random_test.go index 2c15b312e..4a19eb828 100644 --- a/lib/rand/random_test.go +++ b/lib/rand/random_test.go @@ -30,10 +30,10 @@ func TestRandomString(t *testing.T) { } } -func TestRandomInt64(t *testing.T) { - ints := make([]int64, 1000) +func TestRandomUint64(t *testing.T) { + ints := make([]uint64, 1000) for i := range ints { - ints[i] = Int64() + ints[i] = Uint64() for j := range ints { if i == j { continue diff --git a/lib/tlsutil/tlsutil.go b/lib/tlsutil/tlsutil.go index 23df5ead2..774e17e53 100644 --- a/lib/tlsutil/tlsutil.go +++ b/lib/tlsutil/tlsutil.go @@ -102,7 +102,7 @@ func NewCertificate(certFile, keyFile, commonName string, lifetimeDays int) (tls // NOTE: update checkExpiry() appropriately if you add or change attributes // in here, especially DNSNames or IPAddresses. template := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(rand.Int63()), + SerialNumber: new(big.Int).SetUint64(rand.Uint64()), Subject: pkix.Name{ CommonName: commonName, },