random: stop using deprecated rand.Seed in go1.20 and later

This commit is contained in:
Nick Craig-Wood 2023-11-24 10:05:53 +00:00
parent 5d5473c8a5
commit 94ccc95515
3 changed files with 46 additions and 16 deletions

View File

@ -67,19 +67,3 @@ func Password(bits int) (password string, err error) {
password = base64.RawURLEncoding.EncodeToString(pw)
return password, nil
}
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
func Seed() error {
var seed int64
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
if err != nil {
return fmt.Errorf("failed to read random seed: %w", err)
}
mathrand.Seed(seed)
return nil
}

17
lib/random/random_seed.go Normal file
View File

@ -0,0 +1,17 @@
//go:build go1.20
package random
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
//
// As of Go 1.20 there is no reason to call math/rand.Seed with a
// random value as it is self seeded to a random 64 bit number so this
// does nothing.
func Seed() error {
return nil
}

View File

@ -0,0 +1,29 @@
//go:build !go1.20
package random
import (
cryptorand "crypto/rand"
"encoding/binary"
"fmt"
mathrand "math/rand"
)
// Seed the global math/rand with crypto strong data
//
// This doesn't make it OK to use math/rand in crypto sensitive
// environments - don't do that! However it does help to mitigate the
// problem if that happens accidentally. This would have helped with
// CVE-2020-28924 - #4783
//
// As of Go 1.20 there is no reason to call math/rand.Seed with a
// random value as it is self seeded to a random 64 bit number.
func Seed() error {
var seed int64
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
if err != nil {
return fmt.Errorf("failed to read random seed: %w", err)
}
mathrand.Seed(seed)
return nil
}