mirror of
https://github.com/rclone/rclone.git
synced 2024-11-22 08:23:47 +01:00
random: stop using deprecated rand.Seed in go1.20 and later
This commit is contained in:
Nick Craig-Wood
parent
5d5473c8a5
commit
94ccc95515
@ -67,19 +67,3 @@ func Password(bits int) (password string, err error) {
|
||||
password = base64.RawURLEncoding.EncodeToString(pw)
|
||||
return password, nil
|
||||
}
|
||||
|
||||
// Seed the global math/rand with crypto strong data
|
||||
//
|
||||
// This doesn't make it OK to use math/rand in crypto sensitive
|
||||
// environments - don't do that! However it does help to mitigate the
|
||||
// problem if that happens accidentally. This would have helped with
|
||||
// CVE-2020-28924 - #4783
|
||||
func Seed() error {
|
||||
var seed int64
|
||||
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read random seed: %w", err)
|
||||
}
|
||||
mathrand.Seed(seed)
|
||||
return nil
|
||||
}
|
||||
|
||||
17
lib/random/random_seed.go
Normal file
17
lib/random/random_seed.go
Normal file
@ -0,0 +1,17 @@
|
||||
//go:build go1.20
|
||||
|
||||
package random
|
||||
|
||||
// Seed the global math/rand with crypto strong data
|
||||
//
|
||||
// This doesn't make it OK to use math/rand in crypto sensitive
|
||||
// environments - don't do that! However it does help to mitigate the
|
||||
// problem if that happens accidentally. This would have helped with
|
||||
// CVE-2020-28924 - #4783
|
||||
//
|
||||
// As of Go 1.20 there is no reason to call math/rand.Seed with a
|
||||
// random value as it is self seeded to a random 64 bit number so this
|
||||
// does nothing.
|
||||
func Seed() error {
|
||||
return nil
|
||||
}
|
||||
29
lib/random/random_seed_old.go
Normal file
29
lib/random/random_seed_old.go
Normal file
@ -0,0 +1,29 @@
|
||||
//go:build !go1.20
|
||||
|
||||
package random
|
||||
|
||||
import (
|
||||
cryptorand "crypto/rand"
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
mathrand "math/rand"
|
||||
)
|
||||
|
||||
// Seed the global math/rand with crypto strong data
|
||||
//
|
||||
// This doesn't make it OK to use math/rand in crypto sensitive
|
||||
// environments - don't do that! However it does help to mitigate the
|
||||
// problem if that happens accidentally. This would have helped with
|
||||
// CVE-2020-28924 - #4783
|
||||
//
|
||||
// As of Go 1.20 there is no reason to call math/rand.Seed with a
|
||||
// random value as it is self seeded to a random 64 bit number.
|
||||
func Seed() error {
|
||||
var seed int64
|
||||
err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read random seed: %w", err)
|
||||
}
|
||||
mathrand.Seed(seed)
|
||||
return nil
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user