From 5f12fb8ae32ad90cb84dfe6fa985462faf99ffe4 Mon Sep 17 00:00:00 2001 From: "mojo-machine[bot]" <111131124+mojo-machine[bot]@users.noreply.github.com> Date: Wed, 21 Feb 2024 10:43:17 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=84=20Sync=20from=20monorepo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/wearemojo/mojo/commit/860297031a09a63be683e2ec4a25a9a5b066f45e --- lib/cryptorand/cryptorand.go | 12 +++++++----- lib/ksuid/instance_id.go | 8 ++++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/cryptorand/cryptorand.go b/lib/cryptorand/cryptorand.go index 485c1a4..4399f83 100644 --- a/lib/cryptorand/cryptorand.go +++ b/lib/cryptorand/cryptorand.go @@ -3,11 +3,14 @@ package cryptorand import ( "crypto/rand" "encoding/binary" - mathrand "math/rand" + + mathrand "math/rand/v2" ) +// TODO: could this be removed entirely now that we have math/rand/v2? +// the docs do still say "it should not be used for security-sensitive work" + func New() *mathrand.Rand { - //nolint:gosec // this is incorrect - it is using crypto/rand return mathrand.New(NewSource()) } @@ -19,12 +22,11 @@ func NewSource() mathrand.Source { func (source) Seed(_ int64) {} -func (source) Int63() int64 { +func (source) Uint64() uint64 { var data [8]byte if _, err := rand.Read(data[:]); err != nil { panic(err) } - // mask off sign bit to ensure positive number - return int64(binary.LittleEndian.Uint64(data[:]) & (1<<63 - 1)) + return binary.LittleEndian.Uint64(data[:]) } diff --git a/lib/ksuid/instance_id.go b/lib/ksuid/instance_id.go index 8fb3804..921709a 100644 --- a/lib/ksuid/instance_id.go +++ b/lib/ksuid/instance_id.go @@ -3,17 +3,15 @@ package ksuid import ( "bytes" "context" + "crypto/rand" "encoding/binary" "encoding/hex" "net" "os" - "github.com/wearemojo/mojo-public-go/lib/cryptorand" "github.com/wearemojo/mojo-public-go/lib/merr" ) -var random = cryptorand.New() - const ( ErrNoHardwareAddress = merr.Code("no_hardware_address") ErrNotDockerized = merr.Code("not_dockerized") @@ -102,7 +100,9 @@ func getDockerID(ctx context.Context) ([]byte, error) { // NewRandomID returns a RandomID initialized by a PRNG. func NewRandomID() InstanceID { tmp := make([]byte, 8) - random.Read(tmp) + if _, err := rand.Read(tmp); err != nil { + panic(err) + } var b [8]byte copy(b[:], tmp)