Skip to content

chore: use math/rand/v2 instead of math/rand #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
WeidiDeng wants to merge 1 commit into
base: master
Choose a base branch
from
+6 −6
Open

chore: use math/rand/v2 instead of math/rand #363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ package certmagic

import (
"fmt"
weakrand "math/rand"
weakrand "math/rand/v2"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -244,7 +244,7 @@ func (certCache *Cache) unsyncedCacheCertificate(cert Certificate) {
// map with less code, that is a heavily skewed eviction
// strategy; generating random numbers is cheap and
// ensures a much better distribution.
rnd := weakrand.Intn(cacheSize)
rnd := weakrand.IntN(cacheSize)
i := 0
for _, randomCert := range certCache.cache {
if i >= rnd && randomCert.managed { // don't evict manually-loaded certs
Expand Down
4 changes: 2 additions & 2 deletions certificates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
"encoding/json"
"errors"
"fmt"
"math/rand"
"math/rand/v2"
Copy link
Member

@mholt mholt Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should import this as weakrand for consistency with other files. It's a convention that helps ensure readers know the package is not strong enough for cryptographic use. But then again I guess linters do this too, so I dunno.

"net"
"os"
"strings"
Expand Down Expand Up @@ -128,7 +128,7 @@ func (cfg *Config) certNeedsRenewal(leaf *x509.Certificate, ari acme.RenewalInfo
if selectedTime.IsZero() &&
(!ari.SuggestedWindow.Start.IsZero() && !ari.SuggestedWindow.End.IsZero()) {
start, end := ari.SuggestedWindow.Start.Unix()+1, ari.SuggestedWindow.End.Unix()
selectedTime = time.Unix(rand.Int63n(end-start)+start, 0).UTC()
selectedTime = time.Unix(rand.Int64N(end-start)+start, 0).UTC()
logger.Warn("no renewal time had been selected with ARI; chose an ephemeral one for now",
zap.Time("ephemeral_selected_time", selectedTime))
}
Expand Down
4 changes: 2 additions & 2 deletions config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
"errors"
"fmt"
"io/fs"
weakrand "math/rand"
weakrand "math/rand/v2"
"net"
"net/http"
"net/url"
Expand Down Expand Up @@ -1236,7 +1236,7 @@ func (cfg *Config) checkStorage(ctx context.Context) error {
}
key := fmt.Sprintf("rw_test_%d", weakrand.Int())
contents := make([]byte, 1024*10) // size sufficient for one or two ACME resources
_, err := weakrand.Read(contents)
_, err := rand.Read(contents)
Copy link
Member

@mholt mholt Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_, err := rand.Read(contents)
_, err := weakrand.Read(contents)

Should be weakrand, right?

Copy link
Member Author

@WeidiDeng WeidiDeng Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to be cryptographically secure? math/rand/v2 doesn't have a package level 'Read' but it's easy to fill the content using random number generators.

if err != nil {
return err
}
Expand Down