diff options
| author | Shulhan <ms@kilabit.info> | 2023-09-13 22:54:45 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2023-09-13 23:17:40 +0700 |
| commit | 06206ab0f55ad1b0de52c05efbd704e1b36e2d0f (patch) | |
| tree | 9314aeffb85f4b91d5310d77262059a7d03fcf9b /lib/websocket/funcs.go | |
| parent | 0d90bfc64fd5b4da56be002ae0a2a8d23beaeefc (diff) | |
| download | pakakeh.go-06206ab0f55ad1b0de52c05efbd704e1b36e2d0f.tar.xz | |
lib/websocket: replace package "math/rand" with "crypto/rand"
The rand.Seed has been deprecated since Go 1.20 (we use 1.20 in go.mod).
The problem is if the user of this module is using Go tools < v1.20,
there is no guarantee that the Seed is initialize randomly.
Diffstat (limited to 'lib/websocket/funcs.go')
| -rw-r--r-- | lib/websocket/funcs.go | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/websocket/funcs.go b/lib/websocket/funcs.go index 99db9d06..6137cddf 100644 --- a/lib/websocket/funcs.go +++ b/lib/websocket/funcs.go @@ -5,11 +5,11 @@ package websocket import ( + "crypto/rand" "crypto/sha1" "encoding/base64" - "encoding/binary" "fmt" - "math/rand" + "log" "os" "syscall" "time" @@ -150,13 +150,19 @@ func generateHandshakeAccept(key []byte) string { // generateHandshakeKey randomly selected 16-byte value that has been // base64-encoded (see Section 4 of [RFC4648]). func generateHandshakeKey() (key []byte) { - var bkey []byte = make([]byte, 16) + var ( + bkey = make([]byte, 16) + + err error + ) - binary.LittleEndian.PutUint64(bkey[0:8], rand.Uint64()) - binary.LittleEndian.PutUint64(bkey[8:16], rand.Uint64()) + _, err = rand.Read(bkey) + if err != nil { + log.Panicf(`generateHandshakeKey: %s`, err) + } key = make([]byte, base64.StdEncoding.EncodedLen(len(bkey))) base64.StdEncoding.Encode(key, bkey) - return + return key } |