qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-18 17:44:47 -07:00
Code Releases Activity
a48998beb5
go/src/crypto
History
Wade Simmons 8a2553e380 crypto/rand: only read necessary bytes for Int 
We only need to read the number of bytes required to store the value
"max - 1" to generate a random number in the range [0, max).

Before, there was an off-by-one error where an extra byte was read from
the io.Reader for inputs like "256" (right at the boundary for a byte).
There was a similar off-by-one error in the logic for clearing bits and
thus for any input that was a power of 2, there was a 50% chance the
read would continue to be retried as the mask failed to remove a bit.

Fixes #18165.

Change-Id: I548c1368990e23e365591e77980e9086fafb6518
Reviewed-on: https://go-review.googlesource.com/43891
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-23 21:02:14 +00:00
..
aes crypto/aes: fix wrong instruction on ppc64le implementation 2017-04-11 20:10:08 +00:00
cipher all: make spelling consistent 2016-12-08 23:22:37 +00:00
des crypto: revise wording about cryptographically broken algorithms 2017-05-04 12:31:18 +00:00
dsa crypto/dsa: also use fromHex in TestSignAndVerify. 2017-02-09 23:40:05 +00:00
ecdsa crypto/ecdsa: correct code comment. 2016-10-02 19:38:37 +00:00
elliptic crypto/elliptic: fix carry bug in x86-64 P-256 implementation. 2017-04-19 18:07:31 +00:00
hmac crypto/hmac: don't test for length equality in Equal. 2016-08-17 23:23:28 +00:00
internal/cipherhw crypto/{cipher,tls,internal/cryptohw}: prioritise AES-GCM when hardware support is present. 2016-11-07 20:01:18 +00:00
md5 crypto: revise wording about cryptographically broken algorithms 2017-05-04 12:31:18 +00:00
rand crypto/rand: only read necessary bytes for Int 2017-05-23 21:02:14 +00:00
rc4 crypto: revise wording about cryptographically broken algorithms 2017-05-04 12:31:18 +00:00
rsa crypto/*: document use or non-use of constant-time algorithms 2016-12-07 16:34:50 +00:00
sha1 internal/cpu: new package to detect cpu features 2017-05-10 17:02:21 +00:00
sha256 internal/cpu: new package to detect cpu features 2017-05-10 17:02:21 +00:00
sha512 internal/cpu: new package to detect cpu features 2017-05-10 17:02:21 +00:00
subtle crypto/subtle: expand abbreviation to eliminate confusion 2016-06-09 15:30:48 +00:00
tls crypto/tls: pass argument to serverInit rather than using a field in Config. 2017-05-16 18:23:28 +00:00
x509 crypto/x509: load certs from env vars + extra locations 2017-05-03 15:39:29 +00:00
crypto.go crypto: add BLAKE2b and BLAKE2s hash constants 2017-03-01 19:26:16 +00:00