mox/mox-/rand.go

package mox

import (
	cryptorand "crypto/rand"
	"encoding/binary"
	"fmt"
	mathrand "math/rand"
	"sync"
)

type rand struct {
	*mathrand.Rand
	sync.Mutex
}

// NewPseudoRand returns a new PRNG seeded with random bytes from crypto/rand.
func NewPseudoRand() *rand {
	return &rand{Rand: mathrand.New(mathrand.NewSource(CryptoRandInt()))}
}

// Read can be called concurrently.
func (r *rand) Read(buf []byte) (int, error) {
	r.Lock()
	defer r.Unlock()
	return r.Rand.Read(buf)
}

// CryptoRandInt returns a cryptographically random number.
func CryptoRandInt() int64 {
	buf := make([]byte, 8)
	_, err := cryptorand.Read(buf)
	if err != nil {
		panic(fmt.Errorf("reading random bytes: %v", err))
	}
	return int64(binary.LittleEndian.Uint64(buf))
}
mox! 2023-01-30 16:27:06 +03:00			`package mox`

			`import (`
			`cryptorand "crypto/rand"`
			`"encoding/binary"`
			`"fmt"`
			`mathrand "math/rand"`
fix bug with concurrent math/rand.Rand.Read firstly by using crypto/rand in those cases. and secondly by putting a lock around the Read (though it isn't used at the moment). found while working while implementing sending tls reports. 2023-11-09 19:15:46 +03:00			`"sync"`
mox! 2023-01-30 16:27:06 +03:00			`)`

fix bug with concurrent math/rand.Rand.Read firstly by using crypto/rand in those cases. and secondly by putting a lock around the Read (though it isn't used at the moment). found while working while implementing sending tls reports. 2023-11-09 19:15:46 +03:00			`type rand struct {`
			`*mathrand.Rand`
			`sync.Mutex`
			`}`

			`// NewPseudoRand returns a new PRNG seeded with random bytes from crypto/rand.`
			`func NewPseudoRand() *rand {`
			`return &rand{Rand: mathrand.New(mathrand.NewSource(CryptoRandInt()))}`
			`}`

			`// Read can be called concurrently.`
			`func (r *rand) Read(buf []byte) (int, error) {`
			`r.Lock()`
			`defer r.Unlock()`
			`return r.Rand.Read(buf)`
mox! 2023-01-30 16:27:06 +03:00			`}`

support cram-md5 authentication for imap and smtp and change thunderbird autoconfiguration to use it. unfortunately, for microsoft autodiscover, there appears to be no way to request secure password negotiation. so it will default to plain text auth. cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support scram auth. it currently chooses "plain", sending the literal password over the connection (which is TLS-protected, but we don't want to receive clear text passwords). in short, cram-md5 is better than nothing... for cram-md5 to work, a new set of derived credentials need to be stored in the database. so you need to save your password again to make it work. this was also the case with the scram-sha-1 addition, but i forgot to mention it then. 2023-02-05 18:29:03 +03:00			`// CryptoRandInt returns a cryptographically random number.`
			`func CryptoRandInt() int64 {`
mox! 2023-01-30 16:27:06 +03:00			`buf := make([]byte, 8)`
			`_, err := cryptorand.Read(buf)`
			`if err != nil {`
			`panic(fmt.Errorf("reading random bytes: %v", err))`
			`}`
			`return int64(binary.LittleEndian.Uint64(buf))`
			`}`