From: Filippo Valsorda <hi@filippo.io>
Date: Sun, 5 Nov 2017 19:33:21 +0000 (-0500)
Subject: math/big: add security warning to (*Int).Rand
X-Git-Tag: go1.10beta1~385
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ef0e2af7b0296c61c17877b84f09221335a962f7;p=gostls13.git

math/big: add security warning to (*Int).Rand

Change-Id: I22a67733aa2d07298e124077654c9b1473802100
Reviewed-on: https://go-review.googlesource.com/76012
Reviewed-by: Aliaksandr Valialkin <valyala@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/math/big/int.go b/src/math/big/int.go
index 2245514835..a89f7a2d17 100644
--- a/src/math/big/int.go
+++ b/src/math/big/int.go
@@ -644,6 +644,9 @@ func (z *Int) lehmerGCD(a, b *Int) *Int {
 }
 
 // Rand sets z to a pseudo-random number in [0, n) and returns z.
+//
+// As this uses the math/rand package, it must not be used for
+// security-sensitive work. Use crypto/rand.Int instead.
 func (z *Int) Rand(rnd *rand.Rand, n *Int) *Int {
 	z.neg = false
 	if n.neg || len(n.abs) == 0 {