lib/rand: Various minor fixes (#6752)

crypto/rand output is cryptographically secure by the Go library
documentation's promise. That, rather than strength (= passes randomness
tests) is the property that Syncthing needs).

lib/protocol/bep_extensions.go

@@ -367,7 +367,7 @@ func (i *IndexID) Unmarshal(bs []byte) error {
 }
 
 func NewIndexID() IndexID {
-	return IndexID(rand.Int64())
+	return IndexID(rand.Uint64())
 }
 
 func (f Folder) Description() string {

lib/rand/random.go

@@ -21,17 +21,17 @@ var Reader = cryptoRand.Reader
 const randomCharset = "2345679abcdefghijkmnopqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ"
 
 var (
-	// defaultSecureSource is a concurrency safe math/rand.Source with a
+	// defaultSecureSource is a concurrency-safe, cryptographically secure
-	// cryptographically sound base.
+	// math/rand.Source.
 	defaultSecureSource = newSecureSource()
 
 	// defaultSecureRand is a math/rand.Rand based on the secure source.
 	defaultSecureRand = mathRand.New(defaultSecureSource)
 )
 
-// String returns a strongly random string of characters (taken from
+// String returns a cryptographically secure random string of characters
-// randomCharset) of the specified length. The returned string contains ~5.8
+// (taken from randomCharset) of the specified length. The returned string
-// bits of entropy per character, due to the character set used.
+// contains ~5.8 bits of entropy per character, due to the character set used.
 func String(l int) string {
 	bs := make([]byte, l)
 	for i := range bs {
@@ -40,18 +40,18 @@ func String(l int) string {
 	return string(bs)
 }
 
-// Int63 returns a strongly random int63.
+// Int63 returns a cryptographically secure random int63.
 func Int63() int64 {
 	return defaultSecureSource.Int63()
 }
 
-// Int64 returns a strongly random int64.
+// Uint64 returns a cryptographically secure strongly random uint64.
-func Int64() int64 {
+func Uint64() uint64 {
-	return int64(defaultSecureSource.Uint64())
+	return defaultSecureSource.Uint64()
 }
 
-// Intn returns, as an int, a non-negative strongly random number in [0,n).
+// Intn returns, as an int, a cryptographically secure non-negative
-// It panics if n <= 0.
+// random number in [0,n). It panics if n <= 0.
 func Intn(n int) int {
 	return defaultSecureRand.Intn(n)
 }

lib/rand/random_test.go

@@ -30,10 +30,10 @@ func TestRandomString(t *testing.T) {
 	}
 }
 
-func TestRandomInt64(t *testing.T) {
+func TestRandomUint64(t *testing.T) {
-	ints := make([]int64, 1000)
+	ints := make([]uint64, 1000)
 	for i := range ints {
-		ints[i] = Int64()
+		ints[i] = Uint64()
 		for j := range ints {
 			if i == j {
 				continue

lib/tlsutil/tlsutil.go

@@ -102,7 +102,7 @@ func NewCertificate(certFile, keyFile, commonName string, lifetimeDays int) (tls
 	// NOTE: update checkExpiry() appropriately if you add or change attributes
 	// in here, especially DNSNames or IPAddresses.
 	template := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(rand.Int63()),
+		SerialNumber: new(big.Int).SetUint64(rand.Uint64()),
 		Subject: pkix.Name{
 			CommonName: commonName,
 		},