diff --git a/go.mod b/go.mod index 8c46b8ab..e4d58b2a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( github.com/beevik/etree v1.1.0 github.com/crewjam/httperr v0.2.0 - github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 + github.com/dchest/uniuri v1.2.0 github.com/form3tech-oss/jwt-go v3.2.2+incompatible github.com/google/go-cmp v0.5.5 github.com/kr/pretty v0.3.0 diff --git a/go.sum b/go.sum index 600aad56..330d963c 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3p github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 h1:RAV05c0xOkJ3dZGS0JFybxFKZ2WMLabgx3uXnd7rpGs= -github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= +github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g= +github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY= github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= diff --git a/vendor/github.com/dchest/uniuri/.travis.yml b/vendor/github.com/dchest/uniuri/.travis.yml deleted file mode 100644 index 245a2f51..00000000 --- a/vendor/github.com/dchest/uniuri/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -language: go - -go: - - 1.3 - - 1.4 - - tip diff --git a/vendor/github.com/dchest/uniuri/README.md b/vendor/github.com/dchest/uniuri/README.md index b321a5fa..6240bc9b 100644 --- a/vendor/github.com/dchest/uniuri/README.md +++ b/vendor/github.com/dchest/uniuri/README.md @@ -1,8 +1,6 @@ Package uniuri ===================== -[![Build Status](https://travis-ci.org/dchest/uniuri.svg)](https://travis-ci.org/dchest/uniuri) - ```go import "github.com/dchest/uniuri" ``` diff --git a/vendor/github.com/dchest/uniuri/uniuri.go b/vendor/github.com/dchest/uniuri/uniuri.go index 6393446c..dd965921 100644 --- a/vendor/github.com/dchest/uniuri/uniuri.go +++ b/vendor/github.com/dchest/uniuri/uniuri.go @@ -22,7 +22,10 @@ // read from it. package uniuri -import "crypto/rand" +import ( + "crypto/rand" + "math" +) const ( // StdLen is a standard length of uniuri string to achive ~95 bits of entropy. @@ -47,35 +50,71 @@ func NewLen(length int) string { return NewLenChars(length, StdChars) } -// NewLenChars returns a new random string of the provided length, consisting +// maxBufLen is the maximum length of a temporary buffer for random bytes. +const maxBufLen = 2048 + +// minRegenBufLen is the minimum length of temporary buffer for random bytes +// to fill after the first rand.Read request didn't produce the full result. +// If the initial buffer is smaller, this value is ignored. +// Rationale: for performance, assume it's pointless to request fewer bytes from rand.Read. +const minRegenBufLen = 16 + +// estimatedBufLen returns the estimated number of random bytes to request +// given that byte values greater than maxByte will be rejected. +func estimatedBufLen(need, maxByte int) int { + return int(math.Ceil(float64(need) * (255 / float64(maxByte)))) +} + +// NewLenCharsBytes returns a new random byte slice of the provided length, consisting // of the provided byte slice of allowed characters (maximum 256). -func NewLenChars(length int, chars []byte) string { +func NewLenCharsBytes(length int, chars []byte) []byte { if length == 0 { - return "" + return nil } clen := len(chars) if clen < 2 || clen > 256 { panic("uniuri: wrong charset length for NewLenChars") } maxrb := 255 - (256 % clen) - b := make([]byte, length) - r := make([]byte, length+(length/4)) // storage for random bytes. + buflen := estimatedBufLen(length, maxrb) + if buflen < length { + buflen = length + } + if buflen > maxBufLen { + buflen = maxBufLen + } + buf := make([]byte, buflen) // storage for random bytes + out := make([]byte, length) // storage for result i := 0 for { - if _, err := rand.Read(r); err != nil { + if _, err := rand.Read(buf[:buflen]); err != nil { panic("uniuri: error reading random bytes: " + err.Error()) } - for _, rb := range r { + for _, rb := range buf[:buflen] { c := int(rb) if c > maxrb { // Skip this number to avoid modulo bias. continue } - b[i] = chars[c%clen] + out[i] = chars[c%clen] i++ if i == length { - return string(b) + return out } } + // Adjust new requested length, but no smaller than minRegenBufLen. + buflen = estimatedBufLen(length-i, maxrb) + if buflen < minRegenBufLen && minRegenBufLen < cap(buf) { + buflen = minRegenBufLen + } + if buflen > maxBufLen { + buflen = maxBufLen + } } } + +// NewLenChars returns a new random string of the provided length, consisting +// of the provided byte slice of allowed characters (maximum 256). +func NewLenChars(length int, chars []byte) string { + return string(NewLenCharsBytes(length, chars)) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3147a2da..ad999cbf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -6,8 +6,8 @@ github.com/beevik/etree github.com/crewjam/httperr # github.com/davecgh/go-spew v1.1.1 ## explicit -# github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 -## explicit +# github.com/dchest/uniuri v1.2.0 +## explicit; go 1.19 github.com/dchest/uniuri # github.com/form3tech-oss/jwt-go v3.2.2+incompatible ## explicit