chore: use math/rand/v2 instead of math/rand (#363)

* use math/rand/v2 instead of math/rand

* fill the contents by manually encoding pseudo-random numbers

* fix variable declaration

Author: WeidiDeng

cache.go

@@ -16,7 +16,7 @@ package certmagic
 
 import (
 	"fmt"
-	weakrand "math/rand"
+	weakrand "math/rand/v2"
 	"strings"
 	"sync"
 	"time"
@@ -244,7 +244,7 @@ func (certCache *Cache) unsyncedCacheCertificate(cert Certificate) {
 		// map with less code, that is a heavily skewed eviction
 		// strategy; generating random numbers is cheap and
 		// ensures a much better distribution.
-		rnd := weakrand.Intn(cacheSize)
+		rnd := weakrand.IntN(cacheSize)
 		i := 0
 		for _, randomCert := range certCache.cache {
 			if i >= rnd && randomCert.managed { // don't evict manually-loaded certs

certificates.go

@@ -21,7 +21,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"math/rand"
+	"math/rand/v2"
 	"net"
 	"os"
 	"strings"
@@ -128,7 +128,7 @@ func (cfg *Config) certNeedsRenewal(leaf *x509.Certificate, ari acme.RenewalInfo
 		if selectedTime.IsZero() &&
 			(!ari.SuggestedWindow.Start.IsZero() && !ari.SuggestedWindow.End.IsZero()) {
 			start, end := ari.SuggestedWindow.Start.Unix()+1, ari.SuggestedWindow.End.Unix()
-			selectedTime = time.Unix(rand.Int63n(end-start)+start, 0).UTC()
+			selectedTime = time.Unix(rand.Int64N(end-start)+start, 0).UTC()
 			logger.Warn("no renewal time had been selected with ARI; chose an ephemeral one for now",
 				zap.Time("ephemeral_selected_time", selectedTime))
 		}

config.go

@@ -28,7 +28,7 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
-	weakrand "math/rand"
+	weakrand "math/rand/v2"
 	"net"
 	"net/http"
 	"net/url"
@@ -1236,11 +1236,20 @@ func (cfg *Config) checkStorage(ctx context.Context) error {
 	}
 	key := fmt.Sprintf("rw_test_%d", weakrand.Int())
 	contents := make([]byte, 1024*10) // size sufficient for one or two ACME resources
-	_, err := weakrand.Read(contents)
-	if err != nil {
-		return err
-	}
-	err = cfg.Storage.Store(ctx, key, contents)
+	// This is how ChaCha8.Read works, without handling the case where the slice length is not a multiple of 8.
+	// This also avoids the use of a mutex and an import.
+	for i := 0; i < len(contents); i += 8 {
+		v := weakrand.Uint64()
+		contents[i] = byte(v)
+		contents[i+1] = byte(v >> 8)
+		contents[i+2] = byte(v >> 16)
+		contents[i+3] = byte(v >> 24)
+		contents[i+4] = byte(v >> 32)
+		contents[i+5] = byte(v >> 40)
+		contents[i+6] = byte(v >> 48)
+		contents[i+7] = byte(v >> 56)
+	}
+	err := cfg.Storage.Store(ctx, key, contents)
 	if err != nil {
 		return err
 	}