From 62043b31f568fc443a21852fb982e95a405cba62 Mon Sep 17 00:00:00 2001
From: Se Yeon Kim <25109943+say-yawn@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:14:26 -0500
Subject: [PATCH] Revert to rand reader instead of ContentSigner rand (#1028)

the ContentSigner should be checked for NIL.
---
 signer/contentsignature/contentsignature.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/signer/contentsignature/contentsignature.go b/signer/contentsignature/contentsignature.go
index 083a8af38..0453cf6a3 100644
--- a/signer/contentsignature/contentsignature.go
+++ b/signer/contentsignature/contentsignature.go
@@ -3,6 +3,7 @@ package contentsignature // import "github.com/mozilla-services/autograph/signer
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/rand"
 	"crypto/sha256"
 	"crypto/sha512"
 	"crypto/x509"
@@ -153,7 +154,7 @@ func (s *ContentSigner) SignHash(input []byte, options interface{}) (signer.Sign
 		ID:   s.ID,
 	}
 
-	asn1Sig, err := s.priv.(crypto.Signer).Sign(s.rand, input, nil)
+	asn1Sig, err := s.priv.(crypto.Signer).Sign(rand.Reader, input, nil)
 	if err != nil {
 		return nil, fmt.Errorf("contentsignature: failed to sign hash: %w", err)
 	}