firstly by using crypto/rand in those cases. and secondly by putting a lock around the Read (though it isn't used at the moment). found while working while implementing sending tls reports.
