go icon indicating copy to clipboard operation
go copied to clipboard
Published 4 weeks ago verified publisher icon golang

crypto/rand: Documentation for errors

Open Deleplace opened this issue 3 years ago • 5 comments

The 3 exported funcs Int, Prime, Read return an error, but the current documentation doesn't say why and when errors might occur. Also their is no guidance about how to deal with a non-nil error: would a caller-side retry policy make sense?

I suggest we write a short explanation about why errors are part of the API at all, what such errors would look like, and how to deal with them.

Deleplace avatar Sep 09 '22 15:09 Deleplace

CC @golang/security

mknyszek avatar Sep 09 '22 15:09 mknyszek

Prime does mention that its errors comes from rand.Read.

It may be confusing to figure out if we're likely to have errors "because CSPRNGs inherently use system calls that may fail", or "because we're accepting any custom io.Reader in Int and Prime", or if "Reader cannot return errors, but we still want to stick to the io.Reader interface".

Deleplace avatar Sep 09 '22 15:09 Deleplace

would a caller-side retry policy make sense?

In general, there is no safe non-nil error result from rand.Reader or rand.Read.

ericlagergren avatar Sep 09 '22 20:09 ericlagergren

I would be in favour of having crypto/rand.[Reader.]Read never return an error, and completely fill the provided slice. (And have it panic if the underlying system call errors.)

bwesterb avatar Jun 13 '23 11:06 bwesterb

Cf. #66821

jfrech avatar Apr 28 '24 18:04 jfrech

Change https://go.dev/cl/602497 mentions this issue: crypto/rand: crash program if Read would return an error

gopherbot avatar Aug 01 '24 18:08 gopherbot