diff --git a/abe/cpabe/tkn20/internal/tkn/bk.go b/abe/cpabe/tkn20/internal/tkn/bk.go index c0f584509..e68897a31 100644 --- a/abe/cpabe/tkn20/internal/tkn/bk.go +++ b/abe/cpabe/tkn20/internal/tkn/bk.go @@ -78,7 +78,7 @@ func DeriveAttributeKeysCCA(rand io.Reader, sp *SecretParams, attrs *Attributes) func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte) ([]byte, error) { seed := make([]byte, macKeySeedSize) - _, err := rand.Read(seed) + _, err := io.ReadFull(rand, seed) if err != nil { return nil, err } diff --git a/blindsign/blindrsa/blindrsa.go b/blindsign/blindrsa/blindrsa.go index 21375585a..f0b9fdae4 100644 --- a/blindsign/blindrsa/blindrsa.go +++ b/blindsign/blindrsa/blindrsa.go @@ -183,7 +183,7 @@ func (v RSAVerifier) Blind(random io.Reader, message []byte) ([]byte, blindsign. } salt := make([]byte, v.hash.Size()) - _, err := random.Read(salt) + _, err := io.ReadFull(random, salt) if err != nil { return nil, nil, err } diff --git a/go.mod b/go.mod index 70157e259..3c9038c26 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/cloudflare/circl go 1.19 require ( - github.com/bwesterb/go-ristretto v1.2.2 + github.com/bwesterb/go-ristretto v1.2.3 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a golang.org/x/sys v0.3.0 ) diff --git a/go.sum b/go.sum index dc518f365..615559e01 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/bwesterb/go-ristretto v1.2.2 h1:S2C0mmSjCLS3H9+zfXoIoKzl+cOncvBvt6pE+zTm5Ms= github.com/bwesterb/go-ristretto v1.2.2/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3 h1:1w53tCkGhCQ5djbat3+MH0BAQ5Kfgbt56UZQ/JMzngw= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a h1:diz9pEYuTIuLMJLs3rGDkeaTsNyRs6duYdFyPAxzE/U= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= diff --git a/kem/frodo/frodo640shake/frodo.go b/kem/frodo/frodo640shake/frodo.go index eac7bd733..deb9e56ed 100644 --- a/kem/frodo/frodo640shake/frodo.go +++ b/kem/frodo/frodo640shake/frodo.go @@ -160,7 +160,9 @@ func generateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) { func (pk *PublicKey) EncapsulateTo(ct []byte, ss []byte, seed []byte) { if seed == nil { seed = make([]byte, EncapsulationSeedSize) - _, _ = cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + panic(err) + } } if len(seed) != EncapsulationSeedSize { panic("seed must be of length EncapsulationSeedSize") diff --git a/kem/kyber/kyber1024/kyber.go b/kem/kyber/kyber1024/kyber.go index 082c0e647..428584528 100644 --- a/kem/kyber/kyber1024/kyber.go +++ b/kem/kyber/kyber1024/kyber.go @@ -106,7 +106,9 @@ func GenerateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) { func (pk *PublicKey) EncapsulateTo(ct, ss []byte, seed []byte) { if seed == nil { seed = make([]byte, EncapsulationSeedSize) - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + panic(err) + } } else { if len(seed) != EncapsulationSeedSize { panic("seed must be of length EncapsulationSeedSize") diff --git a/kem/kyber/kyber512/kyber.go b/kem/kyber/kyber512/kyber.go index 2e5b9fd0b..c250d78c6 100644 --- a/kem/kyber/kyber512/kyber.go +++ b/kem/kyber/kyber512/kyber.go @@ -106,7 +106,9 @@ func GenerateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) { func (pk *PublicKey) EncapsulateTo(ct, ss []byte, seed []byte) { if seed == nil { seed = make([]byte, EncapsulationSeedSize) - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + panic(err) + } } else { if len(seed) != EncapsulationSeedSize { panic("seed must be of length EncapsulationSeedSize") diff --git a/kem/kyber/kyber768/kyber.go b/kem/kyber/kyber768/kyber.go index e9b025d4e..832d9b371 100644 --- a/kem/kyber/kyber768/kyber.go +++ b/kem/kyber/kyber768/kyber.go @@ -106,7 +106,9 @@ func GenerateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) { func (pk *PublicKey) EncapsulateTo(ct, ss []byte, seed []byte) { if seed == nil { seed = make([]byte, EncapsulationSeedSize) - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + panic(err) + } } else { if len(seed) != EncapsulationSeedSize { panic("seed must be of length EncapsulationSeedSize") diff --git a/kem/kyber/templates/pkg.templ.go b/kem/kyber/templates/pkg.templ.go index 4e56e0f54..22eb1fd74 100644 --- a/kem/kyber/templates/pkg.templ.go +++ b/kem/kyber/templates/pkg.templ.go @@ -110,7 +110,9 @@ func GenerateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) { func (pk *PublicKey) EncapsulateTo(ct, ss []byte, seed []byte) { if seed == nil { seed = make([]byte, EncapsulationSeedSize) - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + panic(err) + } } else { if len(seed) != EncapsulationSeedSize { panic("seed must be of length EncapsulationSeedSize") diff --git a/kem/sike/sikep434/sike.go b/kem/sike/sikep434/sike.go index a490ece5e..a24335c13 100644 --- a/kem/sike/sikep434/sike.go +++ b/kem/sike/sikep434/sike.go @@ -130,7 +130,9 @@ func (*scheme) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) { func (sch *scheme) Encapsulate(pk kem.PublicKey) (ct []byte, ss []byte, err error) { var seed [EncapsulationSeedSize]byte - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + return nil, nil, err + } return sch.EncapsulateDeterministically(pk, seed[:]) } diff --git a/kem/sike/sikep503/sike.go b/kem/sike/sikep503/sike.go index b4e64ff43..363f1f248 100644 --- a/kem/sike/sikep503/sike.go +++ b/kem/sike/sikep503/sike.go @@ -130,7 +130,9 @@ func (*scheme) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) { func (sch *scheme) Encapsulate(pk kem.PublicKey) (ct []byte, ss []byte, err error) { var seed [EncapsulationSeedSize]byte - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + return nil, nil, err + } return sch.EncapsulateDeterministically(pk, seed[:]) } diff --git a/kem/sike/sikep751/sike.go b/kem/sike/sikep751/sike.go index 34c95f22e..a39773bad 100644 --- a/kem/sike/sikep751/sike.go +++ b/kem/sike/sikep751/sike.go @@ -130,7 +130,9 @@ func (*scheme) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) { func (sch *scheme) Encapsulate(pk kem.PublicKey) (ct []byte, ss []byte, err error) { var seed [EncapsulationSeedSize]byte - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + return nil, nil, err + } return sch.EncapsulateDeterministically(pk, seed[:]) } diff --git a/kem/sike/templates/pkg.templ.go b/kem/sike/templates/pkg.templ.go index eef157ce7..afa05f223 100644 --- a/kem/sike/templates/pkg.templ.go +++ b/kem/sike/templates/pkg.templ.go @@ -135,7 +135,9 @@ func (*scheme) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) { func (sch *scheme) Encapsulate(pk kem.PublicKey) (ct []byte, ss []byte, err error) { var seed [EncapsulationSeedSize]byte - cryptoRand.Read(seed[:]) + if _, err := cryptoRand.Read(seed[:]); err != nil { + return nil, nil, err + } return sch.EncapsulateDeterministically(pk, seed[:]) }