crypto/{ecdsa,rsa}: always use io.ReadFull with crypto/rand.Reader.

crypto/rand.Reader doesn't ensure that short reads don't happen. This
change contains a couple of fixups where io.ReadFull wasn't being used
with it.

Change-Id: I3855b81f5890f2e703112eeea804aeba07b6a6b8
Reviewed-on: https://go-review.googlesource.com/7645
Reviewed-by: Minux Ma <minux@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index 59902014df55fbfcf861d41c608e93e0a0d0f1fd..d003f9d0b3c554d85ecbe1cd83cf1e7235506c78 100644 (file)
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -140,7 +140,7 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
                entropylen = 32
        }
        entropy := make([]byte, entropylen)
-       _, err = rand.Read(entropy)
+       _, err = io.ReadFull(rand, entropy)
        if err != nil {
                return
        }

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index f9f6d25a893f456a719cd26aa5d5827c5a8492fa..99fa94e58a3da6f03637b331dba9107b24003464 100644 (file)
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -102,7 +102,7 @@ func (priv *PrivateKey) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.D
        case *PKCS1v15DecryptOptions:
                if l := opts.SessionKeyLen; l > 0 {
                        plaintext = make([]byte, l)
-                       if _, err := rand.Read(plaintext); err != nil {
+                       if _, err := io.ReadFull(rand, plaintext); err != nil {
                                return nil, err
                        }
                        if err := DecryptPKCS1v15SessionKey(rand, priv, ciphertext, plaintext); err != nil {