crypto/cipher: use AEAD.NonceSize to make nonce in the example

The existing example uses hard-coded constant to make nonce buffer.
Using AEAD.NonceSize makes it a more portable and appropriate example.

Fixes: #48372
Change-Id: I7c7a38ed48aff46ca11ef4f5654c778eac13dde6
GitHub-Last-Rev: 03ccbb16df4ca9cbd4a014836aee0f54b2ff3002
GitHub-Pull-Request: golang/go#48373
Reviewed-on: https://go-review.googlesource.com/c/go/+/349603
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>

diff --git a/src/crypto/cipher/example_test.go b/src/crypto/cipher/example_test.go
index 9c32d6a934f86c6ecc37c535eba781c088e5bd38..86dbda9ec02452367f7e0595df79278c4ae3b86b 100644 (file)
--- a/src/crypto/cipher/example_test.go
+++ b/src/crypto/cipher/example_test.go
@@ -29,14 +29,14 @@ func ExampleNewGCM_encrypt() {
                panic(err.Error())
        }
 
-       // Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
-       nonce := make([]byte, 12)
-       if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+       aesgcm, err := cipher.NewGCM(block)
+       if err != nil {
                panic(err.Error())
        }
 
-       aesgcm, err := cipher.NewGCM(block)
-       if err != nil {
+       // Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
+       nonce := make([]byte, aesgcm.NonceSize())
+       if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }