You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is usually preferred that libraries avoid panicking and return errors and delegate error handling to their client. I was wondering if there is a reason that BlockMode.CryptBlocks does not return an error. Currently both of implementations, i.e., *cbcDecrypter and *cbcEncrypter, have to panic in case there is a problem in their inputs.
The text was updated successfully, but these errors were encountered:
2) Claim that this is a security issue, due to being too easy to use incorrectly, and define that len(dst) != len(src) must panic, updating the existing implementations.
/cc @agl for perhaps more words, to explain the API
That said, if you wanted to propose an API change for Go2, I would write a proposal with a bit more detail with real-world, motivating examples to support the change. Then /cc @agl and @FiloSottile for feedback.
It is usually preferred that libraries avoid panicking and return errors and delegate error handling to their client. I was wondering if there is a reason that BlockMode.CryptBlocks does not return an error. Currently both of implementations, i.e., *cbcDecrypter and *cbcEncrypter, have to panic in case there is a problem in their inputs.
The text was updated successfully, but these errors were encountered: