New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/rand: panic in rand.Read() when called from wasm in a browser #46256
Comments
Or it could loop and fill the buffer via multiple calls, and not return an error at all. |
@josharian agree. If I were to design |
65536 is a specification-defined limit, so this can be handled with a loop and a hardcoded max buffer size in the js/wasm implementation of https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues |
@BenLubar my bad, you are right. Looping with 65536 seems like a reasonable solution to remove this panic. |
Change https://golang.org/cl/321189 mentions this issue: |
The crypto.getRandomValues API specifies a maximum of 65536 bytes per call. If a larger byte slice is passed to rand.Reader.Read, only fill the first 65536 bytes. Fixes golang#46256.
CC @neelance, @FiloSottile via owners. |
The crypto.getRandomValues API specifies a maximum of 65536 bytes per call. If a larger byte slice is passed to rand.Reader.Read, only fill the first 65536 bytes. Fixes golang#46256.
This was duplicated by #58145 which has now been fixed. This can be closed. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
When calling
rand.Read(buf)
with a buffer which is too large (e.g. 65537 bytes on Chrome), the wasm code panics with:panic: JavaScript error: Failed to execute 'getRandomValues' on 'Crypto': The ArrayBufferView's byte length (65537) exceeds the number of bytes of entropy available via this API (65536).
Given that
rand.Read()
returns an error, it would be cleaner to return an error in this case instead of panicking.Sample code:
What did you expect to see?
I was expecting
err
to contain the "[...]exceeds the number of bytes of entropy available via this API" message.What did you see instead?
A panic:
The text was updated successfully, but these errors were encountered: