crypto/internal/rand: avoid MaybeReadByte non-determinism with SetGlobalRandom

Change-Id: I2dc3b7d116c4750153a324ee9850ca576a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/765921 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Mark Freeman <markfreeman@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
2026-06-26 10:50:23 +00:00 · 2026-04-06 16:40:34 +02:00 · 2026-04-06 16:40:34 +02:00 · 58968c79e7
commit 58968c79e7
parent da36c0eecd
1 changed files with 8 additions and 2 deletions
--- a/src/crypto/internal/rand/rand.go
+++ b/src/crypto/internal/rand/rand.go
@ -46,19 +46,25 @@ var Reader io.Reader = reader{}
 //
 //go:linkname SetTestingReader crypto/internal/rand.SetTestingReader
 func SetTestingReader(r io.Reader) {
+	testingReader = r
 	fips140SetTestingReader(r)
 }

+var testingReader io.Reader
+
 var cryptocustomrand = godebug.New("cryptocustomrand")

 // CustomReader returns [Reader] or, only if the GODEBUG setting
 // "cryptocustomrand=1" is set, the provided io.Reader.
 //
-// If returning a non-default Reader, it calls [randutil.MaybeReadByte] on it.
+// If returning a non-default Reader, it calls [randutil.MaybeReadByte] on it,
+// unless it's the global testing Reader set with [SetTestingReader].
 func CustomReader(r io.Reader) io.Reader {
 	if cryptocustomrand.Value() == "1" {
 		if !IsDefaultReader(r) {
-			randutil.MaybeReadByte(r)
+			if r != testingReader {
+				randutil.MaybeReadByte(r)
+			}
 			cryptocustomrand.IncNonDefault()
 		}
 		return r