Check for crypto/rand errors and ReadFull io.Readers

In practice crypto/rand.Read never returns an error, but that is not
guaranteed. Check for those errors.

In contrast to crypto/rand.Reader, a user-provided io.Reader,
might not fill the buffer without returning an error. Though marginal,
we should deal with that corner-case as well.

abe/cpabe/tkn20/internal/tkn/bk.go

@@ -78,7 +78,7 @@ func DeriveAttributeKeysCCA(rand io.Reader, sp *SecretParams, attrs *Attributes)
 
 func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte) ([]byte, error) {
 	seed := make([]byte, macKeySeedSize)
-	_, err := rand.Read(seed)
+	_, err := io.ReadFull(rand, seed)
 	if err != nil {
 		return nil, err
 	}

blindsign/blindrsa/blindrsa.go

@@ -183,7 +183,7 @@ func (v RSAVerifier) Blind(random io.Reader, message []byte) ([]byte, blindsign.
 	}
 
 	salt := make([]byte, v.hash.Size())
-	_, err := random.Read(salt)
+	_, err := io.ReadFull(random, salt)
 	if err != nil {
 		return nil, nil, err
 	}

kem/frodo/frodo640shake/frodo.go

@@ -160,7 +160,9 @@ func generateKeyPair(rand io.Reader) (*PublicKey, *PrivateKey, error) {
 func (pk *PublicKey) EncapsulateTo(ct []byte, ss []byte, seed []byte) {
 	if seed == nil {
 		seed = make([]byte, EncapsulationSeedSize)
-		_, _ = cryptoRand.Read(seed[:])
+		if _, err := cryptoRand.Read(seed[:]); err != nil {
+			panic(err)
+		}
 	}
 	if len(seed) != EncapsulationSeedSize {
 		panic("seed must be of length EncapsulationSeedSize")