// // If Reader is not the default Reader from crypto/rand, // [randutil.MaybeReadByte] and [fips140.RecordNonApproved] are called. func ReadWithReader(r io.Reader, b []byte) error { if _, ok := r.(DefaultReader); ok { Read(b) return nil } fips140.RecordNonApproved() randutil.MaybeReadByte(r) _, err := io.ReadFull(r, b) return err } // ReadWithReaderDeterm is like ReadWithReader, but it doesn't call // [randutil.MaybeReadByte] on non-default Readers. func ReadWithReaderDeterm(r io.Reader, b []byte)...

hash.Hash, hashed []byte, saltLength int) ([]byte, error) { fipsSelfTest() fips140.RecordApproved() checkApprovedHash(hash) // Note that while we don't commit to deterministic execution with respect // to the rand stream, we also never applied MaybeReadByte, so per Hyrum's // Law it's probably relied upon by some. It's a tolerable promise because a // well-specified number of random bytes is included in the signature, in a // well-specified way. if saltLength < 0 { return nil, errors.New("crypto/rsa:...