Remove error returns from crypto random helpers and callers (#37240)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>

modules/generate/generate.go

@@ -65,10 +65,5 @@ func NewJwtSecretWithBase64() ([]byte, string) {
 
 // NewSecretKey generate a new value intended to be used by SECRET_KEY.
 func NewSecretKey() (string, error) {
-	secretKey, err := util.CryptoRandomString(64)
-	if err != nil {
-		return "", err
-	}
-
-	return secretKey, nil
+	return util.CryptoRandomString(64), nil
 }

modules/util/util.go

@@ -61,48 +61,42 @@ func NormalizeEOL(input []byte) []byte {
 }
 
 // CryptoRandomInt returns a crypto random integer between 0 and limit, inclusive
-func CryptoRandomInt(limit int64) (int64, error) {
+func CryptoRandomInt(limit int64) int64 {
 	rInt, err := rand.Int(rand.Reader, big.NewInt(limit))
 	if err != nil {
-		return 0, err
+		panic(err) // this should never happen
 	}
-	return rInt.Int64(), nil
+	return rInt.Int64()
 }
 
-const alphanumericalChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-
 // CryptoRandomString generates a crypto random alphanumerical string, each byte is generated by [0,61] range
-func CryptoRandomString(length int64) (string, error) {
+func CryptoRandomString(length int64) string {
+	const alphanumericalChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	buf := make([]byte, length)
 	limit := int64(len(alphanumericalChars))
 	for i := range buf {
-		num, err := CryptoRandomInt(limit)
-		if err != nil {
-			return "", err
-		}
+		num := CryptoRandomInt(limit)
 		buf[i] = alphanumericalChars[num]
 	}
-	return string(buf), nil
+	return string(buf)
 }
 
 // CryptoRandomBytes generates `length` crypto bytes
 // This differs from CryptoRandomString, as each byte in CryptoRandomString is generated by [0,61] range
 // This function generates totally random bytes, each byte is generated by [0,255] range
-// TODO: it never fails, remove the "error" in the future
-func CryptoRandomBytes(length int64) ([]byte, error) {
+func CryptoRandomBytes(length int64) []byte {
 	buf := make([]byte, length)
 	if _, err := rand.Read(buf); err != nil {
 		panic(err) // this should never happen, "rand.Read" never fails
 	}
-	return buf, nil
+	return buf
 }
 
 var chaCha8RandPool = sync.OnceValue(func() *sync.Pool {
 	return &sync.Pool{
 		New: func() any {
-			var buf [32]byte
-			_, _ = rand.Read(buf[:])
-			return rand2.NewChaCha8(buf)
+			seed := CryptoRandomBytes(32)
+			return rand2.NewChaCha8([32]byte(seed))
 		},
 	}
 })

modules/util/util_test.go

@@ -86,35 +86,31 @@ func Test_NormalizeEOL(t *testing.T) {
 }
 
 func Test_RandomInt(t *testing.T) {
-	randInt, err := CryptoRandomInt(255)
+	randInt := CryptoRandomInt(255)
 	assert.GreaterOrEqual(t, randInt, int64(0))
 	assert.LessOrEqual(t, randInt, int64(255))
-	assert.NoError(t, err)
 }
 
 func Test_RandomString(t *testing.T) {
-	str1, err := CryptoRandomString(32)
-	assert.NoError(t, err)
+	str1 := CryptoRandomString(32)
+	var err error
 	matches, err := regexp.MatchString(`^[a-zA-Z0-9]{32}$`, str1)
 	assert.NoError(t, err)
 	assert.True(t, matches)
 
-	str2, err := CryptoRandomString(32)
-	assert.NoError(t, err)
+	str2 := CryptoRandomString(32)
 	matches, err = regexp.MatchString(`^[a-zA-Z0-9]{32}$`, str1)
 	assert.NoError(t, err)
 	assert.True(t, matches)
 
 	assert.NotEqual(t, str1, str2)
 
-	str3, err := CryptoRandomString(256)
-	assert.NoError(t, err)
+	str3 := CryptoRandomString(256)
 	matches, err = regexp.MatchString(`^[a-zA-Z0-9]{256}$`, str3)
 	assert.NoError(t, err)
 	assert.True(t, matches)
 
-	str4, err := CryptoRandomString(256)
-	assert.NoError(t, err)
+	str4 := CryptoRandomString(256)
 	matches, err = regexp.MatchString(`^[a-zA-Z0-9]{256}$`, str4)
 	assert.NoError(t, err)
 	assert.True(t, matches)
@@ -123,19 +119,15 @@ func Test_RandomString(t *testing.T) {
 }
 
 func Test_RandomBytes(t *testing.T) {
-	bytes1, err := CryptoRandomBytes(32)
-	assert.NoError(t, err)
+	bytes1 := CryptoRandomBytes(32)
 
-	bytes2, err := CryptoRandomBytes(32)
-	assert.NoError(t, err)
+	bytes2 := CryptoRandomBytes(32)
 
 	assert.NotEqual(t, bytes1, bytes2)
 
-	bytes3, err := CryptoRandomBytes(256)
-	assert.NoError(t, err)
+	bytes3 := CryptoRandomBytes(256)
 
-	bytes4, err := CryptoRandomBytes(256)
-	assert.NoError(t, err)
+	bytes4 := CryptoRandomBytes(256)
 
 	assert.NotEqual(t, bytes3, bytes4)
 }