Allow get(-insecure)-random-bytes to return fewer bytes than requested (#901)

badeend · web-flow · commit 053770aff03b · 2026-03-10T21:18:11.000Z
diff --git a/proposals/random/wit-0.3.0-draft/insecure.wit b/proposals/random/wit-0.3.0-draft/insecure.wit
@@ -5,16 +5,23 @@ package wasi:random@0.3.0-rc-2026-02-09;
 /// Windows.
 @since(version = 0.3.0-rc-2026-02-09)
 interface insecure {
-    /// Return `len` insecure pseudo-random bytes.
+    /// Return up to `max-len` insecure pseudo-random bytes.
     ///
     /// This function is not cryptographically secure. Do not use it for
     /// anything related to security.
     ///
     /// There are no requirements on the values of the returned bytes, however
     /// implementations are encouraged to return evenly distributed values with
     /// a long period.
+    ///
+    /// Implementations MAY return fewer bytes than requested (a short read).
+    /// Callers that require exactly `max-len` bytes MUST call this function in
+    /// a loop until the desired number of bytes has been accumulated.
+    /// Implementations MUST return at least 1 byte when `max-len` is greater
+    /// than zero. When `max-len` is zero, implementations MUST return an empty
+    /// list without trapping.
     @since(version = 0.3.0-rc-2026-02-09)
-    get-insecure-random-bytes: func(len: u64) -> list<u8>;
+    get-insecure-random-bytes: func(max-len: u64) -> list<u8>;
 
     /// Return an insecure pseudo-random `u64` value.
     ///
diff --git a/proposals/random/wit-0.3.0-draft/random.wit b/proposals/random/wit-0.3.0-draft/random.wit
@@ -5,7 +5,8 @@ package wasi:random@0.3.0-rc-2026-02-09;
 /// Windows.
 @since(version = 0.3.0-rc-2026-02-09)
 interface random {
-    /// Return `len` cryptographically-secure random or pseudo-random bytes.
+    /// Return up to `max-len` cryptographically-secure random or pseudo-random
+    /// bytes.
     ///
     /// This function must produce data at least as cryptographically secure and
     /// fast as an adequately seeded cryptographically-secure pseudo-random
@@ -14,11 +15,18 @@ interface random {
     /// request and on requests for numbers of bytes. The returned data must
     /// always be unpredictable.
     ///
+    /// Implementations MAY return fewer bytes than requested (a short read).
+    /// Callers that require exactly `max-len` bytes MUST call this function in
+    /// a loop until the desired number of bytes has been accumulated.
+    /// Implementations MUST return at least 1 byte when `max-len` is greater
+    /// than zero. When `max-len` is zero, implementations MUST return an empty
+    /// list without trapping.
+    ///
     /// This function must always return fresh data. Deterministic environments
     /// must omit this function, rather than implementing it with deterministic
     /// data.
     @since(version = 0.3.0-rc-2026-02-09)
-    get-random-bytes: func(len: u64) -> list<u8>;
+    get-random-bytes: func(max-len: u64) -> list<u8>;
 
     /// Return a cryptographically-secure random or pseudo-random `u64` value.
     ///
