diff --git a/crypto/curve_25519.go b/crypto/curve_25519.go
index f814a0c93..349fa7901 100644
--- a/crypto/curve_25519.go
+++ b/crypto/curve_25519.go
@@ -3,6 +3,7 @@ package crypto
 import (
 	"crypto/rand"
 	"errors"
+	"io"
 
 	"golang.org/x/crypto/curve25519"
 )
@@ -18,7 +19,7 @@ var _ KeyExchange = &curve25519KEX{}
 // NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html
 func NewCurve25519KEX() KeyExchange {
 	c := &curve25519KEX{}
-	if n, err := rand.Reader.Read(c.secret[:]); n != 32 || err != nil {
+	if _, err := io.ReadFull(rand.Reader, c.secret[:]); err != nil {
 		panic("Curve25519: could not create private key")
 	}
 	// See https://cr.yp.to/ecdh.html
diff --git a/handshake/crypto_setup.go b/handshake/crypto_setup.go
index 8aaf5e771..ab24afc9b 100644
--- a/handshake/crypto_setup.go
+++ b/handshake/crypto_setup.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"crypto/rand"
 	"fmt"
+	"io"
 	"sync"
 
 	"github.com/lucas-clemente/quic-go/crypto"
@@ -37,7 +38,7 @@ var _ crypto.AEAD = &CryptoSetup{}
 // NewCryptoSetup creates a new CryptoSetup instance
 func NewCryptoSetup(connID protocol.ConnectionID, version protocol.VersionNumber, scfg *ServerConfig, cryptoStream utils.Stream) *CryptoSetup {
 	nonce := make([]byte, 32)
-	if _, err := rand.Reader.Read(nonce); err != nil {
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
 		panic(err)
 	}
 	return &CryptoSetup{
diff --git a/handshake/server_config.go b/handshake/server_config.go
index 15db48577..9ae28f814 100644
--- a/handshake/server_config.go
+++ b/handshake/server_config.go
@@ -3,6 +3,7 @@ package handshake
 import (
 	"bytes"
 	"crypto/rand"
+	"io"
 
 	"github.com/lucas-clemente/quic-go/crypto"
 )
@@ -17,7 +18,7 @@ type ServerConfig struct {
 // NewServerConfig creates a new server config
 func NewServerConfig(kex crypto.KeyExchange, signer crypto.Signer) *ServerConfig {
 	id := make([]byte, 16)
-	_, err := rand.Reader.Read(id)
+	_, err := io.ReadFull(rand.Reader, id)
 	if err != nil {
 		panic(err)
 	}