crypto/internal/fips140/ecdsa: fix reseed_counter check for HMAC_DRBG_Generate_algorithm

tmthrgd · gopherbot · commit fce17b0c7745 · 2024-12-10T18:14:33.000Z
SP 800-90A Rev. 1 10.1.2.5 step 7 requires reseed_counter = reseed_counter + 1 as the final step before returning SUCCESS. This increment of reseedCounter was missing, meaning the reseed interval check at the start of Generate wasn't actually functional. Given how it's used, and that it has a reseed interval of 2^48, this condition will never actually occur but the check is still required by the standard. For #69536 Change-Id: I314a7eee5852e6d0fa1a0a04842003553cd803e7 Reviewed-on: https://go-review.googlesource.com/c/go/+/634775 Reviewed-by: Carlos Amedee <carlos@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com>
diff --git a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
@@ -160,4 +160,6 @@ func (d *hmacDRBG) Generate(out []byte) {
 	d.hK = d.newHMAC(K)
 	d.hK.Write(d.V)
 	d.V = d.hK.Sum(d.V[:0])
+
+	d.reseedCounter++
 }

Original file line number	Diff line number	Diff line change
`@@ -160,4 +160,6 @@ func (d *hmacDRBG) Generate(out []byte) {`
`160`	`160`	`d.hK = d.newHMAC(K)`
`161`	`161`	`d.hK.Write(d.V)`
`162`	`162`	`d.V = d.hK.Sum(d.V[:0])`
	`163`	`+`
	`164`	`+ d.reseedCounter++`
`163`	`165`	`}`