crypto/internal/fips140/entropy: fix benign race

Fixes #75690
Fixes #75842

Change-Id: I6a6a696420f51f28f48535c34cf347e2cbd4add5
Reviewed-on: https://go-review.googlesource.com/c/go/+/710058
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/src/crypto/internal/fips140/entropy/entropy.go b/src/crypto/internal/fips140/entropy/entropy.go
index 273f05c817aff8c17784cf7424a70d03e7a88871..f5b2f53752a028242118ade71157ac53640c712e 100644 (file)
--- a/src/crypto/internal/fips140/entropy/entropy.go
+++ b/src/crypto/internal/fips140/entropy/entropy.go
@@ -123,7 +123,9 @@ func (s *source) Sample() uint8 {
        // Perform a few memory accesses in an unpredictable pattern to expose the
        // next measurement to as much system noise as possible.
        memory, lcgState := s.memory, s.lcgState
-       _ = memory[0] // hoist the nil check out of touchMemory
+       if memory == nil { // remove the nil check from the inlined touchMemory calls
+               panic("entropy: nil memory buffer")
+       }
        for range 64 {
                lcgState = 1664525*lcgState + 1013904223
                // Discard the lower bits, which tend to fall into short cycles.

diff --git a/src/crypto/internal/fips140test/entropy_test.go b/src/crypto/internal/fips140test/entropy_test.go
index ef6909efbac2f6aa52bf8b45e54012ec24088153..a33e2e7bbc907dd2f1ad2af9d98236267ede8616 100644 (file)
--- a/src/crypto/internal/fips140test/entropy_test.go
+++ b/src/crypto/internal/fips140test/entropy_test.go
@@ -241,7 +241,7 @@ func TestEntropyUnchanged(t *testing.T) {
        // entropy source through the Entropy Source Validation program,
        // independently of the FIPS 140-3 module. It must not change even across
        // FIPS 140-3 module versions, in order to reuse the ESV certificate.
-       exp := "1b68d4c091ef66c6006602e4ed3ac10f8a82ad193708ec99d63b145e3baa3e6c"
+       exp := "2541273241ae8aafe55026328354ed3799df1e2fb308b2097833203a42911b53"
        if got := hex.EncodeToString(h.Sum(nil)); got != exp {
                t.Errorf("hash of crypto/internal/fips140/entropy = %s, want %s", got, exp)
        }
@@ -249,12 +249,12 @@ func TestEntropyUnchanged(t *testing.T) {
 
 func TestEntropyRace(t *testing.T) {
        // Check that concurrent calls to Seed don't trigger the race detector.
-       for range 2 {
+       for range 16 {
                go func() {
                        _, _ = entropy.Seed(&memory)
                }()
        }
-       // Same, with the higher-level DRBG. More concurrent calls to hit the Pool.
+       // Same, with the higher-level DRBG.
        for range 16 {
                go func() {
                        var b [64]byte