crypto/internal/fips140/ecdsa: fix reseed_counter check for HMAC_DRBG_Generate_algorithm

SP 800-90A Rev. 1 10.1.2.5 step 7 requires
	reseed_counter = reseed_counter + 1
as the final step before returning SUCCESS.

This increment of reseedCounter was missing, meaning the reseed interval
check at the start of Generate wasn't actually functional.

Given how it's used, and that it has a reseed interval of 2^48, this
condition will never actually occur but the check is still required by
the standard.

For #69536

Change-Id: I314a7eee5852e6d0fa1a0a04842003553cd803e7
Reviewed-on: https://go-review.googlesource.com/c/go/+/634775
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

diff --git a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
index 6fd7ac697473d4bbdd66563850e09d8b20b9a8b9..4f085e2801b79dab307f831b34ec4d19f78fc299 100644 (file)
--- a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
+++ b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
@@ -160,4 +160,6 @@ func (d *hmacDRBG) Generate(out []byte) {
        d.hK = d.newHMAC(K)
        d.hK.Write(d.V)
        d.V = d.hK.Sum(d.V[:0])
+
+       d.reseedCounter++
 }