From 75f3f9e9a38e08a7a747df8534258a80a0cdfcd4 Mon Sep 17 00:00:00 2001
From: "Scott G. Miller" <smiller@hashicorp.com>
Date: Wed, 27 Nov 2024 19:28:44 -0600
Subject: [PATCH] Avoid more instances of the DRBG in GCable RAM by reseeding
 rather than regenerating

---
 cryptoutil/rsa.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/cryptoutil/rsa.go b/cryptoutil/rsa.go
index 3846160..af50c4c 100644
--- a/cryptoutil/rsa.go
+++ b/cryptoutil/rsa.go
@@ -41,17 +41,22 @@ func GenerateRSAKeyWithHMACDRBG(rand io.Reader, bits int) (*rsa.PrivateKey, erro
 		}
 	}()
 
+	if _, err := rand.Read(seed); err != nil {
+		return nil, err
+	}
+	drbg := hmacdrbg.NewHmacDrbg(256, seed, []byte("generate-key-with-hmac-drbg"))
+	reader := hmacdrbg.NewHmacDrbgReader(drbg)
+
 	// Pretty unlikely to need even one reseed, but better to avoid an infinite loop.
 	for i := 0; i < maxReseeds; i++ {
-		if _, err := rand.Read(seed); err != nil {
-			return nil, err
-		}
-		drbg := hmacdrbg.NewHmacDrbg(256, seed, []byte("generate-key-with-hmac-drbg"))
-		reader := hmacdrbg.NewHmacDrbgReader(drbg)
 		key, err := rsa.GenerateKey(reader, bits)
 		if err != nil {
 			if err.Error() == "MUST_RESEED" {
 				// Oops, ran out of bytes (pretty unlikely but just in case)
+				if _, err := rand.Read(seed); err != nil {
+					return nil, err
+				}
+				drbg.Reseed(seed)	
 				continue
 			}
 			return nil, err