The branch master has been updated via edd53e9135d9546e3611ca1d45876bac15047aa8 (commit) from 1d6c86709c72442aff3bdde8ab48b048e6df153a (commit)
- Log ----------------------------------------------------------------- commit edd53e9135d9546e3611ca1d45876bac15047aa8 Author: Pauli <paul.d...@oracle.com> Date: Wed Aug 26 23:56:55 2020 +1000 rand: add a note about a potentially misleading code analyzer warning. When seeding from a parent DRBG, the pointer to the child is used as additional data. This triggers static code analysers. Rearrange and expand the comments to make this more obvious. Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12724) ----------------------------------------------------------------------- Summary of changes: providers/implementations/rands/drbg.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 593bb176c8..a4a9b177a3 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -183,17 +183,23 @@ static size_t prov_drbg_get_entropy(PROV_DRBG *drbg, unsigned char **pout, if (buffer != NULL) { size_t bytes = 0; + if (drbg->parent_generate == NULL) + goto err; /* - * Get random data from parent. Include our address as additional input, - * in order to provide some additional distinction between different - * DRBG child instances. * Our lock is already held, but we need to lock our parent before * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) */ - if (drbg->parent_generate == NULL) - goto err; drbg_lock_parent(drbg); + /* + * Get random data from parent. Include our DRBG address as + * additional input, in order to provide a distinction between + * different DRBG child instances. + * + * Note: using the sizeof() operator on a pointer triggers + * a warning in some static code analyzers, but it's + * intentional and correct here. + */ if (drbg->parent_generate(drbg->parent, buffer, bytes_needed, drbg->strength, prediction_resistance, (unsigned char *)&drbg,