[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Aug 27 22:43:37 UTC 2020 

The branch master has been updated
       via  edd53e9135d9546e3611ca1d45876bac15047aa8 (commit)
      from  1d6c86709c72442aff3bdde8ab48b048e6df153a (commit)


- Log -----------------------------------------------------------------
commit edd53e9135d9546e3611ca1d45876bac15047aa8
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Aug 26 23:56:55 2020 +1000

    rand: add a note about a potentially misleading code analyzer warning.
    
    When seeding from a parent DRBG, the pointer to the child is used as
    additional data.  This triggers static code analysers.  Rearrange and
    expand the comments to make this more obvious.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/12724)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/rands/drbg.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 593bb176c8..a4a9b177a3 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -183,17 +183,23 @@ static size_t prov_drbg_get_entropy(PROV_DRBG *drbg, unsigned char **pout,
         if (buffer != NULL) {
             size_t bytes = 0;
 
+            if (drbg->parent_generate == NULL)
+                goto err;
             /*
-             * Get random data from parent. Include our address as additional input,
-             * in order to provide some additional distinction between different
-             * DRBG child instances.
              * Our lock is already held, but we need to lock our parent before
              * generating bits from it. (Note: taking the lock will be a no-op
              * if locking if drbg->parent->lock == NULL.)
              */
-            if (drbg->parent_generate == NULL)
-                goto err;
             drbg_lock_parent(drbg);
+            /*
+             * Get random data from parent.  Include our DRBG address as
+             * additional input, in order to provide a distinction between
+             * different DRBG child instances.
+             *
+             * Note: using the sizeof() operator on a pointer triggers
+             *       a warning in some static code analyzers, but it's
+             *       intentional and correct here.
+             */
             if (drbg->parent_generate(drbg->parent, buffer, bytes_needed,
                                       drbg->strength, prediction_resistance,
                                       (unsigned char *)&drbg,

More information about the openssl-commits mailing list