diff options
| author | Pauli <paul.dale@oracle.com> | 2020-08-26 23:56:55 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-08-28 08:43:07 +1000 |
| commit | edd53e9135d9546e3611ca1d45876bac15047aa8 (patch) | |
| tree | dea11c7b04591b6a36f45a7f852ef17f15b8d720 /providers | |
| parent | 1d6c86709c72442aff3bdde8ab48b048e6df153a (diff) | |
rand: add a note about a potentially misleading code analyzer warning.
When seeding from a parent DRBG, the pointer to the child is used as
additional data. This triggers static code analysers. Rearrange and
expand the comments to make this more obvious.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12724)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/rands/drbg.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 593bb176c8..a4a9b177a3 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -183,17 +183,23 @@ static size_t prov_drbg_get_entropy(PROV_DRBG *drbg, unsigned char **pout, if (buffer != NULL) { size_t bytes = 0; + if (drbg->parent_generate == NULL) + goto err; /* - * Get random data from parent. Include our address as additional input, - * in order to provide some additional distinction between different - * DRBG child instances. * Our lock is already held, but we need to lock our parent before * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) */ - if (drbg->parent_generate == NULL) - goto err; drbg_lock_parent(drbg); + /* + * Get random data from parent. Include our DRBG address as + * additional input, in order to provide a distinction between + * different DRBG child instances. + * + * Note: using the sizeof() operator on a pointer triggers + * a warning in some static code analyzers, but it's + * intentional and correct here. + */ if (drbg->parent_generate(drbg->parent, buffer, bytes_needed, drbg->strength, prediction_resistance, (unsigned char *)&drbg, |