[PATCH v3 1/7] SP800-90A Deterministic Random Bit Generator

Stephan Mueller smueller at chronox.de
Mon Jun 23 18:43:27 CEST 2014

Am Samstag, 21. Juni 2014, 14:40:13 schrieb Stephan Mueller:


> Am Mittwoch, 19. März 2014, 08:35:42 schrieb Stephan Mueller:

> after the kernel version of the DRBG is now added to the cryptodev branch
> maintained by Herbert Xu with the potential to be included into 3.17, the
> kernel version of the code was subjected to a static code analysis.

After careful analysis of the code, the anticipated NULL pointer
deference is already caught in drbg_ctr_update which is the only function 
invoking drbg_ctr_df when addtl is not NULL. Thus I simplified the patch to 
only make the code for ordering of the linked list in drbg_ctr_df nicer to 

This patch is tested with CAVS testing and the test set provided in [1].

diff --git a/random/drbg.c b/random/drbg.c
index 2352d1d..3729428 100644
--- a/random/drbg.c
+++ b/random/drbg.c
@@ -690,12 +690,13 @@ drbg_ctr_df (struct drbg_state *drbg, unsigned char 
   drbg_string_fill (&S4, pad, padlen);
   S1.next = &S2;
   S2.next = addtl;
-  /* splice in addtl between S2 and S4 -- we place S4 at the end of the
-   * input data chain */
+  /* Splice in addtl between S2 and S4 -- we place S4 at the end of the
+   * input data chain. As this code is only triggered when addtl is not
+   * NULL, no NULL checks are necessary.*/
   tempstr = addtl;
-  for (; NULL != tempstr; tempstr = tempstr->next)
-    if (NULL == tempstr->next)
-      break;
+  while (tempstr->next)
+    tempstr = tempstr->next;

[1] http://www.chronox.de/drbg.html

| Cui bono? |

More information about the Gcrypt-devel mailing list