The branch OpenSSL_1_1_1-stable has been updated
       via  b262a0022923d48576f72d78d88a008fbe602cdc (commit)
      from  5538ba99ab785287ad187909dd71f17040dbc180 (commit)


- Log -----------------------------------------------------------------
commit b262a0022923d48576f72d78d88a008fbe602cdc
Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
Date:   Wed Sep 12 00:37:15 2018 +0200

    Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
    
    The new DRBG API added the aforementioned #define. However, it is
    used internally only and having it defined publicly does not serve
    any purpose except causing potential version compatibility problems.
    
    Fixes #7182
    
    Reviewed-by: Matt Caswell <m...@openssl.org>
    Reviewed-by: Paul Dale <paul.d...@oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7190)
    
    (cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c      |  6 +++++-
 include/openssl/rand_drbg.h | 15 +++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 729b49c..9c315ed 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval  = 
SLAVE_RESEED_INTERVAL;
 static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
 static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
 
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
 static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
 
 static RAND_DRBG *rand_drbg_new(int secure,
@@ -147,7 +151,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
         break;
     }
 
-    if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+    if ((flags & ~rand_drbg_used_flags) != 0) {
         RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
         return 0;
     }
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
index 282356e..cfc7fb7 100644
--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h
@@ -13,14 +13,21 @@
 # include <time.h>
 # include <openssl/ossl_typ.h>
 
+/*
+ * RAND_DRBG  flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ *       in drbg_lib.c needs to be updated accordingly.
+ */
 
 /* In CTR mode, disable derivation function ctr_df */
 # define RAND_DRBG_FLAG_CTR_NO_DF            0x1
 
-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS  ( \
-    RAND_DRBG_FLAG_CTR_NO_DF \
-                                 )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+#  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
 
 /*
  * Default security strength (in the sense of [NIST SP 800-90Ar1])
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to