The branch OpenSSL_1_1_1-stable has been updated via b262a0022923d48576f72d78d88a008fbe602cdc (commit) from 5538ba99ab785287ad187909dd71f17040dbc180 (commit)
- Log ----------------------------------------------------------------- commit b262a0022923d48576f72d78d88a008fbe602cdc Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Wed Sep 12 00:37:15 2018 +0200 Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190) (cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_lib.c | 6 +++++- include/openssl/rand_drbg.h | 15 +++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 729b49c..9c315ed 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL; static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; +/* A logical OR of all used DRBG flag bits (currently there is only one) */ +static const unsigned int rand_drbg_used_flags = + RAND_DRBG_FLAG_CTR_NO_DF; + static RAND_DRBG *drbg_setup(RAND_DRBG *parent); static RAND_DRBG *rand_drbg_new(int secure, @@ -147,7 +151,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags) break; } - if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) { + if ((flags & ~rand_drbg_used_flags) != 0) { RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS); return 0; } diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 282356e..cfc7fb7 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -13,14 +13,21 @@ # include <time.h> # include <openssl/ossl_typ.h> +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ /* In CTR mode, disable derivation function ctr_df */ # define RAND_DRBG_FLAG_CTR_NO_DF 0x1 -/* A logical OR of all used flag bits (currently there is only one) */ -# define RAND_DRBG_USED_FLAGS ( \ - RAND_DRBG_FLAG_CTR_NO_DF \ - ) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits