[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f (commit) from de8848aeafd4210bcbbc6742b8947b37cb7ed8cb (commit) - Log - commit faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f Author: Bernd Edlinger Date: Mon Oct 29 13:48:53 2018 +0100 Fix a race condition in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7523) (cherry picked from commit 4011bab1f85d4429bad1e9388bed90a8d0da5639) --- Summary of changes: crypto/rand/drbg_lib.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4795213..43e7509 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1003,6 +1003,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; +rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1014,10 +1015,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; -return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +rand_drbg_unlock(drbg); +return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1041,7 +1045,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } -rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 4011bab1f85d4429bad1e9388bed90a8d0da5639 (commit) from 6e46c065b9b97212d63ef1f321b08fb7fa6b320d (commit) - Log - commit 4011bab1f85d4429bad1e9388bed90a8d0da5639 Author: Bernd Edlinger Date: Mon Oct 29 13:48:53 2018 +0100 Fix a race condition in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7523) --- Summary of changes: crypto/rand/drbg_lib.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4a66604..c4ecf0c 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1079,6 +1079,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; +rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1090,10 +1091,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; -return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +rand_drbg_unlock(drbg); +return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1117,7 +1121,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } -rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 6e46c065b9b97212d63ef1f321b08fb7fa6b320d (commit)
via e45620140fce22c3251440063bc17440289d730c (commit)
from 828b52951cf182d5f9cf159804419230b27840c9 (commit)
- Log -
commit 6e46c065b9b97212d63ef1f321b08fb7fa6b320d
Author: Matt Caswell
Date: Tue Oct 16 12:42:59 2018 +0100
Add a client_cert_cb test
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7413)
commit e45620140fce22c3251440063bc17440289d730c
Author: Matt Caswell
Date: Thu Oct 11 17:01:06 2018 +0100
Don't call the client_cert_cb immediately in TLSv1.3
In TLSv1.2 and below a CertificateRequest is sent after the Certificate
from the server. This means that by the time the client_cert_cb is called
on receipt of the CertificateRequest a call to SSL_get_peer_certificate()
will return the server certificate as expected. In TLSv1.3 a
CertificateRequest is sent before a Certificate message so calling
SSL_get_peer_certificate() returns NULL.
To workaround this we delay calling the client_cert_cb until after we
have processed the CertificateVerify message, when we are doing TLSv1.3.
Fixes #7384
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7413)
---
Summary of changes:
ssl/statem/statem_clnt.c | 12 +++
ssl/statem/statem_lib.c | 13 ++-
test/sslapitest.c| 94
3 files changed, 118 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 8c658da..0a11b88 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL
*s, WORK_STATE wst)
ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
+case TLS_ST_CR_CERT_VRFY:
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
}
@@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL
*s, PACKET *pkt)
/* we should setup a certificate to return */
s->s3->tmp.cert_req = 1;
+/*
+ * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+ * after the CertificateVerify message has been received. This is because
+ * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+ * but in TLSv1.2 it is the other way around. We want to make sure that
+ * SSL_get_peer_certificate() returns something sensible in
+ * client_cert_cb.
+ */
+if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+return MSG_PROCESS_CONTINUE_READING;
+
return MSG_PROCESS_CONTINUE_PROCESSING;
}
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index e6e61f7..75cf321 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -495,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET
*pkt)
}
}
-ret = MSG_PROCESS_CONTINUE_READING;
+/*
+ * In TLSv1.3 on the client side we make sure we prepare the client
+ * certificate after the CertVerify instead of when we get the
+ * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+ * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+ * want to make sure that SSL_get_peer_certificate() will return the actual
+ * server certificate from the client_cert_cb callback.
+ */
+if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+ret = MSG_PROCESS_CONTINUE_PROCESSING;
+else
+ret = MSG_PROCESS_CONTINUE_READING;
err:
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d87e9f6..0b8f98f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -5593,6 +5593,99 @@ static int test_cert_cb(int tst)
return testresult;
}
+static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+{
+X509 *xcert, *peer;
+EVP_PKEY *privpkey;
+BIO *in = NULL;
+
+/* Check that SSL_get_peer_certificate() returns something sensible */
+peer = SSL_get_peer_certificate(ssl);
+if (!TEST_ptr(peer))
+return 0;
+X509_free(peer);
+
+in = BIO_new_file(cert, "r");
+if (!TEST_ptr(in))
+return 0;
+
+xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+BIO_free(in);
+if (!TEST_ptr(xcert))
+return 0;
+
+in = BIO_new_file(privkey, "r");
+if (!TEST_ptr(in)) {
+X509_free(xcert);
+return 0;
+}
+
+privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
+BIO_free(in);
+if (!TEST_ptr(privpkey)) {
+X509_free(xcert);
+return 0;
+}
+
+*x509 = xcert;
+*pkey = pr
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via de8848aeafd4210bcbbc6742b8947b37cb7ed8cb (commit)
via a2388b50afc5136a1b65d0bf794f0398c31a1acb (commit)
from 5cf0f0e70887fbe9d94a95e25e379a64e1676010 (commit)
- Log -
commit de8848aeafd4210bcbbc6742b8947b37cb7ed8cb
Author: Matt Caswell
Date: Tue Oct 16 12:42:59 2018 +0100
Add a client_cert_cb test
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7413)
(cherry picked from commit 6e46c065b9b97212d63ef1f321b08fb7fa6b320d)
commit a2388b50afc5136a1b65d0bf794f0398c31a1acb
Author: Matt Caswell
Date: Thu Oct 11 17:01:06 2018 +0100
Don't call the client_cert_cb immediately in TLSv1.3
In TLSv1.2 and below a CertificateRequest is sent after the Certificate
from the server. This means that by the time the client_cert_cb is called
on receipt of the CertificateRequest a call to SSL_get_peer_certificate()
will return the server certificate as expected. In TLSv1.3 a
CertificateRequest is sent before a Certificate message so calling
SSL_get_peer_certificate() returns NULL.
To workaround this we delay calling the client_cert_cb until after we
have processed the CertificateVerify message, when we are doing TLSv1.3.
Fixes #7384
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/7413)
(cherry picked from commit e45620140fce22c3251440063bc17440289d730c)
---
Summary of changes:
ssl/statem/statem_clnt.c | 12 +++
ssl/statem/statem_lib.c | 13 ++-
test/sslapitest.c| 94
3 files changed, 118 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 8c658da..0a11b88 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL
*s, WORK_STATE wst)
ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
+case TLS_ST_CR_CERT_VRFY:
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
}
@@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL
*s, PACKET *pkt)
/* we should setup a certificate to return */
s->s3->tmp.cert_req = 1;
+/*
+ * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+ * after the CertificateVerify message has been received. This is because
+ * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+ * but in TLSv1.2 it is the other way around. We want to make sure that
+ * SSL_get_peer_certificate() returns something sensible in
+ * client_cert_cb.
+ */
+if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+return MSG_PROCESS_CONTINUE_READING;
+
return MSG_PROCESS_CONTINUE_PROCESSING;
}
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index e6e61f7..75cf321 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -495,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET
*pkt)
}
}
-ret = MSG_PROCESS_CONTINUE_READING;
+/*
+ * In TLSv1.3 on the client side we make sure we prepare the client
+ * certificate after the CertVerify instead of when we get the
+ * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+ * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+ * want to make sure that SSL_get_peer_certificate() will return the actual
+ * server certificate from the client_cert_cb callback.
+ */
+if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+ret = MSG_PROCESS_CONTINUE_PROCESSING;
+else
+ret = MSG_PROCESS_CONTINUE_READING;
err:
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d87e9f6..0b8f98f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -5593,6 +5593,99 @@ static int test_cert_cb(int tst)
return testresult;
}
+static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+{
+X509 *xcert, *peer;
+EVP_PKEY *privpkey;
+BIO *in = NULL;
+
+/* Check that SSL_get_peer_certificate() returns something sensible */
+peer = SSL_get_peer_certificate(ssl);
+if (!TEST_ptr(peer))
+return 0;
+X509_free(peer);
+
+in = BIO_new_file(cert, "r");
+if (!TEST_ptr(in))
+return 0;
+
+xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+BIO_free(in);
+if (!TEST_ptr(xcert))
+return 0;
+
+in = BIO_new_file(privkey, "r");
+if (!TEST_ptr(in)) {
+X509_free(xcert);
+return 0;
+}
+
+privpkey = PEM_read_bio_Priva
[openssl-commits] [openssl] master update
The branch master has been updated via 828b52951cf182d5f9cf159804419230b27840c9 (commit) from 9f2e18111e643894e31f4ca877eb71a69a048e81 (commit) - Log - commit 828b52951cf182d5f9cf159804419230b27840c9 Author: Richard Levitte Date: Tue Oct 30 08:57:34 2018 +0100 Add blurbs about EVP_MAC in NEWS and CHANGES Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7526) --- Summary of changes: CHANGES | 9 + NEWS| 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e540c9c..29be4fc7 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Changes between 1.1.1 and 1.1.2 [xx XXX ] + *) Ported the HMAC, CMAC and SipHash EVP_PKEY_METHODs to EVP_MAC. + [Richard Levitte] + + *) Added EVP_MAC, an EVP layer MAC API, to simplify adding MAC + implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, + to facilitate the continued use of MACs through raw private keys in + functionality such as EVP_DigestSign* and EVP_DigestVerify*. + [Richard Levitte] + *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). [Antoine Salon] diff --git a/NEWS b/NEWS index 3179b1d..56aab21 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.2 [under development] - o + o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC +bridge. Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 9f2e18111e643894e31f4ca877eb71a69a048e81 (commit)
via 14f61f81f22db55f0ea79105a493398c1c2e04b7 (commit)
via c89d9cdab1727553e3cfa964e9f082cbc5a194c2 (commit)
from cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c (commit)
- Log -
commit 9f2e18111e643894e31f4ca877eb71a69a048e81
Author: Richard Levitte
Date: Thu Oct 25 00:29:02 2018 +0200
Have a couple of SipHash test uses the EVP_PKEY method
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7494)
commit 14f61f81f22db55f0ea79105a493398c1c2e04b7
Author: Richard Levitte
Date: Thu Oct 25 00:20:48 2018 +0200
EVP_MAC: Integrate SipHash EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7494)
commit c89d9cdab1727553e3cfa964e9f082cbc5a194c2
Author: Richard Levitte
Date: Thu Oct 25 00:17:45 2018 +0200
EVP_MAC: Add SipHash implementation
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7494)
---
Summary of changes:
crypto/evp/c_allm.c| 3 +
crypto/evp/pkey_mac.c | 33
crypto/include/internal/evp_int.h | 1 +
crypto/siphash/build.info | 2 +-
crypto/siphash/siphash_meth.c | 139 ++
crypto/siphash/siphash_pmeth.c | 205 -
doc/man3/EVP_MAC.pod | 3 +-
doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} | 24 +--
include/openssl/evp.h | 5 +-
test/recipes/30-test_evp_data/evpmac.txt | 10 +-
10 files changed, 201 insertions(+), 224 deletions(-)
create mode 100644 crypto/siphash/siphash_meth.c
delete mode 100644 crypto/siphash/siphash_pmeth.c
copy doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} (63%)
diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c
index edf8ba5..2bcd9dc 100644
--- a/crypto/evp/c_allm.c
+++ b/crypto/evp/c_allm.c
@@ -16,4 +16,7 @@ void openssl_add_all_macs_int(void)
EVP_add_mac(&cmac_meth);
#endif
EVP_add_mac(&hmac_meth);
+#ifndef OPENSSL_NO_SIPHASH
+EVP_add_mac(&siphash_meth);
+#endif
}
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 9f3817c..d8c0e89 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -392,3 +392,36 @@ const EVP_PKEY_METHOD hmac_pkey_meth = {
pkey_mac_ctrl,
pkey_mac_ctrl_str
};
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+EVP_PKEY_SIPHASH,
+EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+pkey_mac_init,
+pkey_mac_copy,
+pkey_mac_cleanup,
+
+0, 0,
+
+0,
+pkey_mac_keygen,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+pkey_mac_signctx_init,
+pkey_mac_signctx,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+0, 0,
+
+pkey_mac_ctrl,
+pkey_mac_ctrl_str
+};
diff --git a/crypto/include/internal/evp_int.h
b/crypto/include/internal/evp_int.h
index e84205c..060538e 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -130,6 +130,7 @@ struct evp_mac_st {
extern const EVP_MAC cmac_meth;
extern const EVP_MAC hmac_meth;
+extern const EVP_MAC siphash_meth;
/*
* This function is internal for now, but can be made external when needed.
diff --git a/crypto/siphash/build.info b/crypto/siphash/build.info
index 4166344..b56563f 100644
--- a/crypto/siphash/build.info
+++ b/crypto/siphash/build.info
@@ -1,5 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
siphash.c \
- siphash_pmeth.c \
+ siphash_meth.c \
siphash_ameth.c
diff --git a/crypto/siphash/siphash_meth.c b/crypto/siphash/siphash_meth.c
new file mode 100644
index 000..7a5457d
--- /dev/null
+++ b/crypto/siphash/siphash_meth.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+#include
+#include
+#include
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/* local SIPHASH structure is actually a SIPHASH */
+
+struct evp_mac_impl_st {
+SIPHASH ctx;
+};
+
+static EVP_MAC_IMPL *siphash_new(void)
+{
+return OPENSSL_zalloc(sizeof(EVP_MAC_IMPL));
+}
+
+static void siphash_free(EVP_MAC_IMPL *sctx)
+{
+OPENSSL_free(sctx);
+}
+
+static int siphash_copy(EVP_MAC_IMPL *sdst, EVP_MAC_IMPL *ssrc)
+{
+*sdst = *ssrc;
+return 1;
+}
+
+static size_t siphash_size(EVP_MAC_IMPL *sctx)
+{
+return SipHash_hash_size(&sctx->ctx);
+
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5cf0f0e70887fbe9d94a95e25e379a64e1676010 (commit) from 189b56b206e9d588560b609a3738fabceb76bcc3 (commit) - Log - commit 5cf0f0e70887fbe9d94a95e25e379a64e1676010 Author: Dr. Matthias St. Pierre Date: Mon Oct 29 22:27:42 2018 +0100 rand_drbg.h: include The RAND_DRBG_TYPE preprocessor define depends on a NID, so we have to include obj_mac.h to make the header selfcontained. Fixes #7521 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7524) (cherry picked from commit cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c) --- Summary of changes: include/openssl/rand_drbg.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index a7dd0b5..45b731b 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,6 +12,7 @@ # include # include +# include /* * RAND_DRBG flags _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c (commit) from 388de53c274dee20c07eee7ff892108668fb3a61 (commit) - Log - commit cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c Author: Dr. Matthias St. Pierre Date: Mon Oct 29 22:27:42 2018 +0100 rand_drbg.h: include The RAND_DRBG_TYPE preprocessor define depends on a NID, so we have to include obj_mac.h to make the header selfcontained. Fixes #7521 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7524) --- Summary of changes: include/openssl/rand_drbg.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 8316f11..df44701 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,6 +12,7 @@ # include # include +# include /* * RAND_DRBG flags _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
