[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f (commit) from de8848aeafd4210bcbbc6742b8947b37cb7ed8cb (commit) - Log - commit faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f Author: Bernd Edlinger Date: Mon Oct 29 13:48:53 2018 +0100 Fix a race condition in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7523) (cherry picked from commit 4011bab1f85d4429bad1e9388bed90a8d0da5639) --- Summary of changes: crypto/rand/drbg_lib.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4795213..43e7509 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1003,6 +1003,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; +rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1014,10 +1015,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; -return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +rand_drbg_unlock(drbg); +return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1041,7 +1045,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } -rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 4011bab1f85d4429bad1e9388bed90a8d0da5639 (commit) from 6e46c065b9b97212d63ef1f321b08fb7fa6b320d (commit) - Log - commit 4011bab1f85d4429bad1e9388bed90a8d0da5639 Author: Bernd Edlinger Date: Mon Oct 29 13:48:53 2018 +0100 Fix a race condition in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7523) --- Summary of changes: crypto/rand/drbg_lib.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4a66604..c4ecf0c 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1079,6 +1079,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; +rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1090,10 +1091,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; -return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); +rand_drbg_unlock(drbg); +return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1117,7 +1121,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } -rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6e46c065b9b97212d63ef1f321b08fb7fa6b320d (commit) via e45620140fce22c3251440063bc17440289d730c (commit) from 828b52951cf182d5f9cf159804419230b27840c9 (commit) - Log - commit 6e46c065b9b97212d63ef1f321b08fb7fa6b320d Author: Matt Caswell Date: Tue Oct 16 12:42:59 2018 +0100 Add a client_cert_cb test Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/7413) commit e45620140fce22c3251440063bc17440289d730c Author: Matt Caswell Date: Thu Oct 11 17:01:06 2018 +0100 Don't call the client_cert_cb immediately in TLSv1.3 In TLSv1.2 and below a CertificateRequest is sent after the Certificate from the server. This means that by the time the client_cert_cb is called on receipt of the CertificateRequest a call to SSL_get_peer_certificate() will return the server certificate as expected. In TLSv1.3 a CertificateRequest is sent before a Certificate message so calling SSL_get_peer_certificate() returns NULL. To workaround this we delay calling the client_cert_cb until after we have processed the CertificateVerify message, when we are doing TLSv1.3. Fixes #7384 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/7413) --- Summary of changes: ssl/statem/statem_clnt.c | 12 +++ ssl/statem/statem_lib.c | 13 ++- test/sslapitest.c| 94 3 files changed, 118 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 8c658da..0a11b88 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) ERR_R_INTERNAL_ERROR); return WORK_ERROR; +case TLS_ST_CR_CERT_VRFY: case TLS_ST_CR_CERT_REQ: return tls_prepare_client_certificate(s, wst); } @@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) /* we should setup a certificate to return */ s->s3->tmp.cert_req = 1; +/* + * In TLSv1.3 we don't prepare the client certificate yet. We wait until + * after the CertificateVerify message has been received. This is because + * in TLSv1.3 the CertificateRequest arrives before the Certificate message + * but in TLSv1.2 it is the other way around. We want to make sure that + * SSL_get_peer_certificate() returns something sensible in + * client_cert_cb. + */ +if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) +return MSG_PROCESS_CONTINUE_READING; + return MSG_PROCESS_CONTINUE_PROCESSING; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e6e61f7..75cf321 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -495,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } -ret = MSG_PROCESS_CONTINUE_READING; +/* + * In TLSv1.3 on the client side we make sure we prepare the client + * certificate after the CertVerify instead of when we get the + * CertificateRequest. This is because in TLSv1.3 the CertificateRequest + * comes *before* the Certificate message. In TLSv1.2 it comes after. We + * want to make sure that SSL_get_peer_certificate() will return the actual + * server certificate from the client_cert_cb callback. + */ +if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) +ret = MSG_PROCESS_CONTINUE_PROCESSING; +else +ret = MSG_PROCESS_CONTINUE_READING; err: BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; diff --git a/test/sslapitest.c b/test/sslapitest.c index d87e9f6..0b8f98f 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5593,6 +5593,99 @@ static int test_cert_cb(int tst) return testresult; } +static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) +{ +X509 *xcert, *peer; +EVP_PKEY *privpkey; +BIO *in = NULL; + +/* Check that SSL_get_peer_certificate() returns something sensible */ +peer = SSL_get_peer_certificate(ssl); +if (!TEST_ptr(peer)) +return 0; +X509_free(peer); + +in = BIO_new_file(cert, "r"); +if (!TEST_ptr(in)) +return 0; + +xcert = PEM_read_bio_X509(in, NULL, NULL, NULL); +BIO_free(in); +if (!TEST_ptr(xcert)) +return 0; + +in = BIO_new_file(privkey, "r"); +if (!TEST_ptr(in)) { +X509_free(xcert); +return 0; +} + +privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); +BIO_free(in); +if (!TEST_ptr(privpkey)) { +X509_free(xcert); +return 0; +} + +*x509 = xcert; +*pkey = pr
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via de8848aeafd4210bcbbc6742b8947b37cb7ed8cb (commit) via a2388b50afc5136a1b65d0bf794f0398c31a1acb (commit) from 5cf0f0e70887fbe9d94a95e25e379a64e1676010 (commit) - Log - commit de8848aeafd4210bcbbc6742b8947b37cb7ed8cb Author: Matt Caswell Date: Tue Oct 16 12:42:59 2018 +0100 Add a client_cert_cb test Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/7413) (cherry picked from commit 6e46c065b9b97212d63ef1f321b08fb7fa6b320d) commit a2388b50afc5136a1b65d0bf794f0398c31a1acb Author: Matt Caswell Date: Thu Oct 11 17:01:06 2018 +0100 Don't call the client_cert_cb immediately in TLSv1.3 In TLSv1.2 and below a CertificateRequest is sent after the Certificate from the server. This means that by the time the client_cert_cb is called on receipt of the CertificateRequest a call to SSL_get_peer_certificate() will return the server certificate as expected. In TLSv1.3 a CertificateRequest is sent before a Certificate message so calling SSL_get_peer_certificate() returns NULL. To workaround this we delay calling the client_cert_cb until after we have processed the CertificateVerify message, when we are doing TLSv1.3. Fixes #7384 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/7413) (cherry picked from commit e45620140fce22c3251440063bc17440289d730c) --- Summary of changes: ssl/statem/statem_clnt.c | 12 +++ ssl/statem/statem_lib.c | 13 ++- test/sslapitest.c| 94 3 files changed, 118 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 8c658da..0a11b88 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) ERR_R_INTERNAL_ERROR); return WORK_ERROR; +case TLS_ST_CR_CERT_VRFY: case TLS_ST_CR_CERT_REQ: return tls_prepare_client_certificate(s, wst); } @@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) /* we should setup a certificate to return */ s->s3->tmp.cert_req = 1; +/* + * In TLSv1.3 we don't prepare the client certificate yet. We wait until + * after the CertificateVerify message has been received. This is because + * in TLSv1.3 the CertificateRequest arrives before the Certificate message + * but in TLSv1.2 it is the other way around. We want to make sure that + * SSL_get_peer_certificate() returns something sensible in + * client_cert_cb. + */ +if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) +return MSG_PROCESS_CONTINUE_READING; + return MSG_PROCESS_CONTINUE_PROCESSING; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e6e61f7..75cf321 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -495,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } -ret = MSG_PROCESS_CONTINUE_READING; +/* + * In TLSv1.3 on the client side we make sure we prepare the client + * certificate after the CertVerify instead of when we get the + * CertificateRequest. This is because in TLSv1.3 the CertificateRequest + * comes *before* the Certificate message. In TLSv1.2 it comes after. We + * want to make sure that SSL_get_peer_certificate() will return the actual + * server certificate from the client_cert_cb callback. + */ +if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) +ret = MSG_PROCESS_CONTINUE_PROCESSING; +else +ret = MSG_PROCESS_CONTINUE_READING; err: BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; diff --git a/test/sslapitest.c b/test/sslapitest.c index d87e9f6..0b8f98f 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5593,6 +5593,99 @@ static int test_cert_cb(int tst) return testresult; } +static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) +{ +X509 *xcert, *peer; +EVP_PKEY *privpkey; +BIO *in = NULL; + +/* Check that SSL_get_peer_certificate() returns something sensible */ +peer = SSL_get_peer_certificate(ssl); +if (!TEST_ptr(peer)) +return 0; +X509_free(peer); + +in = BIO_new_file(cert, "r"); +if (!TEST_ptr(in)) +return 0; + +xcert = PEM_read_bio_X509(in, NULL, NULL, NULL); +BIO_free(in); +if (!TEST_ptr(xcert)) +return 0; + +in = BIO_new_file(privkey, "r"); +if (!TEST_ptr(in)) { +X509_free(xcert); +return 0; +} + +privpkey = PEM_read_bio_Priva
[openssl-commits] [openssl] master update
The branch master has been updated via 828b52951cf182d5f9cf159804419230b27840c9 (commit) from 9f2e18111e643894e31f4ca877eb71a69a048e81 (commit) - Log - commit 828b52951cf182d5f9cf159804419230b27840c9 Author: Richard Levitte Date: Tue Oct 30 08:57:34 2018 +0100 Add blurbs about EVP_MAC in NEWS and CHANGES Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7526) --- Summary of changes: CHANGES | 9 + NEWS| 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e540c9c..29be4fc7 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Changes between 1.1.1 and 1.1.2 [xx XXX ] + *) Ported the HMAC, CMAC and SipHash EVP_PKEY_METHODs to EVP_MAC. + [Richard Levitte] + + *) Added EVP_MAC, an EVP layer MAC API, to simplify adding MAC + implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, + to facilitate the continued use of MACs through raw private keys in + functionality such as EVP_DigestSign* and EVP_DigestVerify*. + [Richard Levitte] + *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type). [Antoine Salon] diff --git a/NEWS b/NEWS index 3179b1d..56aab21 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.2 [under development] - o + o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC +bridge. Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9f2e18111e643894e31f4ca877eb71a69a048e81 (commit) via 14f61f81f22db55f0ea79105a493398c1c2e04b7 (commit) via c89d9cdab1727553e3cfa964e9f082cbc5a194c2 (commit) from cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c (commit) - Log - commit 9f2e18111e643894e31f4ca877eb71a69a048e81 Author: Richard Levitte Date: Thu Oct 25 00:29:02 2018 +0200 Have a couple of SipHash test uses the EVP_PKEY method Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7494) commit 14f61f81f22db55f0ea79105a493398c1c2e04b7 Author: Richard Levitte Date: Thu Oct 25 00:20:48 2018 +0200 EVP_MAC: Integrate SipHash EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7494) commit c89d9cdab1727553e3cfa964e9f082cbc5a194c2 Author: Richard Levitte Date: Thu Oct 25 00:17:45 2018 +0200 EVP_MAC: Add SipHash implementation Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7494) --- Summary of changes: crypto/evp/c_allm.c| 3 + crypto/evp/pkey_mac.c | 33 crypto/include/internal/evp_int.h | 1 + crypto/siphash/build.info | 2 +- crypto/siphash/siphash_meth.c | 139 ++ crypto/siphash/siphash_pmeth.c | 205 - doc/man3/EVP_MAC.pod | 3 +- doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} | 24 +-- include/openssl/evp.h | 5 +- test/recipes/30-test_evp_data/evpmac.txt | 10 +- 10 files changed, 201 insertions(+), 224 deletions(-) create mode 100644 crypto/siphash/siphash_meth.c delete mode 100644 crypto/siphash/siphash_pmeth.c copy doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} (63%) diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c index edf8ba5..2bcd9dc 100644 --- a/crypto/evp/c_allm.c +++ b/crypto/evp/c_allm.c @@ -16,4 +16,7 @@ void openssl_add_all_macs_int(void) EVP_add_mac(&cmac_meth); #endif EVP_add_mac(&hmac_meth); +#ifndef OPENSSL_NO_SIPHASH +EVP_add_mac(&siphash_meth); +#endif } diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 9f3817c..d8c0e89 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -392,3 +392,36 @@ const EVP_PKEY_METHOD hmac_pkey_meth = { pkey_mac_ctrl, pkey_mac_ctrl_str }; + +const EVP_PKEY_METHOD siphash_pkey_meth = { +EVP_PKEY_SIPHASH, +EVP_PKEY_FLAG_SIGCTX_CUSTOM, +pkey_mac_init, +pkey_mac_copy, +pkey_mac_cleanup, + +0, 0, + +0, +pkey_mac_keygen, + +0, 0, + +0, 0, + +0, 0, + +pkey_mac_signctx_init, +pkey_mac_signctx, + +0, 0, + +0, 0, + +0, 0, + +0, 0, + +pkey_mac_ctrl, +pkey_mac_ctrl_str +}; diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index e84205c..060538e 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -130,6 +130,7 @@ struct evp_mac_st { extern const EVP_MAC cmac_meth; extern const EVP_MAC hmac_meth; +extern const EVP_MAC siphash_meth; /* * This function is internal for now, but can be made external when needed. diff --git a/crypto/siphash/build.info b/crypto/siphash/build.info index 4166344..b56563f 100644 --- a/crypto/siphash/build.info +++ b/crypto/siphash/build.info @@ -1,5 +1,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ siphash.c \ - siphash_pmeth.c \ + siphash_meth.c \ siphash_ameth.c diff --git a/crypto/siphash/siphash_meth.c b/crypto/siphash/siphash_meth.c new file mode 100644 index 000..7a5457d --- /dev/null +++ b/crypto/siphash/siphash_meth.c @@ -0,0 +1,139 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/siphash.h" +#include "siphash_local.h" +#include "internal/evp_int.h" + +/* local SIPHASH structure is actually a SIPHASH */ + +struct evp_mac_impl_st { +SIPHASH ctx; +}; + +static EVP_MAC_IMPL *siphash_new(void) +{ +return OPENSSL_zalloc(sizeof(EVP_MAC_IMPL)); +} + +static void siphash_free(EVP_MAC_IMPL *sctx) +{ +OPENSSL_free(sctx); +} + +static int siphash_copy(EVP_MAC_IMPL *sdst, EVP_MAC_IMPL *ssrc) +{ +*sdst = *ssrc; +return 1; +} + +static size_t siphash_size(EVP_MAC_IMPL *sctx) +{ +return SipHash_hash_size(&sctx->ctx); +
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5cf0f0e70887fbe9d94a95e25e379a64e1676010 (commit) from 189b56b206e9d588560b609a3738fabceb76bcc3 (commit) - Log - commit 5cf0f0e70887fbe9d94a95e25e379a64e1676010 Author: Dr. Matthias St. Pierre Date: Mon Oct 29 22:27:42 2018 +0100 rand_drbg.h: include The RAND_DRBG_TYPE preprocessor define depends on a NID, so we have to include obj_mac.h to make the header selfcontained. Fixes #7521 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7524) (cherry picked from commit cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c) --- Summary of changes: include/openssl/rand_drbg.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index a7dd0b5..45b731b 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,6 +12,7 @@ # include # include +# include /* * RAND_DRBG flags _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c (commit) from 388de53c274dee20c07eee7ff892108668fb3a61 (commit) - Log - commit cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c Author: Dr. Matthias St. Pierre Date: Mon Oct 29 22:27:42 2018 +0100 rand_drbg.h: include The RAND_DRBG_TYPE preprocessor define depends on a NID, so we have to include obj_mac.h to make the header selfcontained. Fixes #7521 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7524) --- Summary of changes: include/openssl/rand_drbg.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 8316f11..df44701 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,6 +12,7 @@ # include # include +# include /* * RAND_DRBG flags _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits