wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant

Browse source 
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)
This commit is contained in:
Dr. Matthias St. Pierre 2018-09-12 00:37:15 +02:00
parent 6839a7a7f4
commit c402e943cd
2 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
crypto/rand/drbg_lib.c
View file

@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL;
static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
/* A logical OR of all used DRBG flag bits (currently there is only one) */
static const unsigned int rand_drbg_used_flags =
RAND_DRBG_FLAG_CTR_NO_DF;
static RAND_DRBG *drbg_setup(RAND_DRBG *parent); static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
static RAND_DRBG *rand_drbg_new(int secure, static RAND_DRBG *rand_drbg_new(int secure,
@ -147,7 +151,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
break; break;
} }
if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) { if ((flags & ~rand_drbg_used_flags) != 0) {
RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS); RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
return 0; return 0;
} }

15
include/openssl/rand_drbg.h
View file

@ -13,14 +13,21 @@
# include <time.h> # include <time.h>
# include <openssl/ossl_typ.h> # include <openssl/ossl_typ.h>
/*
* RAND_DRBG flags
*
* Note: if new flags are added, the constant `rand_drbg_used_flags`
* in drbg_lib.c needs to be updated accordingly.
*/
/* In CTR mode, disable derivation function ctr_df */ /* In CTR mode, disable derivation function ctr_df */
# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 # define RAND_DRBG_FLAG_CTR_NO_DF 0x1
/* A logical OR of all used flag bits (currently there is only one) */
# define RAND_DRBG_USED_FLAGS ( \ # if OPENSSL_API_COMPAT < 0x10200000L
RAND_DRBG_FLAG_CTR_NO_DF \ /* This #define was replaced by an internal constant and should not be used. */
) # define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
# endif
/* /*
* Default security strength (in the sense of [NIST SP 800-90Ar1]) * Default security strength (in the sense of [NIST SP 800-90Ar1])