Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Tue, 11 Sep 2018 22:37:15 +0000 (00:37 +0200)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Wed, 12 Sep 2018 21:48:18 +0000 (23:48 +0200)
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)

(cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870)

crypto/rand/drbg_lib.c
include/openssl/rand_drbg.h

index 729b49c94372797f3ffb7a91d8b5369d177c3521..9c315ed68d973e596098b53d94f9a2e2acb87ba0 100644 (file)
@@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
 static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
 static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
 
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
 static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
 
 static RAND_DRBG *rand_drbg_new(int secure,
@@ -147,7 +151,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
         break;
     }
 
-    if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+    if ((flags & ~rand_drbg_used_flags) != 0) {
         RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
         return 0;
     }
index 282356e161761228d3f33601dc3d2f440d4a8fbf..cfc7fb7e9981abb7eb24c59f809249752b8c765e 100644 (file)
 # include <time.h>
 # include <openssl/ossl_typ.h>
 
+/*
+ * RAND_DRBG  flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ *       in drbg_lib.c needs to be updated accordingly.
+ */
 
 /* In CTR mode, disable derivation function ctr_df */
 # define RAND_DRBG_FLAG_CTR_NO_DF            0x1
 
-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS  ( \
-    RAND_DRBG_FLAG_CTR_NO_DF \
-                                 )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+#  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
 
 /*
  * Default security strength (in the sense of [NIST SP 800-90Ar1])