Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant

The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190) (cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870)

Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190) (cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870)
b262a002 · Dr. Matthias St. Pierre · 5538ba99 · b262a002 · b262a002
隐藏空白更改
内联并排

Showing with 16 addition and 5 deletion

crypto/rand/drbg_lib.c crypto/rand/drbg_lib.c +5 -1

include/openssl/rand_drbg.h include/openssl/rand_drbg.h +11 -4

未找到文件。
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
 static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
 static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;

+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
 static RAND_DRBG *drbg_setup(RAND_DRBG *parent);

 static RAND_DRBG *rand_drbg_new(int secure,
@@ -147,7 +151,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
        break;
    }

-    if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+    if ((flags & ~rand_drbg_used_flags) != 0) {
        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
        return 0;
    }

--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h
@@ -13,14 +13,21 @@
 # include <time.h>
 # include <openssl/ossl_typ.h>

+/*
+ * RAND_DRBG  flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ *       in drbg_lib.c needs to be updated accordingly.
+ */

 /* In CTR mode, disable derivation function ctr_df */
 # define RAND_DRBG_FLAG_CTR_NO_DF            0x1

-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS  ( \
-    RAND_DRBG_FLAG_CTR_NO_DF \
-                                 )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+#  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif

 /*
 * Default security strength (in the sense of [NIST SP 800-90Ar1])