diff options
Diffstat (limited to 'include/openssl/rand_drbg.h')
-rw-r--r-- | include/openssl/rand_drbg.h | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 282356e16176..45b731b73c26 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,23 +12,31 @@ # include <time.h> # include <openssl/ossl_typ.h> +# include <openssl/obj_mac.h> +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ /* In CTR mode, disable derivation function ctr_df */ # define RAND_DRBG_FLAG_CTR_NO_DF 0x1 -/* A logical OR of all used flag bits (currently there is only one) */ -# define RAND_DRBG_USED_FLAGS ( \ - RAND_DRBG_FLAG_CTR_NO_DF \ - ) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) * * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that - * of the cipher by collecting less entropy. The current DRBG implemantion does - * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG - * to that of the cipher. + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. * * RAND_DRBG_STRENGTH is currently only used for the legacy RAND * implementation. @@ -37,7 +45,9 @@ * NID_aes_256_ctr */ # define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ # define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ # define RAND_DRBG_FLAGS 0 |