aboutsummaryrefslogtreecommitdiffstats
path: root/include/openssl/rand_drbg.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/openssl/rand_drbg.h')
-rw-r--r--include/openssl/rand_drbg.h24
1 files changed, 17 insertions, 7 deletions
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
index 282356e16176..45b731b73c26 100644
--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h
@@ -12,23 +12,31 @@
# include <time.h>
# include <openssl/ossl_typ.h>
+# include <openssl/obj_mac.h>
+/*
+ * RAND_DRBG flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ * in drbg_lib.c needs to be updated accordingly.
+ */
/* In CTR mode, disable derivation function ctr_df */
# define RAND_DRBG_FLAG_CTR_NO_DF 0x1
-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS ( \
- RAND_DRBG_FLAG_CTR_NO_DF \
- )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
/*
* Default security strength (in the sense of [NIST SP 800-90Ar1])
*
* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
- * of the cipher by collecting less entropy. The current DRBG implemantion does
- * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
- * to that of the cipher.
+ * of the cipher by collecting less entropy. The current DRBG implementation
+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
+ * DRBG to that of the cipher.
*
* RAND_DRBG_STRENGTH is currently only used for the legacy RAND
* implementation.
@@ -37,7 +45,9 @@
* NID_aes_256_ctr
*/
# define RAND_DRBG_STRENGTH 256
+/* Default drbg type */
# define RAND_DRBG_TYPE NID_aes_256_ctr
+/* Default drbg flags */
# define RAND_DRBG_FLAGS 0