diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
commit | ae3947de09522206d61c0206a733517b10a910f8 (patch) | |
tree | 7044411af55af40f9f5f5adad685ccc70d155998 /include | |
parent | 75e2c877650444fb829547bdb58d46eb1297bc1a (diff) |
Add a DRBG to each SSL object
Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG. This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/rand.h | 1 | ||||
-rw-r--r-- | include/openssl/ssl.h | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/include/internal/rand.h b/include/internal/rand.h index 2f38095231..4e30e38aa1 100644 --- a/include/internal/rand.h +++ b/include/internal/rand.h @@ -32,6 +32,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen); int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, int interval); +RAND_DRBG *RAND_DRBG_get0_global(void); /* * EXDATA diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 245f5eb172..a2d13bf3d7 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -622,7 +622,7 @@ __owur int SRP_Calc_A_param(SSL *s); * bytes. The callback can alter this length to be less if desired. It is * also an error for the callback to set the size to zero. */ -typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, unsigned int *id_len); # define SSL_SESS_CACHE_OFF 0x0000 |