diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
commit | ae3947de09522206d61c0206a733517b10a910f8 (patch) | |
tree | 7044411af55af40f9f5f5adad685ccc70d155998 /ssl/ssl_locl.h | |
parent | 75e2c877650444fb829547bdb58d46eb1297bc1a (diff) | |
download | openssl-ae3947de09522206d61c0206a733517b10a910f8.zip openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.gz openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.bz2 |
Add a DRBG to each SSL object
Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG. This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r-- | ssl/ssl_locl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ce678a6..c78c28f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1322,6 +1322,7 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; }; /* @@ -2122,6 +2123,7 @@ __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); +__owur int ssl_randbytes(SSL *s, unsigned char *buf, size_t num); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); |