X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_ssl.h;h=2a4fadadd88831306b964e4e32fc406240a0ac62;hp=d15cf55192c04d8ab1b98a5dfff2adabc7ea3a16;hb=05520e8eae3d8c6039e8bcde58741cf4ffb18f1d;hpb=4aac1cd5c65462d5ad13e377705a00eab8c80d81 diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h index d15cf55..2a4fada 100644 --- a/inc/bearssl_ssl.h +++ b/inc/bearssl_ssl.h @@ -833,6 +833,14 @@ typedef struct { /* * Context RNG. + * + * rng_init_done is initially 0. It is set to 1 when the + * basic structure of the RNG is set, and 2 when some + * entropy has been pushed in. The value 2 marks the RNG + * as "properly seeded". + * + * rng_os_rand_done is initially 0. It is set to 1 when + * some seeding from the OS or hardware has been attempted. */ br_hmac_drbg_context rng; int rng_init_done; @@ -1270,7 +1278,7 @@ br_ssl_engine_get_hash(br_ssl_engine_context *ctx, int id) /** * \brief Set the PRF implementation (for TLS 1.0 and 1.1). * - * This function sets (or removes, if `impl` is `NULL`) the implemenation + * This function sets (or removes, if `impl` is `NULL`) the implementation * for the PRF used in TLS 1.0 and 1.1. * * \param cc SSL engine context. @@ -1285,7 +1293,7 @@ br_ssl_engine_set_prf10(br_ssl_engine_context *cc, br_tls_prf_impl impl) /** * \brief Set the PRF implementation with SHA-256 (for TLS 1.2). * - * This function sets (or removes, if `impl` is `NULL`) the implemenation + * This function sets (or removes, if `impl` is `NULL`) the implementation * for the SHA-256 variant of the PRF used in TLS 1.2. * * \param cc SSL engine context. @@ -1300,7 +1308,7 @@ br_ssl_engine_set_prf_sha256(br_ssl_engine_context *cc, br_tls_prf_impl impl) /** * \brief Set the PRF implementation with SHA-384 (for TLS 1.2). * - * This function sets (or removes, if `impl` is `NULL`) the implemenation + * This function sets (or removes, if `impl` is `NULL`) the implementation * for the SHA-384 variant of the PRF used in TLS 1.2. * * \param cc SSL engine context. @@ -1908,7 +1916,7 @@ br_ssl_engine_last_error(const br_ssl_engine_context *cc) * Informs the engine that 'len' bytes have been read from the buffer * (extract operation) or written to the buffer (inject operation). * The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed - * that which was obtained from a preceeding br_ssl_engine_xxx_buf() + * that which was obtained from a preceding br_ssl_engine_xxx_buf() * call. */ @@ -2509,7 +2517,7 @@ struct br_ssl_client_context_ { * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, * or 2 to 6 for the SHA family). * - * - If ECDSA is suported with hash function of ID `x`, then bit `8+x` + * - If ECDSA is supported with hash function of ID `x`, then bit `8+x` * is set. * * - Newer algorithms are symbolic 16-bit identifiers that do not @@ -3220,6 +3228,19 @@ typedef struct { void br_ssl_session_cache_lru_init(br_ssl_session_cache_lru *cc, unsigned char *store, size_t store_len); +/** + * \brief Forget an entry in an LRU session cache. + * + * The session cache context must have been initialised. The entry + * with the provided session ID (of exactly 32 bytes) is looked for + * in the cache; if located, it is disabled. + * + * \param cc session cache context. + * \param id session ID to forget. + */ +void br_ssl_session_cache_lru_forget( + br_ssl_session_cache_lru *cc, const unsigned char *id); + /** * \brief Context structure for a SSL server. * @@ -3543,7 +3564,7 @@ br_ssl_server_get_client_suites(const br_ssl_server_context *cc, size_t *num) * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, * or 2 to 6 for the SHA family). * - * - If ECDSA is suported with hash function of ID `x`, then bit `8+x` + * - If ECDSA is supported with hash function of ID `x`, then bit `8+x` * is set. * * - Newer algorithms are symbolic 16-bit identifiers that do not