commit 928f32a49205e77eec3ec3c07f0de8517dfee2ca
author David Benjamin <davidben@chromium.org> Tue Dec 29 23:32:29 2015 -0500
committer Adam Langley <alangley@gmail.com> Fri Jan 15 22:09:24 2016 +0000
tree e880e30103ce515400b419945db4b97c47ac0a4a
parent baa1216ac0586cfcf44f9b8703f4f27482a79c77

Add APIs to extract the SSL key block.

This is a companion to SSL_get_rc4_state and SSL_get_ivs which doesn't
require poking at internal state. Partly since it aligns with the
current code and partly the off chance we ever need to get
wpa_supplicant's EAP-FAST code working, the API allows one to generate
more key material than is actually in the key block.

Change-Id: I58bc3f2b017482dbb8567dcd0cd754947a95397f
Reviewed-on: https://boringssl-review.googlesource.com/6839
Reviewed-by: Adam Langley <alangley@gmail.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index be48995..af1f7b8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2592,6 +2592,14 @@
                                const uint8_t **out_write_iv,
                                size_t *out_iv_len);
 
+/* SSL_get_key_block_len returns the length of |ssl|'s key block. */
+OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl);
+
+/* SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s
+ * current connection state. */
+OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out,
+                                          size_t out_len);
+
 /* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and
  * SSL_SESSION structures so that a test can ensure that outside code agrees on
  * these values. */