Add SSL_get_ivs.

This function allows one to extract the current IVs from an SSL connection. This is needed for the CBC cipher suites with implicit IVs because, for those, the IV can't be extracted from the handshake key material. Change-Id: I247a1d0813b7a434b3cfc88db86d2fe8754344b6 Reviewed-on: https://boringssl-review.googlesource.com/6433 Reviewed-by: Adam Langley <agl@google.com>
author: Adam Langley <agl@google.com> 2015-11-04 05:36:10 +0300
committer: Adam Langley <agl@google.com> 2015-11-04 22:45:28 +0300
commit: c2d3280f0f783caf62c2276a354f6c80ff93c5e9 (patch)
tree: 50e4426973515813e534bf9797e8a1a106b86d77 /include/openssl/aead.h
parent: a97b737fb09509dcedf0d15b51b60d2349821605 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/include/openssl/aead.h b/include/openssl/aead.h
index aa2b080d..ba8e2df0 100644
--- a/include/openssl/aead.h
+++ b/include/openssl/aead.h
@@ -330,6 +330,13 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
 OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx,
                                               const RC4_KEY **out_key);
 
+/* EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and
+ * sets |*out_iv| to point to that many bytes of the current IV. This is only
+ * meaningful for AEADs with implicit IVs (i.e. CBC mode in SSLv3 and TLS 1.0).
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,
+                                       const uint8_t **out_iv, size_t *out_len);
 
 #if defined(__cplusplus)
 }  /* extern C */
author	Adam Langley <agl@google.com>	2015-11-04 05:36:10 +0300
committer	Adam Langley <agl@google.com>	2015-11-04 22:45:28 +0300
commit	c2d3280f0f783caf62c2276a354f6c80ff93c5e9 (patch)
tree	50e4426973515813e534bf9797e8a1a106b86d77 /include/openssl/aead.h
parent	a97b737fb09509dcedf0d15b51b60d2349821605 (diff)