Add APIs to expose client and server cipher lists

The client sent ciphers in the ClientHello are unparsed and thus require the user to convert u16s into SslCipher instances. It could be worth doing this parsing in the library itself to make things consistent and always return a StackRef<SslCipher>.
2024-06-18 00:11:44 -07:00 · 2024-06-18 00:11:44 -07:00 · 936d81b4ff
parent 1879e9cff0
commit 936d81b4ff
1 changed files with 30 additions and 0 deletions
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -2270,11 +2270,29 @@ impl ClientHello<'_> {
    pub fn random(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) }
    }
+
+    /// Returns the raw list of ciphers supported by the client in its Client Hello record.
+    pub fn ciphers(&self) -> &[u8] {
+        unsafe { slice::from_raw_parts(self.0.cipher_suites, self.0.cipher_suites_len) }
+    }
 }

 /// Information about a cipher.
 pub struct SslCipher(*mut ffi::SSL_CIPHER);

+impl SslCipher {
+    pub fn from_value(value: u16) -> Option<Self> {
+        unsafe {
+            let ptr = ffi::SSL_get_cipher_by_value(value);
+            if ptr.is_null() {
+                None
+            } else {
+                Some(Self::from_ptr(ptr as *mut ffi::SSL_CIPHER))
+            }
+        }
+    }
+}
+
 impl Stackable for SslCipher {
    type StackType = ffi::stack_st_SSL_CIPHER;
 }
@ -2958,6 +2976,18 @@ impl SslRef {
        }
    }

+    /// Returns the stack of available SslCiphers for `SSL`, sorted by preference.
+    ///
+    /// This corresponds to [`SSL_get_ciphers`].
+    ///
+    /// [`SSL_get_ciphers`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_get_ciphers.html
+    pub fn ciphers(&self) -> &StackRef<SslCipher> {
+        unsafe {
+            let cipher_list = ffi::SSL_get_ciphers(self.as_ptr());
+            StackRef::from_ptr(cipher_list)
+        }
+    }
+
    /// Returns the current cipher if the session is active.
    ///
    /// This corresponds to [`SSL_get_current_cipher`].