From 936d81b4ff81ecaa4c6424eb531ed902fb1ca85a Mon Sep 17 00:00:00 2001 From: Rushil Mehra Date: Tue, 18 Jun 2024 00:11:44 -0700 Subject: [PATCH] Add APIs to expose client and server cipher lists The client sent ciphers in the ClientHello are unparsed and thus require the user to convert u16s into SslCipher instances. It could be worth doing this parsing in the library itself to make things consistent and always return a StackRef. --- boring/src/ssl/mod.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index f05108fb..7f1c3a23 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -2270,11 +2270,29 @@ impl ClientHello<'_> { pub fn random(&self) -> &[u8] { unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) } } + + /// Returns the raw list of ciphers supported by the client in its Client Hello record. + pub fn ciphers(&self) -> &[u8] { + unsafe { slice::from_raw_parts(self.0.cipher_suites, self.0.cipher_suites_len) } + } } /// Information about a cipher. pub struct SslCipher(*mut ffi::SSL_CIPHER); +impl SslCipher { + pub fn from_value(value: u16) -> Option { + unsafe { + let ptr = ffi::SSL_get_cipher_by_value(value); + if ptr.is_null() { + None + } else { + Some(Self::from_ptr(ptr as *mut ffi::SSL_CIPHER)) + } + } + } +} + impl Stackable for SslCipher { type StackType = ffi::stack_st_SSL_CIPHER; } @@ -2958,6 +2976,18 @@ impl SslRef { } } + /// Returns the stack of available SslCiphers for `SSL`, sorted by preference. + /// + /// This corresponds to [`SSL_get_ciphers`]. + /// + /// [`SSL_get_ciphers`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_get_ciphers.html + pub fn ciphers(&self) -> &StackRef { + unsafe { + let cipher_list = ffi::SSL_get_ciphers(self.as_ptr()); + StackRef::from_ptr(cipher_list) + } + } + /// Returns the current cipher if the session is active. /// /// This corresponds to [`SSL_get_current_cipher`].