Add support for fetching SslCipher stack from ClientHelloResponse

sfackler · May 9, 2023 · 56d2e32 · 56d2e32
1 parent 5d2c405
commit 56d2e32
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
@@ -648,6 +648,15 @@ extern "C" {
         num: size_t,
         readbytes: *mut size_t,
     ) -> c_int;
+    #[cfg(ossl111)]
+    pub fn SSL_bytes_to_cipher_list(
+        s: *mut SSL,
+        bytes: *const c_uchar,
+        len: size_t,
+        isv2format: c_int,
+        sk: *mut *mut stack_st_SSL_CIPHER,
+        scsvs: *mut *mut stack_st_SSL_CIPHER
+    ) -> c_int;
 }
 
 extern "C" {

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -72,7 +72,7 @@ use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};
 use crate::ssl::bio::BioMethod;
 use crate::ssl::callbacks::*;
 use crate::ssl::error::InnerError;
-use crate::stack::{Stack, StackRef};
+use crate::stack::{Stack, StackRef, Stackable};
 use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
 use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
 #[cfg(any(ossl102, libressl261))]
@@ -1940,6 +1940,10 @@ impl ForeignType for SslCipher {
     }
 }
 
+impl Stackable for SslCipher {
+    type StackType = ffi::stack_st_SSL_CIPHER;
+}
+
 impl Deref for SslCipher {
     type Target = SslCipherRef;
 
@@ -2056,6 +2060,12 @@ impl SslCipherRef {
     }
 }
 
+impl fmt::Debug for SslCipherRef {
+    fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(fmt, "{}", self.name())
+    }
+}
+
 foreign_type_and_impl_send_sync! {
     type CType = ffi::SSL_SESSION;
     fn drop = ffi::SSL_SESSION_free;
@@ -3083,6 +3093,40 @@ impl SslRef {
         }
     }
 
+    /// Returns the stack of ciphers from the ciphers field of the client's hello message, and
+    /// the signalling cipher suite values.
+    ///
+    /// This can only be used inside of the client hello callback. Otherwise, `None` is returned.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    #[corresponds(SSL_bytes_to_cipher_list)]
+    #[cfg(ossl111)]
+    pub fn client_hello_ciphers_stack(&self) -> Option<(Stack<SslCipher>, Stack<SslCipher>)> {
+        unsafe {
+            let mut ptr = ptr::null();
+            let len = ffi::SSL_client_hello_get0_ciphers(self.as_ptr(), &mut ptr);
+            if len == 0 {
+                None
+            } else {
+                let mut sk = ptr::null_mut();
+                let mut scsvs = ptr::null_mut();
+                let res = ffi::SSL_bytes_to_cipher_list(
+                    self.as_ptr(),
+                    ptr,
+                    len,
+                    ffi::SSL_client_hello_isv2(self.as_ptr()),
+                    &mut sk,
+                    &mut scsvs,
+                );
+                if res == 1 {
+                    Some((Stack::from_ptr(sk), Stack::from_ptr(scsvs)))
+                } else {
+                    None
+                }
+            }
+        }
+    }
+
     /// Returns the compression methods field of the client's hello message.
     ///
     /// This can only be used inside of the client hello callback. Otherwise, `None` is returned.

diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs
@@ -1457,6 +1457,7 @@ fn client_hello() {
         assert!(ssl.client_hello_random().is_some());
         assert!(ssl.client_hello_session_id().is_some());
         assert!(ssl.client_hello_ciphers().is_some());
+        assert!(ssl.client_hello_ciphers_stack().is_some());
         assert!(ssl.client_hello_compression_methods().is_some());
 
         CALLED_BACK.store(true, Ordering::SeqCst);