Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose various APIs necessary for certificate selection logic #240

Merged
merged 10 commits into from
Jun 26, 2024

Conversation

rushilmehra
Copy link
Collaborator

@rushilmehra rushilmehra commented Jun 14, 2024

No description provided.

This is useful for comparing raw u16s with the various sigalg constants.
@rushilmehra rushilmehra requested a review from ghedo June 14, 2024 00:05
@rushilmehra rushilmehra changed the title Impl From for SslSignatureAlgorithm Expose various APIs necessary for certificate selection logic Jun 18, 2024
@rushilmehra rushilmehra force-pushed the sigalg-from branch 6 times, most recently from 115b5d4 to d5615d4 Compare June 18, 2024 08:21
@rushilmehra rushilmehra force-pushed the sigalg-from branch 18 times, most recently from acb86ab to a306c4c Compare June 20, 2024 03:45
@rushilmehra rushilmehra force-pushed the sigalg-from branch 6 times, most recently from 1683cbb to aa88632 Compare June 20, 2024 06:01
@@ -2264,11 +2268,29 @@ impl ClientHello<'_> {
pub fn random(&self) -> &[u8] {
unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) }
}

/// Returns the raw list of ciphers supported by the client in its Client Hello record.
pub fn ciphers(&self) -> &[u8] {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just returns the raw bytes, but really ciphers are u16, so it would be more helpful if it just returned a slice of u16 instead, but I'm not entirely sure how to do that without re-allocating the whole thing though 😆 ... there's probably some kind of unsavoury trick to do it in Rust...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So unfortunately casting the raw *const u8 to a *const u16 doesn't work, because of pointer alignment issues. It's problematic because the underlying *const u8 comes form the middle of another buffer, specifically the one that holds the incoming Client Hello message body. I think we'll have to copy these bytes into another u16 buffer - do we want to do that? Or do we want to pass the u8 slice to the user and let them parse it themselves?

boring/src/ssl/mod.rs Outdated Show resolved Hide resolved
@rushilmehra rushilmehra force-pushed the sigalg-from branch 2 times, most recently from 2c704d1 to 1b923f4 Compare June 20, 2024 16:51
The client sent ciphers in the ClientHello are unparsed and thus require
the user to convert u16s into SslCipher instances. It could be worth
doing this parsing in the library itself to make things consistent and
always return a StackRef<SslCipher>.
The macos-13 runner uses intel chips and thus x86, so clang 12.0.0 is
easily available.
@ghedo ghedo merged commit b7baacc into master Jun 26, 2024
23 checks passed
@ghedo ghedo deleted the sigalg-from branch June 26, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants