Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose various APIs necessary for certificate selection logic #240

Merged
merged 10 commits into from
Jun 26, 2024
Merged

Expose various APIs necessary for certificate selection logic #240

merged 10 commits into from
Jun 26, 2024

Conversation

rushilmehra
Copy link
Collaborator

@rushilmehra rushilmehra commented Jun 14, 2024
edited
Loading

No description provided.

@rushilmehra
Impl From for SslSignatureAlgorithm
b7fea02 
This is useful for comparing raw u16s with the various sigalg constants.
@rushilmehra rushilmehra requested a review from ghedo June 14, 2024 00:05
@rushilmehra rushilmehra changed the title Impl From for SslSignatureAlgorithm Expose various APIs necessary for certificate selection logic Jun 18, 2024
@rushilmehra rushilmehra force-pushed the sigalg-from branch 6 times, most recently from 115b5d4 to d5615d4 Compare June 18, 2024 08:21
@rushilmehra rushilmehra mentioned this pull request Jun 18, 2024
Merged
@rushilmehra rushilmehra force-pushed the sigalg-from branch 18 times, most recently from acb86ab to a306c4c Compare June 20, 2024 03:45
@rushilmehra rushilmehra force-pushed the sigalg-from branch 6 times, most recently from 1683cbb to aa88632 Compare June 20, 2024 06:01
ghedo
ghedo reviewed Jun 20, 2024
View reviewed changes
boring/src/ssl/mod.rs
@@ -2264,11 +2268,29 @@ impl ClientHello<'_> {
pub fn random(&self) -> &[u8] {
unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) }
}

/// Returns the raw list of ciphers supported by the client in its Client Hello record.
pub fn ciphers(&self) -> &[u8] {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just returns the raw bytes, but really ciphers are u16, so it would be more helpful if it just returned a slice of u16 instead, but I'm not entirely sure how to do that without re-allocating the whole thing though 😆 ... there's probably some kind of unsavoury trick to do it in Rust...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So unfortunately casting the raw *const u8 to a *const u16 doesn't work, because of pointer alignment issues. It's problematic because the underlying *const u8 comes form the middle of another buffer, specifically the one that holds the incoming Client Hello message body. I think we'll have to copy these bytes into another u16 buffer - do we want to do that? Or do we want to pass the u8 slice to the user and let them parse it themselves?

ghedo
ghedo reviewed Jun 20, 2024
View reviewed changes
boring/src/ssl/mod.rs Outdated Show resolved Hide resolved
@rushilmehra rushilmehra force-pushed the sigalg-from branch 2 times, most recently from 2c704d1 to 1b923f4 Compare June 20, 2024 16:51
@rushilmehra
Add APIs to expose client and server cipher lists
fa46409 
The client sent ciphers in the ClientHello are unparsed and thus require
the user to convert u16s into SslCipher instances. It could be worth
doing this parsing in the library itself to make things consistent and
always return a StackRef<SslCipher>.
@rushilmehra
Expose SSL_{get|set}_{max|min}_proto_version
58a5828
@rushilmehra
Expose SSL_{set|clear}_mode
17870b3
@rushilmehra
Expose SSL_add1_chain_cert
42e7c9d
@rushilmehra
Expose X509_check_host
3dcab4b
@rushilmehra
clippy: *::max_value() -> *::MAX
24a359e
@rushilmehra
Fix workflows file, pin mac os FIPS crossbuild runner to macos-13
fa5ef54 
The macos-13 runner uses intel chips and thus x86, so clang 12.0.0 is
easily available.
@ghedo ghedo merged commit b7baacc into master Jun 26, 2024
23 checks passed
@ghedo ghedo deleted the sigalg-from branch June 26, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghedo ghedo ghedo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rushilmehra @ghedo