src: move cipher list iteration to ncrypto

jasnell · jasnell · commit 4c446ad40f9c · 2025-03-10T14:24:52.000-07:00
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -3717,6 +3717,76 @@ DataPointer Cipher::recover(const EVPKeyPointer& key,
       key, params, in);
 }
 
+namespace {
+struct CipherCallbackContext {
+  Cipher::CipherNameCallback cb;
+  void operator()(std::string_view name) {
+    cb(name);
+  }
+};
+
+#if OPENSSL_VERSION_MAJOR >= 3
+template <class TypeName,
+          TypeName* fetch_type(OSSL_LIB_CTX*, const char*, const char*),
+          void free_type(TypeName*),
+          const TypeName* getbyname(const char*),
+          const char* getname(const TypeName*)>
+void array_push_back(const TypeName* evp_ref,
+                     const char* from,
+                     const char* to,
+                     void* arg) {
+  if (from == nullptr) return;
+
+  const TypeName* real_instance = getbyname(from);
+  if (!real_instance) return;
+
+  const char* real_name = getname(real_instance);
+  if (!real_name) return;
+
+  // EVP_*_fetch() does not support alias names, so we need to pass it the
+  // real/original algorithm name.
+  // We use EVP_*_fetch() as a filter here because it will only return an
+  // instance if the algorithm is supported by the public OpenSSL APIs (some
+  // algorithms are used internally by OpenSSL and are also passed to this
+  // callback).
+  TypeName* fetched = fetch_type(nullptr, real_name, nullptr);
+  if (fetched == nullptr) return;
+
+  free_type(fetched);
+  auto& cb = *(static_cast<CipherCallbackContext*>(arg));
+  cb(from);
+}
+#else
+template <class TypeName>
+void array_push_back(const TypeName* evp_ref,
+                      const char* from,
+                      const char* to,
+                      void* arg) {
+  if (!from) return;
+  auto& cb = *(static_cast<CipherCallbackContext*>(arg));
+  cb(from);
+}
+#endif
+}  // namespace
+
+void Cipher::ForEach(Cipher::CipherNameCallback callback) {
+  ClearErrorOnReturn clearErrorOnReturn;
+  CipherCallbackContext context;
+  context.cb = std::move(callback);
+
+  EVP_CIPHER_do_all_sorted(
+#if OPENSSL_VERSION_MAJOR >= 3
+    array_push_back<EVP_CIPHER,
+                    EVP_CIPHER_fetch,
+                    EVP_CIPHER_free,
+                    EVP_get_cipherbyname,
+                    EVP_CIPHER_get0_name>,
+#else
+    array_push_back<EVP_CIPHER>,
+#endif
+    &context);
+}
+
 // ============================================================================
 
 Ec::Ec() : ec_(nullptr) {}
diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
@@ -287,6 +287,12 @@ class Cipher final {
   static const Cipher FromNid(int nid);
   static const Cipher FromCtx(const CipherCtxPointer& ctx);
 
+  using CipherNameCallback = std::function<void(std::string_view name)>;
+
+  // Iterates the known ciphers if the underlying implementation
+  // is able to do so.
+  static void ForEach(CipherNameCallback callback);
+
   // Utilities to get various ciphers by type. If the underlying
   // implementation does not support the requested cipher, then
   // the result will be an empty Cipher object whose bool operator
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
@@ -182,20 +182,28 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
 
 void CipherBase::GetCiphers(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
-  MarkPopErrorOnReturn mark_pop_error_on_return;
-  CipherPushContext ctx(env);
-  EVP_CIPHER_do_all_sorted(
-#if OPENSSL_VERSION_MAJOR >= 3
-    array_push_back<EVP_CIPHER,
-                    EVP_CIPHER_fetch,
-                    EVP_CIPHER_free,
-                    EVP_get_cipherbyname,
-                    EVP_CIPHER_get0_name>,
-#else
-    array_push_back<EVP_CIPHER>,
-#endif
-    &ctx);
-  args.GetReturnValue().Set(ctx.ToJSArray());
+  LocalVector<Value> ciphers(env->isolate());
+  bool errored = false;
+  Cipher::ForEach([&](std::string_view name) {
+    // If a prior iteration errored, do nothing further. We apparently
+    // can't actually stop openssl from stopping its iteration here.
+    // But why does it matter? Good question.
+    if (errored) return;
+    Local<Value> val;
+    if (!ToV8Value(env->context(), name, env->isolate()).ToLocal(&val)) {
+      errored = true;
+      return;
+    }
+    ciphers.push_back(val);
+  });
+
+  // If errored is true here, then we encountered a JavaScript error
+  // while trying to create the V8 String from the std::string_view
+  // in the iteration callback. That means we need to throw.
+  if (!errored) {
+    args.GetReturnValue().Set(
+        Array::New(env->isolate(), ciphers.data(), ciphers.size()));
+  }
 }
 
 CipherBase::CipherBase(Environment* env,
diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
@@ -479,65 +479,6 @@ void ThrowCryptoError(Environment* env,
                       unsigned long err,  // NOLINT(runtime/int)
                       const char* message = nullptr);
 
-class CipherPushContext final {
- public:
-  inline explicit CipherPushContext(Environment* env)
-      : list_(env->isolate()), env_(env) {}
-
-  inline void push_back(const char* str) {
-    list_.emplace_back(OneByteString(env_->isolate(), str));
-  }
-
-  inline v8::Local<v8::Array> ToJSArray() {
-    return v8::Array::New(env_->isolate(), list_.data(), list_.size());
-  }
-
- private:
-  v8::LocalVector<v8::Value> list_;
-  Environment* env_;
-};
-
-#if OPENSSL_VERSION_MAJOR >= 3
-template <class TypeName,
-          TypeName* fetch_type(OSSL_LIB_CTX*, const char*, const char*),
-          void free_type(TypeName*),
-          const TypeName* getbyname(const char*),
-          const char* getname(const TypeName*)>
-void array_push_back(const TypeName* evp_ref,
-                     const char* from,
-                     const char* to,
-                     void* arg) {
-  if (!from) return;
-
-  const TypeName* real_instance = getbyname(from);
-  if (!real_instance) return;
-
-  const char* real_name = getname(real_instance);
-  if (!real_name) return;
-
-  // EVP_*_fetch() does not support alias names, so we need to pass it the
-  // real/original algorithm name.
-  // We use EVP_*_fetch() as a filter here because it will only return an
-  // instance if the algorithm is supported by the public OpenSSL APIs (some
-  // algorithms are used internally by OpenSSL and are also passed to this
-  // callback).
-  TypeName* fetched = fetch_type(nullptr, real_name, nullptr);
-  if (!fetched) return;
-
-  free_type(fetched);
-  static_cast<CipherPushContext*>(arg)->push_back(from);
-}
-#else
-template <class TypeName>
-void array_push_back(const TypeName* evp_ref,
-                     const char* from,
-                     const char* to,
-                     void* arg) {
-  if (!from) return;
-  static_cast<CipherPushContext*>(arg)->push_back(from);
-}
-#endif
-
 // WebIDL AllowSharedBufferSource.
 inline bool IsAnyBufferSource(v8::Local<v8::Value> arg) {
   return arg->IsArrayBufferView() ||
