crypto: do not advertise unsupported algorithms

mscdex · mscdex · commit 7c6f4beda25d · 2022-02-05T15:13:50.000-05:00
Fixes: #41857
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
@@ -235,8 +235,15 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
 
 void CipherBase::GetCiphers(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  MarkPopErrorOnReturn mark_pop_error_on_return;
   CipherPushContext ctx(env);
-  EVP_CIPHER_do_all_sorted(array_push_back<EVP_CIPHER>, &ctx);
+  EVP_CIPHER_do_all_sorted(
+    array_push_back<EVP_CIPHER,
+                    EVP_CIPHER_fetch,
+                    EVP_CIPHER_free,
+                    EVP_get_cipherbyname,
+                    EVP_CIPHER_get0_name>,
+    &ctx);
   args.GetReturnValue().Set(ctx.ToJSArray());
 }
 
diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc
@@ -35,8 +35,15 @@ void Hash::MemoryInfo(MemoryTracker* tracker) const {
 
 void Hash::GetHashes(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  MarkPopErrorOnReturn mark_pop_error_on_return;
   CipherPushContext ctx(env);
-  EVP_MD_do_all_sorted(array_push_back<EVP_MD>, &ctx);
+  EVP_MD_do_all_sorted(
+    array_push_back<EVP_MD,
+                    EVP_MD_fetch,
+                    EVP_MD_free,
+                    EVP_get_digestbyname,
+                    EVP_MD_get0_name>,
+    &ctx);
   args.GetReturnValue().Set(ctx.ToJSArray());
 }
 
diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
@@ -616,11 +616,37 @@ class CipherPushContext {
   Environment* env_;
 };
 
-template <class TypeName>
-void array_push_back(const TypeName* md,
+template <class TypeName,
+          TypeName* fetch_type(OSSL_LIB_CTX*, const char*, const char*),
+          void free_type(TypeName*),
+          const TypeName* getbyname(const char *),
+          const char* getname(const TypeName*)>
+void array_push_back(const TypeName* evp_ref,
                      const char* from,
                      const char* to,
                      void* arg) {
+  if (!from)
+    return;
+
+  const TypeName* real_instance = getbyname(from);
+  if (!real_instance)
+    return;
+
+  const char* real_name = getname(real_instance);
+  if (!real_name)
+    return;
+
+  // EVP_*_fetch() does not support alias names, so we need to pass it the
+  // real/original algorithm name
+  // We use EVP_*_fetch() as a filter here because it will only return an
+  // instance if the algorithm is supported by the public OpenSSL APIs (some
+  // algorithms are used internally by OpenSSL and are also passed to this
+  // callback)
+  TypeName* fetched = fetch_type(nullptr, real_name, nullptr);
+  if (!fetched)
+    return;
+
+  free_type(fetched);
   static_cast<CipherPushContext*>(arg)->push_back(from);
 }
 
