Refactored: Moved TLSGroups to new branch feature/named_group

Author: kraemv

.github/workflows/libssl.yaml

@@ -261,7 +261,7 @@ jobs:
           make package-${{ matrix.package }} PROFILE=release
 
       - name: Archive package
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ matrix.package }} package built on ${{ matrix.container }} ${{ matrix.version }}
           path: target/dist/*.${{ matrix.package }}

MATRIX.md

@@ -384,7 +384,7 @@
 | `SSL_get_version`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_wbio`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_wfd`  |  |  |  |  |
-| `SSL_group_to_name`  |  |  |  | :white_check_mark: |
+| `SSL_group_to_name`  |  |  |  |  |
 | `SSL_has_matching_session_id`  |  |  |  |  |
 | `SSL_has_pending`  |  |  |  | :white_check_mark: |
 | `SSL_in_before`  |  |  |  | :white_check_mark: |

build.rs

@@ -193,7 +193,6 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_get_verify_result",
     "SSL_get_version",
     "SSL_get_wbio",
-    "SSL_group_to_name",
     "SSL_has_pending",
     "SSL_in_before",
     "SSL_in_init",

src/constants.rs

@@ -123,21 +123,17 @@ pub fn sig_scheme_to_type_nid(scheme: SignatureScheme) -> Option<c_int> {
 pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
     use NamedGroup::*;
 
-    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
-    // have a constant for this to import.
-    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
     // See NID_ffhdhe* from obj_mac.h - openssl-sys does not have
     // constants for these to import.
     const NID_FFDHE2048: c_int = 1126;
     const NID_FFDHE3072: c_int = 1127;
     const NID_FFDHE4096: c_int = 1128;
     const NID_FFDHE6144: c_int = 1129;
     const NID_FFDHE8192: c_int = 1130;
-    // See NID_ML_KEM_* from obj_mac.h - openssl-sys does not have
-    // constants for these to import.
-    const NID_ML_KEM_512: c_int = 1454;
-    const NID_ML_KEM_768: c_int = 1455;
-    const NID_ML_KEM_1024: c_int = 1456;
+
+    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
+    // have a constant for this to import.
+    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
 
     match group {
         secp256r1 => Some(NID_X9_62_prime256v1),
@@ -150,9 +146,6 @@ pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
         FFDHE4096 => Some(NID_FFDHE4096),
         FFDHE6144 => Some(NID_FFDHE6144),
         FFDHE8192 => Some(NID_FFDHE8192),
-        MLKEM512 => Some(NID_ML_KEM_512),
-        MLKEM768 => Some(NID_ML_KEM_768),
-        MLKEM1024 => Some(NID_ML_KEM_1024),
         other => Some(TLSEXT_NID_UNKNOWN | u16::from(other) as c_int),
     }
 }

src/entry.rs

@@ -1475,20 +1475,6 @@ entry! {
     }
 }
 
-entry! {
-    pub fn _SSL_group_to_name(ssl: *const SSL, id: c_int) -> *const c_char {
-        try_clone_arc!(ssl)
-            .get()
-            .get_groups()
-            .iter()
-            .find(|group| named_group_to_nid(group.name()) == Some(id))
-            .map(|group| group.name())
-            .and_then(crate::TlsGroupInfo::find_by_id)
-            .map(|group| group.tls_name.as_ptr())
-            .unwrap_or_else(ptr::null)
-    }
-}
-
 entry! {
     pub fn _SSL_version(ssl: *const SSL) -> c_int {
         try_clone_arc!(ssl)

src/lib.rs

@@ -242,158 +242,6 @@ static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     rustls: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
 };
 
-#[allow(dead_code)]
-struct TlsGroupInfo {
-    pub tls_name: &'static CStr,
-    pub standard_name: &'static CStr,
-    pub algorithm: &'static CStr,
-    pub secbits: usize,
-    pub group_id: NamedGroup,
-}
-
-impl TlsGroupInfo {
-    pub fn find_by_id(id: NamedGroup) -> Option<&'static Self> {
-        match id {
-            NamedGroup::secp256r1 => Some(&SECP256R1),
-            NamedGroup::secp384r1 => Some(&SECP384R1),
-            NamedGroup::secp521r1 => Some(&SECP521R1),
-            NamedGroup::X25519 => Some(&X25519),
-            NamedGroup::X448 => Some(&X448),
-            NamedGroup::FFDHE2048 => Some(&FFDHE2048),
-            NamedGroup::FFDHE3072 => Some(&FFDHE3072),
-            NamedGroup::FFDHE4096 => Some(&FFDHE4096),
-            NamedGroup::FFDHE6144 => Some(&FFDHE6144),
-            NamedGroup::FFDHE8192 => Some(&FFDHE8192),
-            NamedGroup::MLKEM512 => Some(&MLKEM512),
-            NamedGroup::MLKEM768 => Some(&MLKEM768),
-            NamedGroup::MLKEM1024 => Some(&MLKEM1024),
-            NamedGroup::X25519MLKEM768 => Some(&X25519MLKEM768),
-            NamedGroup::secp256r1MLKEM768 => Some(&SECP256R1_MLKEM768),
-            _ => None,
-        }
-    }
-}
-
-static SECP256R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp256r1",
-    standard_name: c"prime256v1",
-    algorithm: c"EC",
-    secbits: 128,
-    group_id: NamedGroup::secp256r1,
-};
-
-static SECP384R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp384r1",
-    standard_name: c"secp384r1",
-    algorithm: c"EC",
-    secbits: 192,
-    group_id: NamedGroup::secp384r1,
-};
-
-static SECP521R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp521r1",
-    standard_name: c"secp521r1",
-    algorithm: c"EC",
-    secbits: 256,
-    group_id: NamedGroup::secp521r1,
-};
-
-static X25519: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"x25519",
-    standard_name: c"X25519",
-    algorithm: c"X25519",
-    secbits: 128,
-    group_id: NamedGroup::X25519,
-};
-
-static X448: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"x448",
-    standard_name: c"X448",
-    algorithm: c"X448",
-    secbits: 224,
-    group_id: NamedGroup::X448,
-};
-
-static FFDHE2048: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe2048",
-    standard_name: c"ffdhe2048",
-    algorithm: c"DH",
-    secbits: 112,
-    group_id: NamedGroup::FFDHE2048,
-};
-
-static FFDHE3072: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe3072",
-    standard_name: c"ffdhe3072",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE3072,
-};
-
-static FFDHE4096: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe4096",
-    standard_name: c"ffdhe4096",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE4096,
-};
-
-static FFDHE6144: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe6144",
-    standard_name: c"ffdhe6144",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE6144,
-};
-
-static FFDHE8192: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe8192",
-    standard_name: c"ffdhe8192",
-    algorithm: c"DH",
-    secbits: 192,
-    group_id: NamedGroup::FFDHE8192,
-};
-
-static MLKEM512: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM512",
-    standard_name: c"",
-    algorithm: c"ML-KEM-512",
-    secbits: 128,
-    group_id: NamedGroup::MLKEM512,
-};
-
-static MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM768",
-    standard_name: c"",
-    algorithm: c"ML-KEM-768",
-    secbits: 192,
-    group_id: NamedGroup::MLKEM768,
-};
-
-static MLKEM1024: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM1024",
-    standard_name: c"",
-    algorithm: c"ML-KEM-1024",
-    secbits: 256,
-    group_id: NamedGroup::MLKEM1024,
-};
-
-static X25519MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"X25519MLKEM768",
-    standard_name: c"",
-    algorithm: c"X25519MLKEM768",
-    secbits: 192,
-    group_id: NamedGroup::X25519MLKEM768,
-};
-
-static SECP256R1_MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"SecP256r1MLKEM768",
-    standard_name: c"",
-    algorithm: c"SecP256r1MLKEM768",
-    secbits: 192,
-    group_id: NamedGroup::secp256r1MLKEM768,
-};
-
 /// Backs a server-side SSL_SESSION object
 ///
 /// Note that this has equality and ordering entirely based on the `id` field.
@@ -614,7 +462,6 @@ pub struct SslContext {
     info_callback: callbacks::InfoCallbackConfig,
     client_hello_callback: callbacks::ClientHelloCallbackConfig,
     auth_keys: sign::CertifiedKeySet,
-    groups: Vec<&'static dyn SupportedKxGroup>,
     max_early_data: u32,
 }
 
@@ -647,7 +494,6 @@ impl SslContext {
             info_callback: callbacks::InfoCallbackConfig::default(),
             client_hello_callback: callbacks::ClientHelloCallbackConfig::default(),
             auth_keys: sign::CertifiedKeySet::default(),
-            groups: provider::default_provider().kx_groups.clone(),
             max_early_data: 0,
         }
     }
@@ -678,10 +524,6 @@ impl SslContext {
         self.raw_options
     }
 
-    fn get_groups(&self) -> &Vec<&'static dyn SupportedKxGroup> {
-        &self.groups
-    }
-
     fn get_num_tickets(&self) -> usize {
         self.num_tickets
     }
@@ -1041,10 +883,6 @@ impl Ssl {
         self.raw_options
     }
 
-    fn get_groups(&self) -> &Vec<&'static dyn SupportedKxGroup> {
-        self.ctx.get().get_groups()
-    }
-
     fn get_num_tickets(&self) -> usize {
         self.num_tickets
     }