Use corresponds macro (#50)

* RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client

X25519MLKEM768 is the standardised successor of the preliminary
X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768.
Cloudflare supports both on the edge.

We've had support for X25519MLKEM768 in this crate for a while, but
didn't enable by default. We're now enabling serverside support by
default. We also let clients advertise support when set
to kx-client-pq-supported.

We don't enable support by default yet for clients set to
kx-client-pq-preferred, as that would cause an extra round-trip due to
HelloRetryRequest if the server doesn't support X25519MLKEM768 yet.

BoringSSL against which we build must support X25519MLKEM768, otherwise
this will fail.

* replace once_cell with LazyLock

We can drop the once_cell dependency since the same functionality is
implemented in std now.

Requires bumping MSRV to 1.80.

* fix manual_c_str_literals clippy warning

* chore: Fix docs on SslRef::replace_ex_data

* Detailed error codes

* Clean up boring_sys::init()

We don't need the workaround that was initially introduced for a bug in
openssl, and OPENSSL_init_ssl always calls into CRYPTO_library_init on
boringssl, so just call it explicitly.

* Expose EVP_HPKE_KEY

* Expose client/server-side ECH

Resolves cloudflare/boring#282

* Clean up ECH tests

* Expose SSL_set_enable_ech_grease

* update

* Use corresponds macro

---------

Co-authored-by: Bas Westerbaan <[email protected]>
Co-authored-by: Alessandro Ghedini <[email protected]>
Co-authored-by: Evan Rittenhouse <[email protected]>
Co-authored-by: Kornel <[email protected]>
Co-authored-by: Rushil Mehra <[email protected]>

Author: 6 people

boring/src/derive.rs

@@ -1,6 +1,7 @@
 //! Shared secret derivation.
 use crate::ffi;
 use foreign_types::ForeignTypeRef;
+use openssl_macros::corresponds;
 use std::marker::PhantomData;
 use std::ptr;
 
@@ -25,10 +26,7 @@ impl Drop for Deriver<'_> {
 #[allow(clippy::len_without_is_empty)]
 impl<'a> Deriver<'a> {
     /// Creates a new `Deriver` using the provided private key.
-    ///
-    /// This corresponds to [`EVP_PKEY_derive_init`].
-    ///
-    /// [`EVP_PKEY_derive_init`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive_init.html
+    #[corresponds(EVP_PKEY_derive_init)]
     pub fn new<T>(key: &'a PKeyRef<T>) -> Result<Deriver<'a>, ErrorStack>
     where
         T: HasPrivate,
@@ -41,10 +39,7 @@ impl<'a> Deriver<'a> {
     }
 
     /// Sets the peer key used for secret derivation.
-    ///
-    /// This corresponds to [`EVP_PKEY_derive_set_peer`]:
-    ///
-    /// [`EVP_PKEY_derive_set_peer`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive_init.html
+    #[corresponds(EVP_PKEY_derive_set_peer)]
     pub fn set_peer<T>(&mut self, key: &'a PKeyRef<T>) -> Result<(), ErrorStack>
     where
         T: HasPublic,
@@ -55,10 +50,7 @@ impl<'a> Deriver<'a> {
     /// Returns the size of the shared secret.
     ///
     /// It can be used to size the buffer passed to [`Deriver::derive`].
-    ///
-    /// This corresponds to [`EVP_PKEY_derive`].
-    ///
-    /// [`Deriver::derive`]: #method.derive
+    #[corresponds(EVP_PKEY_derive)]
     /// [`EVP_PKEY_derive`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive_init.html
     pub fn len(&mut self) -> Result<usize, ErrorStack> {
         unsafe {
@@ -70,10 +62,7 @@ impl<'a> Deriver<'a> {
     /// Derives a shared secret between the two keys, writing it into the buffer.
     ///
     /// Returns the number of bytes written.
-    ///
-    /// This corresponds to [`EVP_PKEY_derive`].
-    ///
-    /// [`EVP_PKEY_derive`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive_init.html
+    #[corresponds(EVP_PKEY_derive)]
     pub fn derive(&mut self, buf: &mut [u8]) -> Result<usize, ErrorStack> {
         let mut len = buf.len();
         unsafe {

boring/src/dh.rs

@@ -1,6 +1,7 @@
 use crate::error::ErrorStack;
 use crate::ffi;
 use foreign_types::{ForeignType, ForeignTypeRef};
+use openssl_macros::corresponds;
 use std::mem;
 use std::ptr;
 
@@ -25,20 +26,14 @@ where
         /// Serializes the parameters into a PEM-encoded PKCS#3 DHparameter structure.
         ///
         /// The output will have a header of `-----BEGIN DH PARAMETERS-----`.
-        ///
-        /// This corresponds to [`PEM_write_bio_DHparams`].
-        ///
-        /// [`PEM_write_bio_DHparams`]: https://www.openssl.org/docs/manmaster/man3/PEM_write_bio_DHparams.html
+        #[corresponds(PEM_write_bio_DHparams)]
         params_to_pem,
         ffi::PEM_write_bio_DHparams
     }
 
     to_der! {
         /// Serializes the parameters into a DER-encoded PKCS#3 DHparameter structure.
-        ///
-        /// This corresponds to [`i2d_DHparams`].
-        ///
-        /// [`i2d_DHparams`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_DHparams.html
+        #[corresponds(i2d_DHparams)]
         params_to_der,
         ffi::i2d_DHparams
     }
@@ -58,21 +53,15 @@ impl Dh<Params> {
         /// Deserializes a PEM-encoded PKCS#3 DHpararameters structure.
         ///
         /// The input should have a header of `-----BEGIN DH PARAMETERS-----`.
-        ///
-        /// This corresponds to [`PEM_read_bio_DHparams`].
-        ///
-        /// [`PEM_read_bio_DHparams`]: https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_DHparams.html
+        #[corresponds(PEM_read_bio_DHparams)]
         params_from_pem,
         Dh<Params>,
         ffi::PEM_read_bio_DHparams
     }
 
     from_der! {
         /// Deserializes a DER-encoded PKCS#3 DHparameters structure.
-        ///
-        /// This corresponds to [`d2i_DHparams`].
-        ///
-        /// [`d2i_DHparams`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_DHparams.html
+        #[corresponds(d2i_DHparams)]
         params_from_der,
         Dh<Params>,
         ffi::d2i_DHparams,

boring/src/dsa.rs

@@ -8,6 +8,7 @@
 use crate::ffi;
 use foreign_types::{ForeignType, ForeignTypeRef};
 use libc::c_uint;
+use openssl_macros::corresponds;
 use std::fmt;
 use std::mem;
 use std::ptr;
@@ -84,20 +85,14 @@ where
         /// Serialies the public key into a PEM-encoded SubjectPublicKeyInfo structure.
         ///
         /// The output will have a header of `-----BEGIN PUBLIC KEY-----`.
-        ///
-        /// This corresponds to [`PEM_write_bio_DSA_PUBKEY`].
-        ///
-        /// [`PEM_write_bio_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/PEM_write_bio_DSA_PUBKEY.html
+        #[corresponds(PEM_write_bio_DSA_PUBKEY)]
         public_key_to_pem,
         ffi::PEM_write_bio_DSA_PUBKEY
     }
 
     to_der! {
         /// Serializes the public key into a DER-encoded SubjectPublicKeyInfo structure.
-        ///
-        /// This corresponds to [`i2d_DSA_PUBKEY`].
-        ///
-        /// [`i2d_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_DSA_PUBKEY.html
+        #[corresponds(i2d_DSA_PUBKEY)]
         public_key_to_der,
         ffi::i2d_DSA_PUBKEY
     }
@@ -120,18 +115,12 @@ where
         /// Serializes the private key to a PEM-encoded DSAPrivateKey structure.
         ///
         /// The output will have a header of `-----BEGIN DSA PRIVATE KEY-----`.
-        ///
-        /// This corresponds to [`PEM_write_bio_DSAPrivateKey`].
-        ///
-        /// [`PEM_write_bio_DSAPrivateKey`]: https://www.openssl.org/docs/man1.1.0/crypto/PEM_write_bio_DSAPrivateKey.html
+        #[corresponds(PEM_write_bio_DSAPrivateKey)]
         private_key_to_pem,
         /// Serializes the private key to a PEM-encoded encrypted DSAPrivateKey structure.
         ///
         /// The output will have a header of `-----BEGIN DSA PRIVATE KEY-----`.
-        ///
-        /// This corresponds to [`PEM_write_bio_DSAPrivateKey`].
-        ///
-        /// [`PEM_write_bio_DSAPrivateKey`]: https://www.openssl.org/docs/man1.1.0/crypto/PEM_write_bio_DSAPrivateKey.html
+        #[corresponds(PEM_write_bio_DSAPrivateKey)]
         private_key_to_pem_passphrase,
         ffi::PEM_write_bio_DSAPrivateKey
     }
@@ -151,10 +140,7 @@ where
     T: HasParams,
 {
     /// Returns the maximum size of the signature output by `self` in bytes.
-    ///
-    /// OpenSSL documentation at [`DSA_size`]
-    ///
-    /// [`DSA_size`]: https://www.openssl.org/docs/man1.1.0/crypto/DSA_size.html
+    #[corresponds(DSA_size)]
     pub fn size(&self) -> u32 {
         unsafe { ffi::DSA_size(self.as_ptr()) as u32 }
     }
@@ -244,21 +230,15 @@ impl Dsa<Public> {
         /// Decodes a PEM-encoded SubjectPublicKeyInfo structure containing a DSA key.
         ///
         /// The input should have a header of `-----BEGIN PUBLIC KEY-----`.
-        ///
-        /// This corresponds to [`PEM_read_bio_DSA_PUBKEY`].
-        ///
-        /// [`PEM_read_bio_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_DSA_PUBKEY.html
+        #[corresponds(PEM_read_bio_DSA_PUBKEY)]
         public_key_from_pem,
         Dsa<Public>,
         ffi::PEM_read_bio_DSA_PUBKEY
     }
 
     from_der! {
         /// Decodes a DER-encoded SubjectPublicKeyInfo structure containing a DSA key.
-        ///
-        /// This corresponds to [`d2i_DSA_PUBKEY`].
-        ///
-        /// [`d2i_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_DSA_PUBKEY.html
+        #[corresponds(d2i_DSA_PUBKEY)]
         public_key_from_der,
         Dsa<Public>,
         ffi::d2i_DSA_PUBKEY,