Refactored: Moved TLSGroups to new branch feature/named_group

Author: kraemv

src/constants.rs

@@ -144,21 +144,17 @@ pub fn named_group_to_tls_name(id: NamedGroup) -> Option<&'static CStr> {
 pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
     use NamedGroup::*;
 
-    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
-    // have a constant for this to import.
-    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
     // See NID_ffhdhe* from obj_mac.h - openssl-sys does not have
     // constants for these to import.
     const NID_FFDHE2048: c_int = 1126;
     const NID_FFDHE3072: c_int = 1127;
     const NID_FFDHE4096: c_int = 1128;
     const NID_FFDHE6144: c_int = 1129;
     const NID_FFDHE8192: c_int = 1130;
-    // See NID_ML_KEM_* from obj_mac.h - openssl-sys does not have
-    // constants for these to import.
-    const NID_ML_KEM_512: c_int = 1454;
-    const NID_ML_KEM_768: c_int = 1455;
-    const NID_ML_KEM_1024: c_int = 1456;
+
+    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
+    // have a constant for this to import.
+    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
 
     match group {
         secp256r1 => Some(NID_X9_62_prime256v1),
@@ -171,9 +167,6 @@ pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
         FFDHE4096 => Some(NID_FFDHE4096),
         FFDHE6144 => Some(NID_FFDHE6144),
         FFDHE8192 => Some(NID_FFDHE8192),
-        MLKEM512 => Some(NID_ML_KEM_512),
-        MLKEM768 => Some(NID_ML_KEM_768),
-        MLKEM1024 => Some(NID_ML_KEM_1024),
         other => Some(TLSEXT_NID_UNKNOWN | u16::from(other) as c_int),
     }
 }

src/lib.rs

@@ -13,7 +13,9 @@ use openssl_sys::{
 };
 
 use rustls::client::Resumption;
-use rustls::crypto::{aws_lc_rs as provider, SupportedKxGroup};
+use rustls::crypto::aws_lc_rs as provider;
+use rustls::crypto::aws_lc_rs::Ticketer;
+use rustls::crypto::SupportedKxGroup;
 use rustls::pki_types::{CertificateDer, ServerName};
 use rustls::server::{Accepted, Acceptor, ProducesTickets};
 use rustls::{
@@ -101,7 +103,7 @@ pub struct SslCipher {
     pub standard_name: &'static CStr,
     pub version: &'static CStr,
     pub description: &'static CStr,
-    rustls: &'static rustls::SupportedCipherSuite,
+    pub rustls: CipherSuite,
 }
 
 impl SslCipher {
@@ -133,7 +135,7 @@ impl SslCipher {
     }
 
     pub fn protocol_id(&self) -> u16 {
-        u16::from(self.rustls.suite())
+        u16::from(self.rustls)
     }
 
     pub fn openssl_id(&self) -> u32 {
@@ -142,102 +144,102 @@ impl SslCipher {
 }
 
 static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 128,
     openssl_name: c"ECDHE-ECDSA-AES128-GCM-SHA256",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 };
 
 static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
     openssl_name: c"ECDHE-ECDSA-AES256-GCM-SHA384",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 };
 
 static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
     openssl_name: c"ECDHE-ECDSA-CHACHA20-POLY1305",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
 };
 
 static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 128,
     openssl_name: c"ECDHE-RSA-AES128-GCM-SHA256",
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 };
 
 static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
     openssl_name: c"ECDHE-RSA-AES256-GCM-SHA384",
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 };
 
 static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
     openssl_name: c"ECDHE-RSA-CHACHA20-POLY1305",
     standard_name: c"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2 Kx=ECDH     Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 };
 
 static TLS13_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 128,
     openssl_name: c"TLS_AES_128_GCM_SHA256",
     standard_name: c"TLS_AES_128_GCM_SHA256",
     version: c"TLSv1.3",
     description: c"TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_AES_128_GCM_SHA256,
 };
 
 static TLS13_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 256,
     openssl_name: c"TLS_AES_256_GCM_SHA384",
     standard_name: c"TLS_AES_256_GCM_SHA384",
     version: c"TLSv1.3",
     description: c"TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_AES_256_GCM_SHA384,
 };
 
 static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 256,
     openssl_name: c"TLS_CHACHA20_POLY1305_SHA256",
     standard_name: c"TLS_CHACHA20_POLY1305_SHA256",
     version: c"TLSv1.3",
     description: c"TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
 };
 
 /// Backs a server-side SSL_SESSION object
@@ -470,7 +472,7 @@ impl SslContext {
         // a ticketer. Doing so is wasteful for a client, and incompatible with miri
         // (due to calls to a foreign function, `RAND_bytes`).
         let ticketer = match !method.server_versions.is_empty() && cfg!(not(miri)) {
-            true => provider::Ticketer::new().ok(),
+            true => Ticketer::new().ok(),
             false => None,
         };
         Self {
@@ -1109,7 +1111,6 @@ impl Ssl {
         if let ConnMode::Unknown = self.mode {
             self.set_client_mode();
         }
-
         if matches!(self.conn, ConnState::Nothing) {
             self.init_client_conn()?;
         }