ML-KEM/ML-DSA part 1: openssl-sys changes

swenson · swenson · commit e11aa92365b8 · 2025-08-28T19:48:46.000-07:00
Splitting up sfackler#2405 into a few parts as suggest by @alex. This adds the non-param-builder openssl-sys changes.
diff --git a/openssl-sys/src/core_dispatch.rs b/openssl-sys/src/core_dispatch.rs
@@ -0,0 +1,11 @@
+use super::*;
+use libc::*;
+
+/* OpenSSL 3.* only */
+
+pub const OSSL_KEYMGMT_SELECT_PRIVATE_KEY: c_int = 0x01;
+pub const OSSL_KEYMGMT_SELECT_PUBLIC_KEY: c_int = 0x02;
+pub const OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS: c_int = 0x04;
+pub const OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS: c_int = 0x80;
+pub const OSSL_KEYMGMT_SELECT_ALL_PARAMETERS: c_int =
+    OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs
@@ -38,6 +38,15 @@ pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9;
 pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10;
 pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11;
 
+#[cfg(ossl300)]
+pub const EVP_PKEY_KEY_PARAMETERS: c_int = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+#[cfg(ossl300)]
+pub const EVP_PKEY_PRIVATE_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+#[cfg(ossl300)]
+pub const EVP_PKEY_PUBLIC_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+#[cfg(ossl300)]
+pub const EVP_PKEY_KEYPAIR: c_int = EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+
 pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD {
     EVP_get_digestbyname(OBJ_nid2sn(type_))
 }
diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs
@@ -493,6 +493,27 @@ extern "C" {
     #[cfg(any(ossl110, libressl270))]
     pub fn EVP_PKEY_up_ref(pkey: *mut EVP_PKEY) -> c_int;
 
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_fromdata_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_fromdata(
+        ctx: *mut EVP_PKEY_CTX,
+        ppkey: *mut *mut EVP_PKEY,
+        selection: c_int,
+        param: *mut OSSL_PARAM,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_todata(
+        ppkey: *const EVP_PKEY,
+        selection: c_int,
+        param: *mut *mut OSSL_PARAM,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_generate(ctx: *mut EVP_PKEY_CTX, k: *mut *mut EVP_PKEY) -> c_int;
+
     pub fn d2i_AutoPrivateKey(
         a: *mut *mut EVP_PKEY,
         pp: *mut *const c_uchar,
@@ -539,6 +560,12 @@ extern "C" {
 
     pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
     pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_CTX_new_from_name(
+        libctx: *mut OSSL_LIB_CTX,
+        name: *const c_char,
+        propquery: *const c_char,
+    ) -> *mut EVP_PKEY_CTX;
     pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
 
     pub fn EVP_PKEY_CTX_ctrl(
@@ -589,6 +616,14 @@ extern "C" {
     pub fn EVP_PKEY_paramgen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
 
     pub fn EVP_PKEY_sign_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl340)]
+    pub fn EVP_PKEY_sign_message_init(
+        ctx: *mut EVP_PKEY_CTX,
+        algo: *mut EVP_SIGNATURE,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+
     pub fn EVP_PKEY_sign(
         ctx: *mut EVP_PKEY_CTX,
         sig: *mut c_uchar,
@@ -597,6 +632,14 @@ extern "C" {
         tbslen: size_t,
     ) -> c_int;
     pub fn EVP_PKEY_verify_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl340)]
+    pub fn EVP_PKEY_verify_message_init(
+        ctx: *mut EVP_PKEY_CTX,
+        algo: *mut EVP_SIGNATURE,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+
     pub fn EVP_PKEY_verify(
         ctx: *mut EVP_PKEY_CTX,
         sig: *const c_uchar,
@@ -628,6 +671,28 @@ extern "C" {
         sig: *const c_uchar,
         siglen: size_t,
     ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        wrappedkey: *mut c_uchar,
+        wrappedkeylen: *mut size_t,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+        wrappedkey: *const c_uchar,
+        wrappedkeylen: size_t,
+    ) -> c_int;
 }
 
 const_ptr_api! {
@@ -733,6 +798,14 @@ cfg_if! {
                 buf: *const c_uchar,
                 bsize: size_t,
             ) -> c_int;
+            pub fn EVP_SIGNATURE_free(s: *mut EVP_SIGNATURE);
+            pub fn EVP_SIGNATURE_up_ref(s: *mut EVP_SIGNATURE) -> c_int;
+            pub fn EVP_SIGNATURE_fetch(ctx: *mut OSSL_LIB_CTX,
+                                       algorithm: *const c_char,
+                                       properties: *const c_char)
+                                       -> *mut EVP_SIGNATURE;
+            pub fn EVP_SIGNATURE_get0_name(s: *const EVP_SIGNATURE) -> *const c_char;
+            pub fn EVP_SIGNATURE_get0_description(s: *const EVP_SIGNATURE) -> *const c_char;
         }
     }
 }
diff --git a/openssl-sys/src/handwritten/params.rs b/openssl-sys/src/handwritten/params.rs
@@ -2,15 +2,32 @@ use super::super::*;
 use libc::*;
 
 extern "C" {
-    #[cfg(ossl300)]
+    pub fn OSSL_PARAM_free(p: *mut OSSL_PARAM);
     pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM;
-    #[cfg(ossl300)]
     pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM;
-    #[cfg(ossl300)]
     pub fn OSSL_PARAM_construct_octet_string(
         key: *const c_char,
         buf: *mut c_void,
         bsize: size_t,
     ) -> OSSL_PARAM;
 
+    pub fn OSSL_PARAM_locate(p: *mut OSSL_PARAM, key: *const c_char) -> *mut OSSL_PARAM;
+    pub fn OSSL_PARAM_get_BN(p: *const OSSL_PARAM, val: *mut *mut BIGNUM) -> c_int;
+    pub fn OSSL_PARAM_get_utf8_string(
+        p: *const OSSL_PARAM,
+        val: *mut *mut c_char,
+        max_len: usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_get_utf8_string_ptr(p: *const OSSL_PARAM, val: *mut *const c_char) -> c_int;
+    pub fn OSSL_PARAM_get_octet_string(
+        p: *const OSSL_PARAM,
+        val: *mut *mut c_void,
+        max_len: usize,
+        used_len: *mut usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_get_octet_string_ptr(
+        p: *const OSSL_PARAM,
+        val: *mut *const c_void,
+        used_len: *mut usize,
+    ) -> c_int;
 }
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
@@ -72,6 +72,8 @@ mod openssl {
     pub use self::bio::*;
     pub use self::bn::*;
     pub use self::cms::*;
+    #[cfg(ossl300)]
+    pub use self::core_dispatch::*;
     pub use self::crypto::*;
     pub use self::dh::*;
     pub use self::dsa::*;
@@ -104,6 +106,8 @@ mod openssl {
     mod bio;
     mod bn;
     mod cms;
+    #[cfg(ossl300)]
+    mod core_dispatch;
     mod crypto;
     mod dh;
     mod dsa;
diff --git a/openssl-sys/src/types.rs b/openssl-sys/src/types.rs
@@ -19,3 +19,9 @@ cfg_if! {
         }
     }
 }
+
+cfg_if! {
+    if #[cfg(ossl300)] {
+        pub enum EVP_SIGNATURE {}
+    }
+}
diff --git a/openssl/build.rs b/openssl/build.rs
@@ -47,6 +47,8 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(ossl310)");
     println!("cargo:rustc-check-cfg=cfg(ossl320)");
     println!("cargo:rustc-check-cfg=cfg(ossl330)");
+    println!("cargo:rustc-check-cfg=cfg(ossl340)");
+    println!("cargo:rustc-check-cfg=cfg(ossl350)");
 
     if env::var("DEP_OPENSSL_LIBRESSL").is_ok() {
         println!("cargo:rustc-cfg=libressl");
@@ -175,5 +177,11 @@ fn main() {
         if version >= 0x3_03_00_00_0 {
             println!("cargo:rustc-cfg=ossl330");
         }
+        if version >= 0x3_04_00_00_0 {
+            println!("cargo:rustc-cfg=ossl340");
+        }
+        if version >= 0x3_05_00_00_0 {
+            println!("cargo:rustc-cfg=ossl350");
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -19,3 +19,9 @@ cfg_if! {`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`	`}`
	`22`	`+`
	`23`	`+cfg_if! {`
	`24`	`+ if #[cfg(ossl300)] {`
	`25`	`+ pub enum EVP_SIGNATURE {}`
	`26`	`+ }`
	`27`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,8 @@ fn main() {`
`47`	`47`	`println!("cargo:rustc-check-cfg=cfg(ossl310)");`
`48`	`48`	`println!("cargo:rustc-check-cfg=cfg(ossl320)");`
`49`	`49`	`println!("cargo:rustc-check-cfg=cfg(ossl330)");`
	`50`	`+ println!("cargo:rustc-check-cfg=cfg(ossl340)");`
	`51`	`+ println!("cargo:rustc-check-cfg=cfg(ossl350)");`
`50`	`52`
`51`	`53`	`if env::var("DEP_OPENSSL_LIBRESSL").is_ok() {`
`52`	`54`	`println!("cargo:rustc-cfg=libressl");`
`@@ -175,5 +177,11 @@ fn main() {`
`175`	`177`	`if version >= 0x3_03_00_00_0 {`
`176`	`178`	`println!("cargo:rustc-cfg=ossl330");`
`177`	`179`	`}`
	`180`	`+ if version >= 0x3_04_00_00_0 {`
	`181`	`+ println!("cargo:rustc-cfg=ossl340");`
	`182`	`+ }`
	`183`	`+ if version >= 0x3_05_00_00_0 {`
	`184`	`+ println!("cargo:rustc-cfg=ossl350");`
	`185`	`+ }`
`178`	`186`	`}`
`179`	`187`	`}`