Add post-quantum support

.github/workflows/ci.yml

@@ -15,38 +15,29 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install toolchain
-        uses: dtolnay/rust-toolchain@v1
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@v1
         with:
           toolchain: stable
-      - name: Cache build artifacts
-        uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@v2
       - name: cargo test
-        run: cargo test
+        run: cargo test --features vendored
       # https://github.com/rust-lang/cargo/issues/6669
       - name: cargo test --doc
-        run: cargo test --doc
+        run: cargo test --doc --features vendored
   lint:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install toolchain
-        uses: dtolnay/rust-toolchain@v1
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@v1
         with:
           toolchain: stable
           components: rustfmt, clippy
-      - name: Cache build artifacts
-        uses: Swatinem/rust-cache@v2
-      - name: cargo fmt (check)
-        run: cargo fmt -- --check -l
-      - name: cargo clippy (warnings)
-        run: cargo clippy --all-targets -- -D warnings
-      - name: cargo clippy --no-default-features (warnings)
-        run: cargo clippy --no-default-features --all-targets -- -D warnings
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo fmt -- --check -l
+      - run: cargo clippy --features vendored --all-targets -- -D warnings
+      - run: cargo clippy --features vendored --no-default-features --all-targets -- -D warnings
 
   test-fips-1-1-1:
     name: Test using FIPS openssl 1.1.1
@@ -56,14 +47,11 @@ jobs:
     steps:
       - name: Install dependencies
         run: dnf install -y gcc openssl-devel
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install toolchain
-        uses: dtolnay/rust-toolchain@v1
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@v1
         with:
           toolchain: stable
-      - name: Cache build artifacts
-        uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@v2
       # Use single thread on FIPS to avoid running out of entropy
       - name: Run cargo test --features fips
         run: cargo test --tests --features fips -- --test-threads=1
@@ -76,36 +64,27 @@ jobs:
     steps:
       - name: Install dependencies
         run: dnf install -y gcc openssl-devel
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install toolchain
-        uses: dtolnay/rust-toolchain@v1
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@v1
         with:
           toolchain: stable
-      - name: Cache build artifacts
-        uses: Swatinem/rust-cache@v2
-      - name: Run cargo test --features fips
-        run: cargo test --tests --features fips -- --test-threads=1
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo test --tests --features fips -- --test-threads=1
 
   coverage:
     name: Coverage
     runs-on: ubuntu-latest
     steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install toolchain
-        uses: dtolnay/rust-toolchain@v1
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@v1
         with:
           toolchain: stable
           components: llvm-tools
-      - name: Cache build artifacts
-        uses: Swatinem/rust-cache@v2
-      - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@cargo-llvm-cov
+      - uses: Swatinem/rust-cache@v2
+      - uses: taiki-e/install-action@cargo-llvm-cov
       - name: Generate coverage
         run: cargo llvm-cov --lcov --output-path lcov.info
-      - name: Report to codecov.io
-        uses: codecov/codecov-action@v5
+      - uses: codecov/codecov-action@v5
         with:
           files: lcov.info
           token: ${{ secrets.CODECOV_TOKEN }}

Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "rustls-openssl"
 authors = ["Tom Fay <tom@teamfay.co.uk>"]
-version = "0.2.1"
-edition = "2021"
+version = "0.3.0"
+edition = "2024"
 license = "MIT"
 description = "Rustls crypto provider for OpenSSL"
 homepage = "https://github.com/tofay/rustls-openssl"
@@ -18,9 +18,11 @@ rustls = { version = "0.23.20", default-features = false }
 zeroize = "1.8.1"
 
 [features]
-default = ["tls12"]
+default = ["tls12", "prefer-post-quantum"]
 fips = []
 tls12 = ["rustls/tls12"]
+prefer-post-quantum = []
+vendored = ["openssl/vendored"]
 
 [dev-dependencies]
 hex = "0.4.3"

build.rs

@@ -8,6 +8,7 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(chacha)");
     println!("cargo:rustc-check-cfg=cfg(fips_module)");
     println!("cargo:rustc-check-cfg=cfg(ossl320)");
+    println!("cargo:rustc-check-cfg=cfg(ossl350)");
     // Determine whether to work around https://github.com/openssl/openssl/issues/23448
     // according to the OpenSSL version
     println!("cargo:rustc-check-cfg=cfg(bugged_add_hkdf_info)");
@@ -25,6 +26,10 @@ fn main() {
         if version >= 0x3_02_00_00_0 {
             println!("cargo:rustc-cfg=ossl320");
         }
+
+        if version >= 0x3_05_00_00_0 {
+            println!("cargo:rustc-cfg=ossl350");
+        }
     }
 
     // Enable the `chacha` cfg if the `OPENSSL_NO_CHACHA` OpenSSL config is not set.

src/aead.rs

@@ -1,7 +1,7 @@
 use openssl::cipher::{Cipher, CipherRef};
 use openssl::cipher_ctx::CipherCtx;
-use rustls::crypto::cipher::NONCE_LEN;
 use rustls::Error;
+use rustls::crypto::cipher::NONCE_LEN;
 
 #[derive(Debug, Clone, Copy)]
 pub(crate) enum Algorithm {
@@ -88,7 +88,7 @@ impl Algorithm {
 
 #[cfg(test)]
 mod test {
-    use wycheproof::{aead::TestFlag, TestResult};
+    use wycheproof::{TestResult, aead::TestFlag};
 
     fn test_aead(alg: super::Algorithm) {
         let test_name = match alg {

src/hkdf.rs

@@ -134,7 +134,7 @@ impl Drop for HkdfExpander {
 #[cfg(test)]
 mod test {
     use rustls::crypto::tls13::Hkdf;
-    use wycheproof::{hkdf::TestName, TestResult};
+    use wycheproof::{TestResult, hkdf::TestName};
 
     fn test_hkdf(hkdf: &dyn Hkdf, test_name: TestName) {
         let test_set = wycheproof::hkdf::TestSet::load(test_name).unwrap();

src/kx.rs → src/kx_group/ec.rs

@@ -3,25 +3,10 @@ use openssl::derive::Deriver;
 use openssl::ec::{EcGroup, EcKey, EcPoint, PointConversionForm};
 use openssl::error::ErrorStack;
 use openssl::nid::Nid;
-#[cfg(not(feature = "fips"))]
-use openssl::pkey::Id;
 use openssl::pkey::{PKey, Private, Public};
 use rustls::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup};
 use rustls::{Error, NamedGroup};
 
-/// [Supported KeyExchange groups](SupportedKxGroup).
-/// * [SECP384R1]
-/// * [SECP256R1]
-/// * [X25519]
-///
-/// If the `fips` feature is enabled, only [SECP384R1] and [SECP256R1] are available.
-pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
-    SECP256R1,
-    SECP384R1,
-    #[cfg(not(feature = "fips"))]
-    X25519,
-];
-
 /// `KXGroup`'s that use `openssl::ec` module with Nid's for key exchange.
 #[derive(Debug)]
 struct EcKxGroup {
@@ -36,21 +21,6 @@ struct EcKeyExchange {
     pub_key: Vec<u8>,
 }
 
-#[cfg(not(feature = "fips"))]
-/// `KXGroup`` for X25519
-#[derive(Debug)]
-struct X25519KxGroup {}
-
-#[cfg(not(feature = "fips"))]
-#[derive(Debug)]
-struct X25519KeyExchange {
-    private_key: PKey<Private>,
-    public_key: Vec<u8>,
-}
-
-#[cfg(not(feature = "fips"))]
-/// X25519 key exchange group as registered with [IANA](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8).
-pub const X25519: &dyn SupportedKxGroup = &X25519KxGroup {};
 /// secp256r1 key exchange group as registered with [IANA](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8)
 pub const SECP256R1: &dyn SupportedKxGroup = &EcKxGroup {
     name: NamedGroup::secp256r1,
@@ -132,67 +102,22 @@ impl ActiveKeyExchange for EcKeyExchange {
     }
 }
 
-#[cfg(not(feature = "fips"))]
-impl SupportedKxGroup for X25519KxGroup {
-    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error> {
-        PKey::generate_x25519()
-            .and_then(|private_key| {
-                let public_key = private_key.raw_public_key()?;
-                Ok(Box::new(X25519KeyExchange {
-                    private_key,
-                    public_key,
-                }) as Box<dyn ActiveKeyExchange>)
-            })
-            .map_err(|e| Error::General(format!("OpenSSL error: {e}")))
-    }
-
-    fn name(&self) -> NamedGroup {
-        NamedGroup::X25519
-    }
-}
-
-#[cfg(not(feature = "fips"))]
-impl ActiveKeyExchange for X25519KeyExchange {
-    fn complete(self: Box<Self>, peer_pub_key: &[u8]) -> Result<SharedSecret, Error> {
-        PKey::public_key_from_raw_bytes(peer_pub_key, Id::X25519)
-            .and_then(|peer_pub_key| {
-                let mut deriver = Deriver::new(&self.private_key)?;
-                deriver.set_peer(&peer_pub_key)?;
-                let secret = deriver.derive_to_vec()?;
-                Ok(SharedSecret::from(secret.as_slice()))
-            })
-            .map_err(|e| Error::General(format!("OpenSSL error: {e}")))
-    }
-
-    fn pub_key(&self) -> &[u8] {
-        &self.public_key
-    }
-
-    fn group(&self) -> NamedGroup {
-        NamedGroup::X25519
-    }
-}
-
 #[cfg(test)]
 mod test {
     use openssl::{
         bn::BigNum,
         ec::{EcGroup, EcKey, EcPoint},
         nid::Nid,
-        pkey::{Id, PKey},
     };
-    use rustls::{crypto::ActiveKeyExchange, NamedGroup};
-    use wycheproof::{ecdh::TestName, TestResult};
+    use rustls::{NamedGroup, crypto::ActiveKeyExchange};
+    use wycheproof::{TestResult, ecdh::TestName};
 
-    use crate::kx::EcKeyExchange;
-
-    #[cfg(not(feature = "fips"))]
-    use super::X25519KeyExchange;
+    use super::EcKeyExchange;
 
     #[rstest::rstest]
     #[case::secp256r1(TestName::EcdhSecp256r1, NamedGroup::secp256r1, Nid::X9_62_PRIME256V1)]
     #[case::secp384r1(TestName::EcdhSecp384r1, NamedGroup::secp384r1, Nid::SECP384R1)]
-    fn ec(#[case] test_name: TestName, #[case] rustls_group: NamedGroup, #[case] nid: Nid) {
+    fn test_ec_kx(#[case] test_name: TestName, #[case] rustls_group: NamedGroup, #[case] nid: Nid) {
         let test_set = wycheproof::ecdh::TestSet::load(test_name).unwrap();
         let ctx = openssl::bn::BigNumContext::new().unwrap();
 
@@ -231,45 +156,4 @@ mod test {
             }
         }
     }
-
-    #[cfg(not(feature = "fips"))]
-    #[test]
-    fn x25519() {
-        let test_set = wycheproof::xdh::TestSet::load(wycheproof::xdh::TestName::X25519).unwrap();
-        for test_group in &test_set.test_groups {
-            for test in &test_group.tests {
-                let kx = X25519KeyExchange {
-                    private_key: PKey::private_key_from_raw_bytes(&test.private_key, Id::X25519)
-                        .unwrap(),
-                    public_key: Vec::new(),
-                };
-
-                let res = Box::new(kx).complete(&test.public_key);
-
-                // OpenSSL does not support producing a zero shared secret
-                let zero_shared_secret = test
-                    .flags
-                    .contains(&wycheproof::xdh::TestFlag::ZeroSharedSecret);
-
-                match (&test.result, zero_shared_secret) {
-                    (TestResult::Acceptable, false) | (TestResult::Valid, _) => match res {
-                        Ok(sharedsecret) => {
-                            assert_eq!(
-                                sharedsecret.secret_bytes(),
-                                &test.shared_secret[..],
-                                "Derived incorrect secret: {:?}",
-                                test
-                            );
-                        }
-                        Err(e) => {
-                            panic!("Test failed: {:?}. Error {:?}", test, e);
-                        }
-                    },
-                    _ => {
-                        assert!(res.is_err(), "Expected error: {:?}", test);
-                    }
-                }
-            }
-        }
-    }
 }