RFC: Add bindings for ML-KEM and ML-DSA.

openssl-sys/build/run_bindgen.rs

@@ -58,6 +58,7 @@ const INCLUDES: &str = "
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000
+#include <openssl/param_build.h>
 #include <openssl/provider.h>
 #endif
 

openssl-sys/src/core_dispatch.rs

@@ -0,0 +1,11 @@
+use super::*;
+use libc::*;
+
+/* OpenSSL 3.* only */
+
+pub const OSSL_KEYMGMT_SELECT_PRIVATE_KEY: c_int = 0x01;
+pub const OSSL_KEYMGMT_SELECT_PUBLIC_KEY: c_int = 0x02;
+pub const OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS: c_int = 0x04;
+pub const OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS: c_int = 0x80;
+pub const OSSL_KEYMGMT_SELECT_ALL_PARAMETERS: c_int =
+    OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;

openssl-sys/src/evp.rs

@@ -38,6 +38,15 @@ pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9;
 pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10;
 pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11;
 
+#[cfg(ossl300)]
+pub const EVP_PKEY_KEY_PARAMETERS: c_int = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+#[cfg(ossl300)]
+pub const EVP_PKEY_PRIVATE_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+#[cfg(ossl300)]
+pub const EVP_PKEY_PUBLIC_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+#[cfg(ossl300)]
+pub const EVP_PKEY_KEYPAIR: c_int = EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+
 pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD {
     EVP_get_digestbyname(OBJ_nid2sn(type_))
 }

openssl-sys/src/handwritten/evp.rs

@@ -489,6 +489,27 @@ extern "C" {
     #[cfg(any(ossl110, libressl270))]
     pub fn EVP_PKEY_up_ref(pkey: *mut EVP_PKEY) -> c_int;
 
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_fromdata_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_fromdata(
+        ctx: *mut EVP_PKEY_CTX,
+        ppkey: *mut *mut EVP_PKEY,
+        selection: c_int,
+        param: *mut OSSL_PARAM,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_todata(
+        ppkey: *const EVP_PKEY,
+        selection: c_int,
+        param: *mut *mut OSSL_PARAM,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_generate(ctx: *mut EVP_PKEY_CTX, k: *mut *mut EVP_PKEY) -> c_int;
+
     pub fn d2i_AutoPrivateKey(
         a: *mut *mut EVP_PKEY,
         pp: *mut *const c_uchar,
@@ -535,6 +556,12 @@ extern "C" {
 
     pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
     pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_CTX_new_from_name(
+        libctx: *mut OSSL_LIB_CTX,
+        name: *const c_char,
+        propquery: *const c_char,
+    ) -> *mut EVP_PKEY_CTX;
     pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
 
     pub fn EVP_PKEY_CTX_ctrl(
@@ -583,6 +610,14 @@ extern "C" {
     pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
 
     pub fn EVP_PKEY_sign_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl340)]
+    pub fn EVP_PKEY_sign_message_init(
+        ctx: *mut EVP_PKEY_CTX,
+        algo: *mut EVP_SIGNATURE,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+
     pub fn EVP_PKEY_sign(
         ctx: *mut EVP_PKEY_CTX,
         sig: *mut c_uchar,
@@ -591,6 +626,14 @@ extern "C" {
         tbslen: size_t,
     ) -> c_int;
     pub fn EVP_PKEY_verify_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+
+    #[cfg(ossl340)]
+    pub fn EVP_PKEY_verify_message_init(
+        ctx: *mut EVP_PKEY_CTX,
+        algo: *mut EVP_SIGNATURE,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+
     pub fn EVP_PKEY_verify(
         ctx: *mut EVP_PKEY_CTX,
         sig: *const c_uchar,
@@ -622,6 +665,28 @@ extern "C" {
         sig: *const c_uchar,
         siglen: size_t,
     ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        wrappedkey: *mut c_uchar,
+        wrappedkeylen: *mut size_t,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+        wrappedkey: *const c_uchar,
+        wrappedkeylen: size_t,
+    ) -> c_int;
 }
 
 const_ptr_api! {
@@ -663,3 +728,18 @@ extern "C" {
     pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int;
     pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int;
 }
+
+cfg_if! {
+    if #[cfg(ossl300)] {
+        extern "C" {
+            pub fn EVP_SIGNATURE_free(s: *mut EVP_SIGNATURE);
+            pub fn EVP_SIGNATURE_up_ref(s: *mut EVP_SIGNATURE) -> c_int;
+            pub fn EVP_SIGNATURE_fetch(ctx: *mut OSSL_LIB_CTX,
+                                       algorithm: *const c_char,
+                                       properties: *const c_char)
+                                       -> *mut EVP_SIGNATURE;
+            pub fn EVP_SIGNATURE_get0_name(s: *const EVP_SIGNATURE) -> *const c_char;
+            pub fn EVP_SIGNATURE_get0_description(s: *const EVP_SIGNATURE) -> *const c_char;
+        }
+    }
+}

openssl-sys/src/handwritten/mod.rs

@@ -15,6 +15,9 @@ pub use self::hmac::*;
 pub use self::kdf::*;
 pub use self::object::*;
 pub use self::ocsp::*;
+#[cfg(ossl300)]
+pub use self::param_build::*;
+#[cfg(ossl300)]
 pub use self::params::*;
 pub use self::pem::*;
 pub use self::pkcs12::*;
@@ -54,6 +57,9 @@ mod hmac;
 mod kdf;
 mod object;
 mod ocsp;
+#[cfg(ossl300)]
+mod param_build;
+#[cfg(ossl300)]
 mod params;
 mod pem;
 mod pkcs12;

openssl-sys/src/handwritten/param_build.rs

@@ -0,0 +1,32 @@
+use super::super::*;
+use libc::*;
+
+/* OpenSSL 3.* only */
+
+extern "C" {
+    pub fn OSSL_PARAM_BLD_new() -> *mut OSSL_PARAM_BLD;
+    pub fn OSSL_PARAM_BLD_free(bld: *mut OSSL_PARAM_BLD);
+    pub fn OSSL_PARAM_BLD_push_BN(
+        bld: *mut OSSL_PARAM_BLD,
+        key: *const c_char,
+        bn: *const BIGNUM,
+    ) -> c_int;
+    pub fn OSSL_PARAM_BLD_push_utf8_string(
+        bld: *mut OSSL_PARAM_BLD,
+        key: *const c_char,
+        buf: *const c_char,
+        bsize: usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_BLD_push_octet_string(
+        bld: *mut OSSL_PARAM_BLD,
+        key: *const c_char,
+        buf: *const c_void,
+        bsize: usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_BLD_push_uint(
+        bld: *mut OSSL_PARAM_BLD,
+        key: *const c_char,
+        buf: c_uint,
+    ) -> c_int;
+    pub fn OSSL_PARAM_BLD_to_param(bld: *mut OSSL_PARAM_BLD) -> *mut OSSL_PARAM;
+}

openssl-sys/src/handwritten/params.rs

@@ -2,15 +2,32 @@ use super::super::*;
 use libc::*;
 
 extern "C" {
-    #[cfg(ossl300)]
+    pub fn OSSL_PARAM_free(p: *mut OSSL_PARAM);
     pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM;
-    #[cfg(ossl300)]
     pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM;
-    #[cfg(ossl300)]
     pub fn OSSL_PARAM_construct_octet_string(
         key: *const c_char,
         buf: *mut c_void,
         bsize: size_t,
     ) -> OSSL_PARAM;
 
+    pub fn OSSL_PARAM_locate(p: *mut OSSL_PARAM, key: *const c_char) -> *mut OSSL_PARAM;
+    pub fn OSSL_PARAM_get_BN(p: *const OSSL_PARAM, val: *mut *mut BIGNUM) -> c_int;
+    pub fn OSSL_PARAM_get_utf8_string(
+        p: *const OSSL_PARAM,
+        val: *mut *mut c_char,
+        max_len: usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_get_utf8_string_ptr(p: *const OSSL_PARAM, val: *mut *const c_char) -> c_int;
+    pub fn OSSL_PARAM_get_octet_string(
+        p: *const OSSL_PARAM,
+        val: *mut *mut c_void,
+        max_len: usize,
+        used_len: *mut usize,
+    ) -> c_int;
+    pub fn OSSL_PARAM_get_octet_string_ptr(
+        p: *const OSSL_PARAM,
+        val: *mut *const c_void,
+        used_len: *mut usize,
+    ) -> c_int;
 }

openssl-sys/src/handwritten/types.rs

@@ -1140,6 +1140,9 @@ pub struct OSSL_PARAM {
     return_size: size_t,
 }
 
+#[cfg(ossl300)]
+pub enum OSSL_PARAM_BLD {}
+
 #[cfg(ossl300)]
 pub enum EVP_KDF {}
 #[cfg(ossl300)]

openssl-sys/src/lib.rs

@@ -69,6 +69,8 @@ mod openssl {
     pub use self::bio::*;
     pub use self::bn::*;
     pub use self::cms::*;
+    #[cfg(ossl300)]
+    pub use self::core_dispatch::*;
     pub use self::crypto::*;
     pub use self::dtls1::*;
     pub use self::ec::*;
@@ -99,6 +101,8 @@ mod openssl {
     mod bio;
     mod bn;
     mod cms;
+    #[cfg(ossl300)]
+    mod core_dispatch;
     mod crypto;
     mod dtls1;
     mod ec;

openssl-sys/src/types.rs

@@ -19,3 +19,9 @@ cfg_if! {
         }
     }
 }
+
+cfg_if! {
+    if #[cfg(ossl300)] {
+        pub enum EVP_SIGNATURE {}
+    }
+}

openssl/build.rs

@@ -46,6 +46,8 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(ossl310)");
     println!("cargo:rustc-check-cfg=cfg(ossl320)");
     println!("cargo:rustc-check-cfg=cfg(ossl330)");
+    println!("cargo:rustc-check-cfg=cfg(ossl340)");
+    println!("cargo:rustc-check-cfg=cfg(ossl350)");
 
     if env::var("DEP_OPENSSL_LIBRESSL").is_ok() {
         println!("cargo:rustc-cfg=libressl");
@@ -169,5 +171,11 @@ fn main() {
         if version >= 0x3_03_00_00_0 {
             println!("cargo:rustc-cfg=ossl330");
         }
+        if version >= 0x3_04_00_00_0 {
+            println!("cargo:rustc-cfg=ossl340");
+        }
+        if version >= 0x3_05_00_00_0 {
+            println!("cargo:rustc-cfg=ossl350");
+        }
     }
 }