Added: TLSGroupInfo

kraemv · kraemv · commit d3e0e761ab7f · 2025-10-29T13:54:03.000+01:00
Added: New Entrypoint to build
Added: New NIDs
Added: Provider can be changed
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ name = "rustls-libssl"
 version = "0.2.1"
 edition = "2021"
 build = "build.rs"
-rust-version = "1.77"
+rust-version = "1.88"
 
 [lib]
 name = "ssl"
diff --git a/MATRIX.md b/MATRIX.md
@@ -384,7 +384,7 @@
 | `SSL_get_version`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_wbio`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_wfd`  |  |  |  |  |
-| `SSL_group_to_name`  |  |  |  |  |
+| `SSL_group_to_name`  |  |  |  | :white_check_mark: |
 | `SSL_has_matching_session_id`  |  |  |  |  |
 | `SSL_has_pending`  |  |  |  | :white_check_mark: |
 | `SSL_in_before`  |  |  |  | :white_check_mark: |
diff --git a/build.rs b/build.rs
@@ -193,6 +193,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_get_verify_result",
     "SSL_get_version",
     "SSL_get_wbio",
+    "SSL_group_to_name",
     "SSL_has_pending",
     "SSL_in_before",
     "SSL_in_init",
diff --git a/src/constants.rs b/src/constants.rs
@@ -123,17 +123,21 @@ pub fn sig_scheme_to_type_nid(scheme: SignatureScheme) -> Option<c_int> {
 pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
     use NamedGroup::*;
 
+    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
+    // have a constant for this to import.
+    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
     // See NID_ffhdhe* from obj_mac.h - openssl-sys does not have
     // constants for these to import.
     const NID_FFDHE2048: c_int = 1126;
     const NID_FFDHE3072: c_int = 1127;
     const NID_FFDHE4096: c_int = 1128;
     const NID_FFDHE6144: c_int = 1129;
     const NID_FFDHE8192: c_int = 1130;
-
-    // See TLSEXT_nid_unknown from tls1.h - openssl-sys does not
-    // have a constant for this to import.
-    const TLSEXT_NID_UNKNOWN: c_int = 0x1000000;
+    // See NID_ML_KEM_* from obj_mac.h - openssl-sys does not have
+    // constants for these to import.
+    const NID_ML_KEM_512: c_int = 1454;
+    const NID_ML_KEM_768: c_int = 1455;
+    const NID_ML_KEM_1024: c_int = 1456;
 
     match group {
         secp256r1 => Some(NID_X9_62_prime256v1),
@@ -146,6 +150,9 @@ pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
         FFDHE4096 => Some(NID_FFDHE4096),
         FFDHE6144 => Some(NID_FFDHE6144),
         FFDHE8192 => Some(NID_FFDHE8192),
+        MLKEM512 => Some(NID_ML_KEM_512),
+        MLKEM768 => Some(NID_ML_KEM_768),
+        MLKEM1024 => Some(NID_ML_KEM_1024),
         other => Some(TLSEXT_NID_UNKNOWN | u16::from(other) as c_int),
     }
 }
diff --git a/src/entry.rs b/src/entry.rs
@@ -1475,6 +1475,20 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_group_to_name(ssl: *const SSL, id: c_int) -> *const c_char {
+        try_clone_arc!(ssl)
+            .get()
+            .get_groups()
+            .iter()
+            .find(|group| named_group_to_nid(group.name()) == Some(id))
+            .map(|group| group.name())
+            .and_then(crate::TlsGroupInfo::find_by_id)
+            .map(|group| group.tls_name.as_ptr())
+            .unwrap_or_else(ptr::null)
+    }
+}
+
 entry! {
     pub fn _SSL_version(ssl: *const SSL) -> c_int {
         try_clone_arc!(ssl)
diff --git a/src/lib.rs b/src/lib.rs
