Runtime detection of kx algorithms

src/aead.rs

@@ -120,7 +120,7 @@ mod test {
 
                 match &test.result {
                     TestResult::Invalid => {
-                        if test.flags.iter().any(|flag| *flag == TestFlag::ModifiedTag) {
+                        if test.flags.contains(&TestFlag::ModifiedTag) {
                             assert_ne!(
                                 actual_tag[..],
                                 test.tag[..],

src/hkdf.rs

@@ -108,7 +108,6 @@ impl RustlsHkdfExpander for HkdfExpander {
 }
 
 fn add_hkdf_info<T>(ctx: &mut PkeyCtxRef<T>, info: &[&[u8]]) -> Result<(), ErrorStack> {
-
     #[cfg(bugged_add_hkdf_info)]
     let bugged_version = true;
 

src/kx_group/ec.rs

@@ -33,7 +33,7 @@ pub const SECP384R1: &dyn SupportedKxGroup = &EcKxGroup {
 };
 
 impl SupportedKxGroup for EcKxGroup {
-    fn start(&self) -> Result<Box<(dyn ActiveKeyExchange)>, Error> {
+    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error> {
         EcGroup::from_curve_name(self.nid)
             .and_then(|group| {
                 let priv_key = EcKey::generate(&group)?;

src/kx_group/kem.rs

@@ -56,7 +56,7 @@ impl KxGroup {
 }
 
 impl SupportedKxGroup for KxGroup {
-    fn start(&self) -> Result<Box<(dyn ActiveKeyExchange)>, Error> {
+    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error> {
         self.start_internal()
             .map(|kx| Box::new(kx) as Box<dyn ActiveKeyExchange>)
     }
@@ -125,7 +125,7 @@ struct X25519HybridKeyExchange {
 }
 
 impl SupportedKxGroup for X25519HybridKxGroup {
-    fn start(&self) -> Result<Box<(dyn ActiveKeyExchange)>, Error> {
+    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error> {
         self.0.start_internal().map(|inner| {
             let pub_key = inner.pub_key();
             let classical_pub_key = pub_key[pub_key.len() - 32..].to_vec();

src/kx_group/mod.rs

@@ -9,12 +9,16 @@ mod x25519;
 #[cfg(not(feature = "fips"))]
 pub use x25519::X25519;
 
-#[cfg(ossl350)]
 mod kem;
-#[cfg(ossl350)]
 pub use kem::{MLKEM768, X25519MLKEM768};
 
-/// Key exchanges enabled by default by this provider:
+/// Key exchanges enabled by default by this provider.
+///
+/// This list is compile-time and feature-based only. It does not account for
+/// whether algorithms are available from OpenSSL at runtime.
+/// Use [available_default_kx_groups()] for runtime-available defaults.
+///
+/// Compile-time set:
 /// * [X25519MLKEM768] (OpenSSL 3.5+)
 /// * [X25519] (if fips feature not enabled)
 /// * [SECP384R1]
@@ -23,17 +27,23 @@ pub use kem::{MLKEM768, X25519MLKEM768};
 /// If the `prefer-post-quantum` feature is enabled, X25519MLKEM768 will
 /// be the first group offered, otherwise it will be the last.
 pub static DEFAULT_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
-    #[cfg(all(ossl350, feature = "prefer-post-quantum"))]
+    #[cfg(feature = "prefer-post-quantum")]
     X25519MLKEM768,
     #[cfg(not(feature = "fips"))]
     X25519,
     SECP256R1,
     SECP384R1,
-    #[cfg(all(ossl350, not(feature = "prefer-post-quantum")))]
+    #[cfg(not(feature = "prefer-post-quantum"))]
     X25519MLKEM768,
 ];
 
-/// All key exchanges supported by this provider:
+/// All key exchanges supported by this provider.
+///
+/// This list is compile-time and feature-based only. It does not account for
+/// whether algorithms are available from the active OpenSSL provider at runtime.
+/// Use [available_kx_groups()] for runtime-available groups.
+///
+/// Compile-time set:
 /// * [X25519MLKEM768] (OpenSSL 3.5+)
 /// * [X25519] (if fips feature not enabled)
 /// * [SECP384R1]
@@ -43,14 +53,31 @@ pub static DEFAULT_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
 /// If the `prefer-post-quantum` feature is enabled, X25519MLKEM768 will
 /// be the first group offered, otherwise it will be the last.
 pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
-    #[cfg(all(ossl350, feature = "prefer-post-quantum"))]
+    #[cfg(feature = "prefer-post-quantum")]
     X25519MLKEM768,
     #[cfg(not(feature = "fips"))]
     X25519,
     SECP256R1,
     SECP384R1,
-    #[cfg(all(ossl350, not(feature = "prefer-post-quantum")))]
+    #[cfg(not(feature = "prefer-post-quantum"))]
     X25519MLKEM768,
-    #[cfg(ossl350)]
     MLKEM768,
 ];
+
+/// Returns the algorithms from [DEFAULT_KX_GROUPS] that are available at runtime.
+pub fn available_default_kx_groups() -> Vec<&'static dyn SupportedKxGroup> {
+    DEFAULT_KX_GROUPS
+        .iter()
+        .copied()
+        .filter(|group| group.start().is_ok())
+        .collect()
+}
+
+/// Returns the algorithms from [ALL_KX_GROUPS] that are available at runtime.
+pub fn available_kx_groups() -> Vec<&'static dyn SupportedKxGroup> {
+    ALL_KX_GROUPS
+        .iter()
+        .copied()
+        .filter(|group| group.start().is_ok())
+        .collect()
+}

src/lib.rs

@@ -34,7 +34,7 @@
 //! * SECP256R1
 //! * X25519
 //! * MLKEM768 (OpenSSL 3.5+)
-//!
+//! 
 //! If the `fips` feature is enabled then X25519 will not be available.
 //! If the `prefer-post-quantum` feature is enabled, X25519MLKEM768 will be the first group offered, otherwise it will be the last.
 //! MLKEM768 is not offered by default, but can be used by specifying it in the `custom_provider()` function.
@@ -122,7 +122,7 @@ pub use verify::SUPPORTED_SIG_ALGS;
 pub fn default_provider() -> CryptoProvider {
     CryptoProvider {
         cipher_suites: ALL_CIPHER_SUITES.to_vec(),
-        kx_groups: kx_group::DEFAULT_KX_GROUPS.to_vec(),
+        kx_groups: kx_group::available_default_kx_groups(),
         signature_verification_algorithms: SUPPORTED_SIG_ALGS,
         secure_random: &SecureRandom,
         key_provider: &KeyProvider,

src/openssl_internal/mod.rs

@@ -4,7 +4,6 @@ use openssl_sys::c_int;
 
 #[cfg(ossl320)]
 mod hpke;
-#[cfg(ossl350)]
 pub(crate) mod kem;
 #[cfg(feature = "tls12")]
 pub(crate) mod prf;
@@ -18,7 +17,6 @@ pub(crate) fn cvt(r: c_int) -> Result<i32, ErrorStack> {
     }
 }
 
-#[cfg(ossl320)]
 #[inline]
 fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
     if r.is_null() {