Preparation for porting async branch

Author: Adrian Cruceru

mbedtls-sys/Cargo.toml

@@ -42,9 +42,8 @@ quote = "1.0.9"
 # * strstr/strlen/strncpy/strncmp/strcmp/snprintf
 # * memmove/memcpy/memcmp/memset
 # * rand/printf (used only for self tests. optionally use custom_printf)
-default = ["std", "debug", "threading", "zlib", "time", "aesni", "padlock", "legacy_protocols"]
-std = ["debug"] # deprecated automatic enabling of debug, can be removed on major version bump
-debug = []
+default = ["std", "threading", "zlib", "time", "aesni", "padlock", "legacy_protocols"]
+std = [] # deprecated automatic enabling of debug, can be removed on major version bump
 custom_printf = []
 custom_has_support = []
 aes_alt = []

mbedtls/Cargo.toml

@@ -35,7 +35,7 @@ rs-libc = "0.2.0"
 chrono = "0.4"
 
 [dependencies.mbedtls-sys-auto]
-version = "2.25.0"
+version = "2.26.0"
 default-features = false
 features = ["custom_printf", "trusted_cert_callback", "threading"]
 path = "../mbedtls-sys"
@@ -68,6 +68,7 @@ dsa = ["std", "yasna", "num-bigint", "bit-vec"]
 pkcs12 = ["std", "yasna"]
 pkcs12_rc2 = ["pkcs12", "rc2", "block-modes"]
 legacy_protocols = ["mbedtls-sys-auto/legacy_protocols"]
+migration_mode=[]
 
 [[example]]
 name = "client"

mbedtls/src/lib.rs

@@ -53,9 +53,11 @@ mod private;
 
 // needs to be pub for global visiblity
 #[doc(hidden)]
-#[cfg(sys_threading_component = "custom")]
+
+#[cfg(all(sys_threading_component = "custom", not(feature = "migration_mode")))]
 pub mod threading;
 
+#[cfg(not(feature = "migration_mode"))]
 cfg_if::cfg_if! {
     if #[cfg(any(feature = "force_aesni_support", target_env = "sgx"))] {
         // needs to be pub for global visiblity
@@ -105,6 +107,7 @@ mod alloc_prelude {
     pub(crate) use rust_alloc::borrow::Cow;
 }
 
+#[cfg(not(feature = "migration_mode"))]
 cfg_if::cfg_if! {
     if #[cfg(sys_time_component = "custom")] {
         use mbedtls_sys::types::{time_t, tm};
@@ -154,7 +157,7 @@ cfg_if::cfg_if! {
 ///
 /// The caller must ensure no other MbedTLS code is running when calling this
 /// function.
-#[cfg(feature = "debug")]
+#[cfg(all(feature = "debug", not(feature = "migration_mode")))]
 pub unsafe fn set_global_debug_threshold(threshold: i32) {
     mbedtls_sys::debug_set_threshold(threshold);
 }

mbedtls/src/pk/dsa/mod.rs

@@ -217,9 +217,13 @@ fn sample_secret_value<F: Random>(upper_bound: &Mpi, rng: &mut F) -> Result<Mpi>
     Ok(c)
 }
 
-fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
-    let r = BigUint::from_bytes_be(&r.to_binary()?);
-    let s = BigUint::from_bytes_be(&s.to_binary()?);
+pub fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
+    serialize_signature(&r.to_binary()?, &s.to_binary()?)
+}
+
+pub fn serialize_signature(r: &[u8], s: &[u8]) -> Result<Vec<u8>> {
+    let r = BigUint::from_bytes_be(r);
+    let s = BigUint::from_bytes_be(s);
 
     Ok(yasna::construct_der(|w| {
         w.write_sequence(|w| {
@@ -229,6 +233,18 @@ fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
     }))
 }
 
+pub fn deserialize_signature(signature: &Vec<u8>) -> Result<(Vec<u8>, Vec<u8>)> {
+    let (r,s) = yasna::parse_der(signature, |r| {
+        r.read_sequence(|rdr| {
+            let r = rdr.next().read_biguint()?;
+            let s = rdr.next().read_biguint()?;
+            Ok((r,s))
+        })
+    }).map_err(|_| Error::X509InvalidSignature)?;
+
+    Ok((r.to_bytes_be(), s.to_bytes_be()))
+}
+
 impl DsaPrivateKey {
     pub fn from_components(params: DsaParams, x: Mpi) -> Result<Self> {
         if x <= Mpi::new(1)? || x >= params.q {

mbedtls/src/pk/mod.rs

@@ -201,34 +201,7 @@ define!(
 //
 // - Only used when creating/freeing - which is safe by design - eckey_alloc_wrap / eckey_free_wrap
 //
-// 3. ECDSA: mbedtls_ecdsa_info at ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:729
-// This does not use internal locks but avoids interior mutability.
-//
-// - Const access / copies context to stack based variables:
-//   ecdsa_verify_wrap: ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:544
-//       This copies the public key on the stack - in buf[] and copies the group id and nbits.
-//       That is done via: mbedtls_pk_write_pubkey( &p, buf, &key ) where key.pk_ctx = ctx;
-//       And the key is a const parameter to mbedtls_pk_write_pubkey - ../../../mbedtls-sys/vendor/crypto/library/pkwrite.c:158
-//
-// - Const access with additional notes due to call stacks involved.
-//
-//   ecdsa_sign_wrap: ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:657
-//       mbedtls_ecdsa_write_signature ../../../mbedtls-sys/vendor/crypto/library/ecdsa.c:688
-//           mbedtls_ecdsa_write_signature_restartable ../../../mbedtls-sys/vendor/crypto/library/ecdsa.c:640
-//               MBEDTLS_ECDSA_DETERMINISTIC is not defined.
-//               MBEDTLS_ECDSA_SIGN_ALT is not defined.
-//               Passes grp to: ecdsa_sign_restartable: ../../../mbedtls-sys/vendor/crypto/library/ecdsa.c:253
-//                    Const access to group - reads parameters, passed as const to mbedtls_ecp_gen_privkey,
-//                    mbedtls_ecp_mul_restartable: ../../../mbedtls-sys/vendor/crypto/library/ecp.c:2351
-//                        MBEDTLS_ECP_INTERNAL_ALT is not defined. (otherwise it might not be safe depending on ecp_init/ecp_free) ../../../mbedtls-sys/build/config.rs:131
-//                        Passes as const to: mbedtls_ecp_check_privkey / mbedtls_ecp_check_pubkey / mbedtls_ecp_get_type( grp
-//        
-// - Ignored due to not defined: ecdsa_verify_rs_wrap, ecdsa_sign_rs_wrap, ecdsa_rs_alloc, ecdsa_rs_free
-//   (Undefined - MBEDTLS_ECP_RESTARTABLE - ../../../mbedtls-sys/build/config.rs:173)
-//
-// - Only const access to context: eckey_check_pair
-//
-// - Only used when creating/freeing - which is safe by design: ecdsa_alloc_wrap, ecdsa_free_wrap
+// 3. ECDSA - code uses mbedtls_pk wrappers. In this case code goes through ECKEY logic above. (mbedtls_pk_parse_key intentionally never calls mbedtls_pk_info_from_type with MBEDTLS_PK_ECDSA)
 //
 unsafe impl Sync for Pk {}
 
@@ -826,7 +799,7 @@ impl Pk {
     ///
     /// On success, returns the actual number of bytes written to `sig`.
     pub fn sign<F: Random>(
-        &mut self,
+        &self,
         md: MdType,
         hash: &[u8],
         sig: &mut [u8],
@@ -853,7 +826,7 @@ impl Pk {
         let mut ret = 0usize;
         unsafe {
             pk_sign(
-                &mut self.inner,
+                &self.inner as *const _ as *mut _,
                 md.into(),
                 hash.as_ptr(),
                 hash.len(),
@@ -922,15 +895,14 @@ impl Pk {
         }
     }
 
-    pub fn verify(&mut self, md: MdType, hash: &[u8], sig: &[u8]) -> Result<()> {
-        // If hash or sig are allowed with size 0 (&[]) then mbedtls will attempt to auto-detect size and cause an invalid write.
+    pub fn verify(&self, md: MdType, hash: &[u8], sig: &[u8]) -> Result<()> {
         if hash.len() == 0 || sig.len() == 0 {
             return Err(Error::PkBadInputData)
         }
 
         unsafe {
             pk_verify(
-                &mut self.inner,
+                &self.inner as *const _ as *mut _,
                 md.into(),
                 hash.as_ptr(),
                 hash.len(),
@@ -1255,7 +1227,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
 
     #[test]
     fn rsa_sign_verify_pkcs1v15() {
-        let mut pk =
+        let pk =
             Pk::generate_rsa(&mut crate::test_support::rand::test_rng(), 2048, 0x10001).unwrap();
         let data = b"SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGN";
         let mut signature = vec![0u8; (pk.len() + 7) / 8];

mbedtls/src/rust_printf.c

@@ -9,7 +9,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 
-extern void mbedtls_log(const char* msg);
+extern void mbedtls8_log(const char* msg);
 
 extern int mbedtls_printf(const char *fmt, ...) {
     va_list ap;
@@ -31,7 +31,7 @@ extern int mbedtls_printf(const char *fmt, ...) {
     if (n<0)
        return -1;
 
-    mbedtls_log(p);
+    mbedtls8_log(p);
 
     return n;
 }

mbedtls/src/self_test.rs

@@ -25,7 +25,7 @@ cfg_if::cfg_if! {
         // needs to be pub for global visiblity
         #[doc(hidden)]
         #[no_mangle]
-        pub unsafe extern "C" fn mbedtls_log(msg: *const std::os::raw::c_char) {
+        pub unsafe extern "C" fn mbedtls8_log(msg: *const std::os::raw::c_char) {
             print!("{}", std::ffi::CStr::from_ptr(msg).to_string_lossy());
         }
     } else {
@@ -35,11 +35,13 @@ cfg_if::cfg_if! {
         // needs to be pub for global visiblity
         #[doc(hidden)]
         #[no_mangle]
-        pub unsafe extern "C" fn mbedtls_log(msg: *const c_char) {
+        pub unsafe extern "C" fn mbedtls8_log(msg: *const c_char) {
             log_f.expect("Called self-test log without enabling self-test")(msg)
         }
     }
 }
+
+#[cfg(not(feature = "migration_mode"))]
 cfg_if::cfg_if! {
     if #[cfg(any(not(feature = "std"), target_env = "sgx"))] {
         #[allow(non_upper_case_globals)]
@@ -66,6 +68,7 @@ cfg_if::cfg_if! {
 /// The caller needs to ensure this function is not called while any other
 /// function in this module is called.
 #[allow(unused)]
+#[cfg(not(feature = "migration_mode"))]
 pub unsafe fn enable(rand: fn() -> c_int, log: Option<unsafe fn(*const c_char)>) {
     #[cfg(any(not(feature = "std"), target_env = "sgx"))] {
         rand_f = Some(rand);
@@ -79,6 +82,7 @@ pub unsafe fn enable(rand: fn() -> c_int, log: Option<unsafe fn(*const c_char)>)
 ///
 /// The caller needs to ensure this function is not called while any other
 /// function in this module is called.
+#[cfg(not(feature = "migration_mode"))]
 pub unsafe fn disable() {
     #[cfg(any(not(feature = "std"), target_env = "sgx"))] {
         rand_f = None;

mbedtls/src/ssl/context.rs

@@ -251,6 +251,7 @@ impl<T> Context<T> {
             client_transport_id: None,
         }
     }
+}
 
     pub(crate) fn handle(&self) -> &::mbedtls_sys::ssl_context {
         self.inner.handle()
@@ -541,7 +542,6 @@ impl<T: IoCallback + Write> Write for Context<T> {
         Ok(())
     }
 }
-
 //
 // Class exists only during SNI callback that is configured from Config.
 // SNI Callback must provide input whose lifetime exceeds the SNI closure to avoid memory corruptions.
@@ -555,7 +555,7 @@ impl<T: IoCallback + Write> Write for Context<T> {
 // - no reasonable way to obtain a storage within the sni callback tied to the handshake or to the rust Context. (without resorting to a unscalable map or pointer magic that mbedtls may invalidate)
 //
 impl HandshakeContext {
-    fn reset_handshake(&mut self) {
+    pub fn reset_handshake(&mut self) {
         self.handshake_cert.clear();
         self.handshake_pk.clear();
         self.handshake_ca_cert = None;

mbedtls/src/wrapper_macros.rs

@@ -61,6 +61,10 @@ macro_rules! define {
         define_struct!(define $(#[$m])* struct $name $(lifetime $l)* inner $inner members $($($(#[$mm])* $member: $member_type,)*)*);
         define_struct!(<< $name $(lifetime $l)* inner $inner >> $($defs)*);
     };
+    { #[c_custom_ty($inner:ident)] $(#[$m:meta])* struct $name:ident$(<$l:tt>)* $({ $($(#[$mm:meta])* $member:ident: $member_type:ty,)* })?; $($defs:tt)* } => {
+        define_struct!(define_custom $(#[$m])* struct $name $(lifetime $l)* inner $inner members $($($(#[$mm])* $member: $member_type,)*)*);
+        define_struct!(<< $name $(lifetime $l)* inner $inner >> $($defs)*);
+    };
     // Do not use UnsafeFrom with 'c_box_ty'. That is currently not supported as its not needed anywhere, support may be added in the future if needed anywhere.
     { #[c_box_ty($inner:ident)] $(#[$m:meta])* struct $name:ident$(<$l:tt>)* $({ $($(#[$mm:meta])* $member:ident: $member_type:ty,)* })?; $($defs:tt)* } => {
         define_struct!(define_box $(#[$m])* struct $name $(lifetime $l)* inner $inner members $($($(#[$mm])* $member: $member_type,)*)*);
@@ -109,6 +113,32 @@ macro_rules! define_enum {
 }
 
 macro_rules! define_struct {
+    { define_custom $(#[$m:meta])* struct $name:ident $(lifetime $l:tt)* inner $inner:ident members $($(#[$mm:meta])* $member:ident: $member_type:ty,)* } => {
+        as_item!(
+        #[allow(dead_code)]
+        $(#[$m])*
+        pub struct $name<$($l)*> {
+            $($(#[$mm])* $member: $member_type,)*
+        }
+        );
+
+        as_item!(
+        #[allow(dead_code)]
+        impl<$($l)*> $name<$($l)*> {
+            pub(crate) fn handle(&self) -> &::mbedtls_sys::$inner {
+                self.inner.handle()
+            }
+
+            pub(crate) fn handle_mut(&mut self) -> &mut ::mbedtls_sys::$inner {
+                self.inner.handle_mut()
+            }
+        }
+        );
+
+        as_item!(
+        unsafe impl<$($l)*> Send for $name<$($l)*> {}
+        );
+    };
     { define $(#[$m:meta])* struct $name:ident $(lifetime $l:tt)* inner $inner:ident members $($(#[$mm:meta])* $member:ident: $member_type:ty,)* } => {
         as_item!(
         #[allow(dead_code)]

mbedtls/tests/ec.rs

@@ -44,7 +44,7 @@ wvkbR/h/+CNU1mMPdGoooNsldBtbNKgoAIsirMI/kk+q+9TTP4HqZpVt/qor/fz1
 
 #[test]
 fn sign_verify() {
-    let mut k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
+    let k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
 
     let data = b"SIGNATURE TEST SIGNATURE TEST SI";
     let mut signature1 = [0u8; ECDSA_MAX_LEN];
@@ -67,7 +67,7 @@ fn sign_verify() {
 
 #[test]
 fn verify_failure() {
-    let mut k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
+    let k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
 
     let data = b"SIGNATURE TEST SIGNATURE TEST SI";
     let mut signature = [0u8; ECDSA_MAX_LEN];
@@ -150,7 +150,7 @@ fn sign_verify_rfc6979_sig() {
 
 #[test]
 fn buffer_too_small() {
-    let mut k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
+    let k = Pk::from_private_key(TEST_KEY_PEM.as_bytes(), None).unwrap();
 
     let data = b"SIGNATURE TEST SIGNATURE TEST SI";
     let mut signature = [0u8; ECDSA_MAX_LEN - 1];