Update a few more comments

fortanix · Dec 10, 2020 · 3344b8d · 3344b8d
1 parent 2e0ca77
commit 3344b8d
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 102 deletions.
diff --git a/mbedtls/src/rng/ctr_drbg.rs b/mbedtls/src/rng/ctr_drbg.rs
@@ -84,21 +84,10 @@ impl CtrDrbg {
         }
     }
 
-    pub fn entropy_len(&self) -> size_t {
-        self.inner.entropy_len
-    }
-
-    pub fn set_entropy_len(&mut self, len: size_t) {
-        unsafe { ctr_drbg_set_entropy_len(&mut *self.inner, len); }
-    }
-
-    pub fn reseed_interval(&self) -> c_int {
-        self.inner.reseed_interval
-    }
-
-    pub fn set_reseed_interval(&mut self, i: c_int) {
-        unsafe { ctr_drbg_set_reseed_interval(&mut *self.inner, i); }
-    }
+    getter!(entropy_len() -> size_t = .entropy_len);
+    setter!(set_entropy_len(len: size_t) = ctr_drbg_set_entropy_len);
+    getter!(reseed_interval() -> c_int = .reseed_interval);
+    setter!(set_reseed_interval(i: c_int) = ctr_drbg_set_reseed_interval);
 
     pub fn reseed(&mut self, additional_entropy: Option<&[u8]>) -> Result<()> {
         unsafe {
@@ -117,6 +106,13 @@ impl CtrDrbg {
     pub fn update(&mut self, entropy: &[u8]) {
         unsafe { ctr_drbg_update(&mut *self.inner, entropy.as_ptr(), entropy.len()) };
     }
+
+    // TODO:
+    //
+    // ctr_drbg_random_with_add
+    // ctr_drbg_write_seed_file
+    // ctr_drbg_update_seed_file
+    //
 }
 
 impl RngCallbackMut for CtrDrbg {

diff --git a/mbedtls/src/rng/os_entropy.rs b/mbedtls/src/rng/os_entropy.rs
@@ -6,12 +6,14 @@
  * option. This file may not be copied, modified, or distributed except
  * according to those terms. */
 
-use crate::error::{IntoResult, Result};
-use crate::rng::EntropyCallback;
+use std::sync::Arc;
+
 use mbedtls_sys::*;
 use mbedtls_sys::types::raw_types::{c_int, c_uchar, c_void};
 use mbedtls_sys::types::size_t;
-use std::sync::Arc;
+
+use crate::error::{IntoResult, Result};
+use crate::rng::{EntropyCallback,EntropyCallbackMut};
 
 callback!(EntropySourceCallbackMut,EntropySourceCallback(data: *mut c_uchar, size: size_t, out: *mut size_t) -> c_int);
 
@@ -97,3 +99,16 @@ impl EntropyCallback for OsEntropy {
         &self.inner as *const _ as *mut _
     }
 }
+
+impl EntropyCallbackMut for OsEntropy {
+    #[inline(always)]
+    unsafe extern "C" fn call_mut(user_data: *mut c_void, data: *mut c_uchar, len: size_t) -> c_int {
+        // mutex used in entropy_func: ../../../mbedtls-sys/vendor/crypto/library/entropy.c:348
+        // note: we're not using MBEDTLS_ENTROPY_NV_SEED so the initialization is not present or a race condition.
+        entropy_func(user_data, data, len)
+    }
+
+    fn data_ptr_mut(&mut self) -> *mut c_void {
+        &self.inner as *const _ as *mut _
+    }
+}
diff --git a/mbedtls/src/ssl/config.rs b/mbedtls/src/ssl/config.rs
@@ -101,6 +101,11 @@ define!(
     }
 );
 
+callback!(VerifyCallback: Fn(&Certificate, i32, &mut VerifyError) -> Result<()>);
+callback!(DbgCallback: Fn(i32, &str, i32, &str) -> ());
+callback!(SniCallback: Fn(&mut HandshakeContext, &[u8]) -> Result<()>);
+callback!(CaCallback: Fn(&Certificate, &mut ForeignOwnedCertListBuilder) -> Result<()>);
+
 define!(
     // Moving data may cause dangling pointers: https://github.com/ARMmbed/mbedtls/issues/2147
     // Storing data in heap and forcing rust move to only move the pointer (box) referencing it.
@@ -127,30 +132,11 @@ define!(
         #[allow(dead_code)]
         dhm: Option<Arc<Dhm>>,
 
-        #[cfg(feature = "threading")]
-        verify_callback: Option<Arc<dyn (Fn(&Certificate, i32, &mut VerifyError) -> Result<()>) + Send + Sync + 'static>>,
-        #[cfg(not (feature = "threading"))]
-        verify_callback: Option<Arc<dyn (Fn(&Certificate, i32, &mut VerifyError) -> Result<()>) + 'static>>,
-
-        #[cfg(all(feature = "threading", feature = "std"))]
-        dbg_callback: Option<Arc<dyn (Fn(i32, &str, i32, &str) -> ()) + Send + Sync + 'static>>,
-        #[cfg(all(not(feature = "threading"), feature = "std"))]
-        dbg_callback: Option<Arc<dyn (Fn(i32, &str, i32, &str) -> ()) + 'static>>,
-
-        #[cfg(feature = "threading")]
-        sni_callback: Option<Arc<dyn (Fn(&mut HandshakeContext, &[u8]) -> Result<()>) + Send + Sync + 'static>>,
-        #[cfg(not (feature = "threading"))]
-        sni_callback: Option<Arc<dyn (Fn(&mut HandshakeContext, &[u8]) -> Result<()>) + 'static>>,
-
-        #[cfg(feature = "threading")]
-        ticket_callback: Option<Arc<dyn TicketCallback + Send + Sync + 'static>>,
-        #[cfg(not (feature = "threading"))]
+        verify_callback: Option<Arc<dyn VerifyCallback + 'static>>,
+        dbg_callback: Option<Arc<dyn DbgCallback + 'static>>,
+        sni_callback: Option<Arc<dyn SniCallback + 'static>>,
         ticket_callback: Option<Arc<dyn TicketCallback + 'static>>,
-
-        #[cfg(feature = "threading")]
-        ca_callback: Option<Arc<dyn (Fn(&Certificate, &mut ForeignOwnedCertListBuilder) -> Result<()>) + Send + Sync + 'static>>,
-        #[cfg(not (feature = "threading"))]
-        ca_callback: Option<Arc<dyn (Fn(&Certificate, &mut ForeignOwnedCertListBuilder) -> Result<()>) + 'static>>,
+        ca_callback: Option<Arc<dyn CaCallback + 'static>>,
     };
     const drop: fn(&mut Self) = ssl_config_free;
     impl<'a> Into<ptr> {}
@@ -190,17 +176,14 @@ impl Config {
         }
     }
 
-    pub fn set_authmode(&mut self, authmode: AuthMode) {
-        unsafe { ssl_conf_authmode(self.into(), authmode as c_int); }
-    }
-
-    pub fn read_timeout(&self) -> u32 {
-        self.inner.read_timeout
-    }
-
-    pub fn set_read_timeout(&mut self, t: u32) {
-        unsafe { ssl_conf_read_timeout(self.into(), t); }
-    }
+    // need bitfield support getter!(endpoint() -> Endpoint = field endpoint);
+    setter!(set_endpoint(e: Endpoint) = ssl_conf_endpoint);
+    // need bitfield support getter!(transport() -> Transport = field transport);
+    setter!(set_transport(t: Transport) = ssl_conf_transport);
+    // need bitfield support getter!(authmode() -> AuthMode = field authmode);
+    setter!(set_authmode(am: AuthMode) = ssl_conf_authmode);
+    getter!(read_timeout() -> u32 = .read_timeout);
+    setter!(set_read_timeout(t: u32) = ssl_conf_read_timeout);
 
     fn check_c_list<T: Default + Eq>(list: &[T]) {
         assert!(list.last() == Some(&T::default()));
@@ -262,9 +245,7 @@ impl Config {
     }
 
     // Profile as implemented in profile.rs can only point to global variables from mbedtls which would have 'static lifetime
-    pub fn set_cert_profile(&mut self, p: &'static Profile) {
-        unsafe { ssl_conf_cert_profile(self.into(), p.into()) };
-    }
+    setter!(set_cert_profile(p: &Profile) = ssl_conf_cert_profile);
 
     /// Takes both DER and PEM forms of FFDH parameters in `DHParams` format.
     ///
@@ -315,18 +296,17 @@ impl Config {
         self.ticket_callback = Some(cb);
     }
 
-    pub fn set_session_tickets(&mut self, u: UseSessionTickets) {
-        unsafe { ssl_conf_session_tickets(self.into(), u.into()); }
-    }
+    setter!(
+        /// Client only: whether to remember and use session tickets
+        set_session_tickets(u: UseSessionTickets) = ssl_conf_session_tickets
+    );
 
-    pub fn set_renegotiation(&mut self, u: Renegotiation) {
-        unsafe { ssl_conf_renegotiation(self.into(), u.into()); }
-    }
+    setter!(set_renegotiation(u: Renegotiation) = ssl_conf_renegotiation);
 
-    /// Client only: minimal FFDH group size
-    pub fn set_ffdh_min_bitlen(&mut self, bitlen: c_uint) {
-        unsafe { ssl_conf_dhm_min_bitlen(self.into(), bitlen); }
-    }
+    setter!(
+        /// Client only: minimal FFDH group size
+        set_ffdh_min_bitlen(bitlen: c_uint) = ssl_conf_dhm_min_bitlen
+    );
 
     #[cfg(feature = "threading")]
     pub fn set_sni_callback<F>(&mut self, cb: F)
@@ -349,60 +329,30 @@ impl Config {
     // The docs for mbedtls_x509_crt_verify say "The [callback] should return 0 for anything but a
     // fatal error.", so verify callbacks should return Ok(()) for anything but a fatal error.
     // Report verification errors by updating the flags in VerifyError.
-    #[cfg(feature = "threading")]
     pub fn set_verify_callback<F>(&mut self, cb: F)
     where
-        F: Fn(&Certificate, i32, &mut VerifyError) -> Result<()> + Send + Sync + 'static,
+        F: VerifyCallback + 'static,
     {
         self.verify_callback = Some(Arc::new(cb));
         unsafe { ssl_conf_verify(self.into(), Some(verify_callback::<F>), &**self.verify_callback.as_mut().unwrap() as *const _ as *mut c_void) }
     }
 
-    #[cfg(not(feature = "threading"))]
-    pub fn set_verify_callback<F>(&mut self, cb: F)
-    where
-        F: Fn(&Certificate, i32, &mut VerifyError) -> Result<()> + 'static,
-    {
-        self.verify_callback = Some(Arc::new(cb));
-        unsafe { ssl_conf_verify(self.into(), Some(verify_callback::<F>), &**self.verify_callback.as_ref().unwrap() as *const _ as *mut c_void) }
-    }
-
-    #[cfg(feature = "threading")]
-    pub fn set_ca_callback<F>(&mut self, cb: F)
-    where
-        F: Fn(&Certificate, &mut ForeignOwnedCertListBuilder) -> Result<()> + Send + Sync + 'static,
-    {
-        self.ca_callback = Some(Arc::new(cb));
-        unsafe { ssl_conf_ca_cb( self.into(), Some(ca_callback::<F>), &**self.ca_callback.as_mut().unwrap() as *const _ as *mut c_void) }
-    }
-
-    #[cfg(not(feature = "threading"))]
     pub fn set_ca_callback<F>(&mut self, cb: F)
     where
-        F: Fn(&Certificate, &mut ForeignOwnedCertListBuilder) -> Result<()> + 'static,
+        F: CaCallback + 'static,
     {
         self.ca_callback = Some(Arc::new(cb));
         unsafe { ssl_conf_ca_cb( self.into(), Some(ca_callback::<F>), &**self.ca_callback.as_mut().unwrap() as *const _ as *mut c_void) }
     }
 
-    #[cfg(all(feature = "threading", feature = "std"))]
-    pub fn set_dbg_callback<F>(&mut self, cb: F)
-    where
-        F: (Fn(i32, &str, i32, &str) -> ()) + Send + Sync + 'static,
-    {
-        self.dbg_callback = Some(Arc::new(cb));
-        unsafe { ssl_conf_dbg(self.into(), Some(dbg_callback::<F>), &**self.dbg_callback.as_mut().unwrap() as *const _ as *mut c_void) }
-    }
-
-    #[cfg(all(not(feature = "threading"), feature = "std"))]
+    #[cfg(feature = "std")]
     pub fn set_dbg_callback<F>(&mut self, cb: F)
     where
-        F: (Fn(i32, &str, i32, &str) -> ()) + 'static,
+        F: DbgCallback + 'static,
     {
         self.dbg_callback = Some(Arc::new(cb));
         unsafe { ssl_conf_dbg(self.into(), Some(dbg_callback::<F>), &**self.dbg_callback.as_mut().unwrap() as *const _ as *mut c_void) }
     }
-
 }
 
 /// Builds a linked list of x509_crt instances, all of which are owned by mbedtls. That is, the
@@ -589,7 +539,6 @@ where
     }
 }
 
-
 // TODO
 // ssl_conf_export_keys_cb
 // ssl_conf_dtls_cookies

diff --git a/mbedtls/src/ssl/ticket.rs b/mbedtls/src/ssl/ticket.rs
@@ -20,6 +20,7 @@ use crate::error::{IntoResult, Result};
 use crate::rng::RngCallback;
 
 
+#[cfg(feature = "threading")]
 pub trait TicketCallback {
     unsafe extern "C" fn call_write(
         p_ticket: *mut c_void,
@@ -39,6 +40,26 @@ pub trait TicketCallback {
     fn data_ptr(&self) -> *mut c_void;
 }
 
+#[cfg(not(feature = "threading"))]
+pub trait TicketCallback: Sync{
+    unsafe extern "C" fn call_write(
+        p_ticket: *mut c_void,
+        session: *const ssl_session,
+        start: *mut c_uchar,
+        end: *const c_uchar,
+        tlen: *mut size_t,
+        lifetime: *mut u32,
+    ) -> c_int where Self: Sized;
+    unsafe extern "C" fn call_parse(
+        p_ticket: *mut c_void,
+        session: *mut ssl_session,
+        buf: *mut c_uchar,
+        len: size_t,
+    ) -> c_int where Self: Sized;
+
+    fn data_ptr(&self) -> *mut c_void;
+}
+
 
 define!(
     #[c_ty(ssl_ticket_context)]

diff --git a/mbedtls/src/wrapper_macros.rs b/mbedtls/src/wrapper_macros.rs
@@ -67,7 +67,7 @@ macro_rules! callback {
         }
 
         #[cfg(not(feature="threading"))]
-        impl<F> $m for F where F: $n + Fn($($ty),*) -> $ret {
+        impl<F> $m for F where F: Fn($($ty),*) -> $ret {
             unsafe extern "C" fn call(user_data: *mut ::mbedtls_sys::types::raw_types::c_void, $($arg:$ty),*) -> $ret where Self: Sized {
                 (&mut*(user_data as *mut F))($($arg),*)
             }
@@ -78,7 +78,7 @@ macro_rules! callback {
         }
 
         #[cfg(feature="threading")]
-        impl<F> $m for F where F: $n + Sync + Fn($($ty),*) -> $ret {
+        impl<F> $m for F where F: Sync + Fn($($ty),*) -> $ret {
             unsafe extern "C" fn call(user_data: *mut ::mbedtls_sys::types::raw_types::c_void, $($arg:$ty),*) -> $ret where Self: Sized {
                 (&mut*(user_data as *mut F))($($arg),*)
             }
@@ -88,6 +88,17 @@ macro_rules! callback {
             }
         }
     };
+    ($t:ident: $($bound:tt)*) => {
+        #[cfg(feature = "threading")]
+        pub trait $t: $($bound)* {}
+        #[cfg(not(feature = "threading"))]
+        pub trait $t: $($bound)* + Sync {}
+
+        #[cfg(feature = "threading")]
+        impl<F: $($bound)*> $t for F {}
+        #[cfg(not(feature = "threading"))]
+        impl<F: $($bound)* + Sync> $t for F {}
+    };
 }
 
 macro_rules! define {