fortanix · DrTobe · Jul 18, 2023 · Jul 18, 2023 · Jul 20, 2023 · Jul 20, 2023
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -33,6 +33,9 @@ jobs:
           - rust: stable
             target: x86_64-fortanix-unknown-sgx
             os: ubuntu-20.04
+          - rust: stable
+            target: thumbv7em-none-eabihf
+            os: ubuntu-20.04
           - rust: beta
             target: x86_64-unknown-linux-gnu
             os: ubuntu-20.04
@@ -48,12 +51,18 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - name: Install dependencies
+    - name: Install qemu for aarch64-unknown-linux-musl
       if: matrix.target == 'aarch64-unknown-linux-musl'
       run: |
         sudo apt-get update
         sudo apt-get install -y qemu-user
 
+    - name: Install arm-none-eabi-gcc toolchain for thumbv7em-none-eabihf
+      if: matrix.target == 'thumbv7em-none-eabihf'
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y gcc-arm-none-eabi
+
     - name: Setup Rust toolchain
       uses: actions-rs/toolchain@v1
       with:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ct.sh b/ct.sh
@@ -7,6 +7,21 @@ if [ -z $TRAVIS_RUST_VERSION ]; then
     exit 1
 fi
 
+# Set additional environment variables
+
+export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
+export CC_x86_64_fortanix_unknown_sgx=clang-11
+# For aarch64-unknown-linux-musl, refer to linux-musl-cross toolchain which is downloaded below and use qemu-aarch64 as runner
+export CC_aarch64_unknown_linux_musl=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
+export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
+export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER=qemu-aarch64
+
+
+# Setup dependencies and tools
+
+# According to `mbedtls-sys/vendor/README.md`, need to install needed pkgs
+python3 -m pip install -r ./mbedtls-sys/vendor/scripts/basic.requirements.txt
+
 # checks if a file has a specific sha512 hash, compatible for Linux and macOS
 check_sha512() {
     local hash="$1"
@@ -26,6 +41,7 @@ check_sha512() {
     esac
 }
 
+# Download aarch64-linux-musl-cross toolchain
 aarch64_cross_toolchain_hash=c8ee0e7fd58f5ec6811e3cec5fcdd8fc47cb2b49fb50e9d7717696ddb69c812547b5f389558f62dfbf9db7d6ad808a5a515cc466b8ea3e9ab3daeb20ba1adf33
 # save to directory that will be cached
 aarch64_cross_toolchain_save_path=/tmp/aarch64-linux-musl-cross.tgz
@@ -37,46 +53,42 @@ if [ "$TARGET" == "aarch64-unknown-linux-musl" ]; then
     tar -xf ${aarch64_cross_toolchain_save_path} -C /tmp;
 fi
 
-export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
-export CC_x86_64_fortanix_unknown_sgx=clang-11
-export CC_aarch64_unknown_linux_musl=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
-export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
-export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER=qemu-aarch64
-
-# Setup dependencies and tools
-
-# According to `mbedtls-sys/vendor/README.md`, need to install needed pkgs
-python3 -m pip install -r ./mbedtls-sys/vendor/scripts/basic.requirements.txt
-
-# function for downloading pre-built `cargo-nextest` on various platforms
-download_cargo_nextest() {
-    local platform="$1"
-    local cargo_nextest_hash="$2"
-    local url="$3"
-    echo "Check if need to download pre-built $platform 'cargo-nextest'"
-    if ! check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"; then
-        curl -LsSf "$url" | tar zxf - -C "${CARGO_HOME:-$HOME/.cargo}/bin"
-        check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"
-    fi
-}
-# download pre-built `cargo-nextest`
-kernel=$(uname)
-architecture=$(uname -m)
-case "$kernel-$architecture" in
-  Linux-x86_64 | Linux-amd64)
-    download_cargo_nextest "amd64" "d22ce5799f3056807fd0cd8223a290c7153a5f084d5ab931fce755c2cabd33f79c0f75542eb724fe07a7ca083f415ec1f84edc46584b06df43d97a0ff91018da" "https://get.nexte.st/0.9.52/linux"
-    ;;
-  Linux-arm64)
-    download_cargo_nextest "arm64" "cff3297c84560de8693e7f887fcf6cf33ab0036e27a9debf2b0a0832094555335f34dc30d0f9d1128ce8472dcb4594a3cf33be2357b19dcc94269b58090cc1a9" "https://get.nexte.st/0.9.52/linux-arm"
-    ;;
-  Darwin-x86_64)
-    download_cargo_nextest "Darwin-amd64" "0bb8b77ce019de3d06ee6b7382d830ed67309f187781e0de3866a0635879b494c7db48d55eee7553cfaa0bfca59abd8f8540a6d81ed703f06f9c81514d20073d" "https://get.nexte.st/0.9.52/mac"
-    ;;
-  *)
-    echo "Unknown platform '$kernel-$architecture'"
-    exit 1
-    ;;
-esac
+# Download cargo-nextest
+if [ "$TARGET" == "x86_64-fortanix-unknown-sgx" ] || [ "$TARGET" == "thumbv7em-none-eabihf" ]; then
+    # The x86_64-fortanix-unknown-sgx target is not tested with nextest, for thumbv7em-none-eabihf
+    # we just build without running anything.
+    true
+else
+    # function for downloading pre-built `cargo-nextest` on various platforms
+    download_cargo_nextest() {
+        local platform="$1"
+        local cargo_nextest_hash="$2"
+        local url="$3"
+        echo "Check if need to download pre-built $platform 'cargo-nextest'"
+        if ! check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"; then
+            curl -LsSf "$url" | tar zxf - -C "${CARGO_HOME:-$HOME/.cargo}/bin"
+            check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"
+        fi
+    }
+    # download pre-built `cargo-nextest`
+    kernel=$(uname)
+    architecture=$(uname -m)
+    case "$kernel-$architecture" in
+      Linux-x86_64 | Linux-amd64)
+        download_cargo_nextest "amd64" "d22ce5799f3056807fd0cd8223a290c7153a5f084d5ab931fce755c2cabd33f79c0f75542eb724fe07a7ca083f415ec1f84edc46584b06df43d97a0ff91018da" "https://get.nexte.st/0.9.52/linux"
+        ;;
+      Linux-arm64)
+        download_cargo_nextest "arm64" "cff3297c84560de8693e7f887fcf6cf33ab0036e27a9debf2b0a0832094555335f34dc30d0f9d1128ce8472dcb4594a3cf33be2357b19dcc94269b58090cc1a9" "https://get.nexte.st/0.9.52/linux-arm"
+        ;;
+      Darwin-x86_64)
+        download_cargo_nextest "Darwin-amd64" "0bb8b77ce019de3d06ee6b7382d830ed67309f187781e0de3866a0635879b494c7db48d55eee7553cfaa0bfca59abd8f8540a6d81ed703f06f9c81514d20073d" "https://get.nexte.st/0.9.52/mac"
+        ;;
+      *)
+        echo "Unknown platform '$kernel-$architecture'"
+        exit 1
+        ;;
+    esac
+fi
 
 
 # Test logic start from here
@@ -87,8 +99,15 @@ if [ "$TRAVIS_RUST_VERSION" == "stable" ] || [ "$TRAVIS_RUST_VERSION" == "beta"
     rustup target add --toolchain $TRAVIS_RUST_VERSION $TARGET
     printenv
 
-    # The SGX target cannot be run under test like a ELF binary
-    if [ "$TARGET" != "x86_64-fortanix-unknown-sgx" ]; then
+    if [ "$TARGET" == "x86_64-fortanix-unknown-sgx" ]; then
+        # The SGX target cannot be run under test like a ELF binary
+        cargo +$TRAVIS_RUST_VERSION test --no-run --target=$TARGET
+        cargo +$TRAVIS_RUST_VERSION test --no-default-features --features dsa,force_aesni_support,mpi_force_c_code,rdrand,std,time,tls13 --no-run --target=$TARGET
+    elif [ "$TARGET" == "thumbv7em-none-eabihf" ]; then
+        # thumbv7em-none-eabihf is a no_std target, the tests can not be run, we can only check that it builds successfully
+        #cargo build --no-default-features --features no_std_deps --target $TARGET
+        true
+    else
         # make sure that explicitly providing the default target works
         cargo nextest run --target $TARGET --release
         cargo nextest run --features dsa --target $TARGET
@@ -107,9 +126,6 @@ if [ "$TRAVIS_RUST_VERSION" == "stable" ] || [ "$TRAVIS_RUST_VERSION" == "beta"
         if [ "$TARGET" == "x86_64-apple-darwin" ]; then
             cargo nextest run --no-default-features --features no_std_deps --target $TARGET
         fi
-    else
-        cargo +$TRAVIS_RUST_VERSION test --no-run --target=$TARGET
-        cargo +$TRAVIS_RUST_VERSION test --no-default-features --features dsa,force_aesni_support,mpi_force_c_code,rdrand,std,time,tls13 --no-run --target=$TARGET
     fi
 
 else

diff --git a/mbedtls-platform-support/Cargo.toml b/mbedtls-platform-support/Cargo.toml
@@ -22,7 +22,7 @@ links = "mbedtls-platform-support"
 cfg-if = "1.0.0"
 spin = { version = "0.4.0", default-features = false, optional = true }
 chrono = { version = "0.4", optional = true }
-once_cell = "1.17.1"
+once_cell = { version = "1.17.1", default-features = false }
 
 [target.x86_64-fortanix-unknown-sgx.dependencies]
 chrono = "0.4"
@@ -31,15 +31,16 @@ zeroize = { version = "1.6.0", default-features = false }
 [dependencies.mbedtls-sys-auto]
 version = "3.5.0-alpha.1+0b3de6f"
 default-features = false
-features = ["threading", "custom_printf"]
+features = ["custom_printf"]
 path = "../mbedtls-sys"
 
 [build-dependencies]
 cc = "1.0"
 
 [features]
 time = ["mbedtls-sys-auto/time"]
-std = ["mbedtls-sys-auto/std"]
+std = ["mbedtls-sys-auto/std", "once_cell/std"]
+no_std_deps = ["spin", "once_cell/critical-section"]
 force_aesni_support = ["mbedtls-sys-auto/custom_has_support", "mbedtls-sys-auto/aes_alt", "aesni"]
 aesni = ["mbedtls-sys-auto/aesni"]
 tls13 = ["mbedtls-sys-auto/tls13"]

diff --git a/mbedtls-sys/build/headers.rs b/mbedtls-sys/build/headers.rs
@@ -28,7 +28,7 @@ use crate::features::FEATURES;
 #[cfg_attr(rustfmt, rustfmt_skip)]
 pub const ORDERED: &'static [(Option<&'static str>, &'static str)] = &[
     (None,                 "build_info.h"),
-    (None,                 "platform_time.h"),
+    (Some("time"),         "platform_time.h"),
     (None,                 "private_access.h"),
     (None,                 "platform_util.h"),
     (None,                 "bignum.h"),

diff --git a/mbedtls/Cargo.toml b/mbedtls/Cargo.toml
@@ -34,7 +34,7 @@ rs-libc = "0.2.4"
 [dependencies.mbedtls-sys-auto]
 version = "3.5.0-alpha.1+0b3de6f"
 default-features = false
-features = ["trusted_cert_callback", "threading"]
+features = ["trusted_cert_callback"]
 path = "../mbedtls-sys"
 
 [dependencies.mbedtls-platform-support]
@@ -61,15 +61,16 @@ cc = "1.0"
 
 [features]
 # Features are documented in the README
-default = ["std", "aesni", "time", "padlock"]
+default = ["std", "aesni", "time", "threading", "padlock"]
 std = ["byteorder/std", "mbedtls-sys-auto/std", "serde/std", "yasna", "mbedtls-platform-support/std"]
 debug = ["mbedtls-sys-auto/debug"]
-no_std_deps = ["mbedtls-platform-support/spin", "serde/alloc"]
+no_std_deps = ["mbedtls-platform-support/no_std_deps", "serde/alloc"]
 force_aesni_support = ["mbedtls-platform-support/force_aesni_support", "aesni"]
 mpi_force_c_code = ["mbedtls-sys-auto/mpi_force_c_code"]
 rdrand = ["mbedtls-platform-support/rdrand"]
 aesni = ["mbedtls-platform-support/aesni"]
 time = ["mbedtls-platform-support/time"]
+threading = ["mbedtls-sys-auto/threading"]
 padlock = ["mbedtls-sys-auto/padlock"]
 dsa = ["std", "yasna", "num-bigint", "bit-vec"]
 async = ["std", "tokio", "tokio/net", "tokio/io-util", "tokio/macros"]

diff --git a/mbedtls/src/bignum/mod.rs b/mbedtls/src/bignum/mod.rs
@@ -13,7 +13,7 @@ use crate::error::{IntoResult, Result, codes};
 use mbedtls_sys::*;
 
 #[cfg(not(feature = "std"))]
-use crate::alloc_prelude::*;
+use crate::no_std_prelude::*;
 
 use core::cmp::Ordering;
 use core::fmt::{Binary, Debug, Display, Formatter, Octal, Result as FmtResult, UpperHex};

diff --git a/mbedtls/src/cipher/raw/mod.rs b/mbedtls/src/cipher/raw/mod.rs
@@ -13,7 +13,7 @@ use mbedtls_sys::*;
 use crate::error::{IntoResult, Result, codes};
 
 #[cfg(not(feature = "std"))]
-use crate::alloc_prelude::*;
+use crate::no_std_prelude::*;
 
 mod serde;
 

diff --git a/mbedtls/src/cipher/raw/serde.rs b/mbedtls/src/cipher/raw/serde.rs
@@ -7,7 +7,7 @@
  * according to those terms. */
 
 #[cfg(not(feature = "std"))]
-use crate::alloc_prelude::*;
+use crate::no_std_prelude::*;
 use crate::cipher::*;
 use core::convert::TryInto;
 use core::fmt;

diff --git a/mbedtls/src/ecp/mod.rs b/mbedtls/src/ecp/mod.rs
@@ -11,7 +11,7 @@ use crate::error::{Error, IntoResult, Result, codes};
 use mbedtls_sys::*;
 
 #[cfg(not(feature = "std"))]
-use crate::alloc_prelude::*;
+use crate::no_std_prelude::*;
 
 use crate::bignum::Mpi;
 use crate::pk::EcGroupId;

diff --git a/mbedtls/src/error.rs b/mbedtls/src/error.rs
@@ -38,21 +38,21 @@ pub const ERR_UTF8_INVALID: c_int = -0x10000;
 macro_rules! error_enum {
     {
         const MASK: c_int = $mask:literal;
-        enum $n:ident {$($rust:ident = $c:ident,)*}
+        enum $n:ident {$($(#[$attribute:meta])*$rust:ident = $c:ident,)*}
     } => {
         #[non_exhaustive]
         #[derive(Debug, Eq, PartialEq, Copy, Clone)]
         pub enum $n {
-            $($rust,)*
+            $($(#[$attribute])* $rust,)*
             Unknown(c_int)
         }
 
         impl From<c_int> for $n {
             fn from(code: c_int) -> $n {
                 // check against mask here (not in match blook) to make it compile-time
-                $(const $c: c_int = $n::assert_in_mask(::mbedtls_sys::$c);)*
+                $($(#[$attribute])* const $c: c_int = $n::assert_in_mask(::mbedtls_sys::$c);)*
                 match -code {
-                    $($c => return $n::$rust),*,
+                    $($(#[$attribute])* $c => return $n::$rust),*,
                     _ => return $n::Unknown(-code)
                 }
             }
@@ -61,7 +61,7 @@ macro_rules! error_enum {
         impl From<$n> for c_int {
             fn from(error: $n) -> c_int {
                 match error {
-                    $($n::$rust => return ::mbedtls_sys::$c,)*
+                    $($(#[$attribute])* $n::$rust => return ::mbedtls_sys::$c,)*
                     $n::Unknown(code) => return code,
                 }
             }
@@ -79,7 +79,7 @@ macro_rules! error_enum {
 
             pub fn as_str(&self)-> &'static str {
                 match self {
-                    $($n::$rust => concat!("mbedTLS error ", stringify!($n::$rust)),)*
+                    $($(#[$attribute])* $n::$rust => concat!("mbedTLS error ", stringify!($n::$rust)),)*
                     $n::Unknown(_) => concat!("mbedTLS unknown ", stringify!($n), " error")
                 }
             }
@@ -445,7 +445,9 @@ error_enum!(
         Sha1BadInputData = ERR_SHA1_BAD_INPUT_DATA,
         Sha256BadInputData = ERR_SHA256_BAD_INPUT_DATA,
         Sha512BadInputData = ERR_SHA512_BAD_INPUT_DATA,
+        #[cfg(feature = "threading")]
         ThreadingBadInputData = ERR_THREADING_BAD_INPUT_DATA,
+        #[cfg(feature = "threading")]
         ThreadingMutexError = ERR_THREADING_MUTEX_ERROR,
     }
 );

diff --git a/mbedtls/src/lib.rs b/mbedtls/src/lib.rs
@@ -94,15 +94,16 @@ pub use mbedtls_platform_support::psa_crypto_init;
 extern crate alloc as rust_alloc;
 
 #[cfg(not(feature = "std"))]
-mod alloc_prelude {
+/// Contains types which are normally part of std::prelude
+/// (see https://doc.rust-lang.org/std/prelude/index.html) so they can easiliy be used in no_std
+/// builds with `use no_std_prelude::*`
+mod no_std_prelude {
     #![allow(unused)]
     pub(crate) use rust_alloc::borrow::ToOwned;
     pub(crate) use rust_alloc::boxed::Box;
-    pub(crate) use rust_alloc::sync::Arc;
     pub(crate) use rust_alloc::string::String;
     pub(crate) use rust_alloc::string::ToString;
     pub(crate) use rust_alloc::vec::Vec;
-    pub(crate) use rust_alloc::borrow::Cow;
 }
 
 cfg_if::cfg_if! {

diff --git a/mbedtls/src/pk/mod.rs b/mbedtls/src/pk/mod.rs
@@ -7,7 +7,7 @@
  * according to those terms. */
 
 #[cfg(not(feature = "std"))]
-use crate::alloc_prelude::*;
+use crate::no_std_prelude::*;
 use mbedtls_sys::*;
 
 use core::ptr;