Merge branch 'yx/new-async-usercalls_update-mbedtls-10' into yx/new-a…

…sync-usercalls_update-mbedtls
fortanix · Jun 8, 2023 · 1b0cf7c · 1b0cf7c
2 parents 736783a + eda3c8d
commit 1b0cf7c
Show file tree

Hide file tree

Showing 10 changed files with 200 additions and 106 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -37,7 +37,7 @@ exclude = ["examples"]
 
 [patch.crates-io]
 libc  = { git = "https://github.com/fortanix/libc.git", branch = "fortanixvme" }
-mbedtls = { git = "https://github.com/fortanix/rust-mbedtls", branch = "master" }
+mbedtls = { git = "https://github.com/fortanix/rust-mbedtls", branch = "yx/upgrade-mbedtls" }
 nix   = { git = "https://github.com/fortanix/nix.git", branch = "raoul/fortanixvme_r0.20.2" }
 serde = { git = "https://github.com/fortanix/serde.git", branch = "master" }
 vsock = { git = "https://github.com/fortanix/vsock-rs.git", branch = "fortanixvme" }

diff --git a/em-app/Cargo.toml b/em-app/Cargo.toml
@@ -14,7 +14,7 @@ b64-ct = "0.1.0"
 em-client = { version = "3.0.0", default-features = false, features = ["client"] }
 em-node-agent-client = "1.0.0"
 hyper = { version = "0.10", default-features = false }
-mbedtls = { version = "0.9.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
+mbedtls = { version = "0.10.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
 pkix = ">=0.1.2, <0.3.0"
 
 rustc-serialize = "0.3.24"

diff --git a/em-app/examples/get-certificate/Cargo.toml b/em-app/examples/get-certificate/Cargo.toml
@@ -7,5 +7,5 @@ license = "MPL-2.0"
 
 [dependencies]
 em-app = { path = "../../" }
-mbedtls = { version = "0.9.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
+mbedtls = { version = "0.10.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
 serde_json = "1.0"
diff --git a/em-app/examples/harmonize/Cargo.toml b/em-app/examples/harmonize/Cargo.toml
@@ -8,7 +8,7 @@ license = "MPL-2.0"
 
 [dependencies]
 em-app = { path = "../../" }
-mbedtls = { version = "0.9.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
+mbedtls = { version = "0.10.0", features = [ "rdrand", "std", "force_aesni_support", "mpi_force_c_code" ], default-features = false }
 serde_json = "1.0.62"
 serde = "1.0.123"
 serde_derive = "1.0.123"

diff --git a/em-app/src/utils.rs b/em-app/src/utils.rs
@@ -45,7 +45,7 @@ pub fn get_runtime_configuration(
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
 
     config.set_rng(Arc::new(mbedtls::rng::Rdrand));
-    config.set_min_version(Version::Tls1_2).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
+    config.set_min_version(Version::Tls12).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
 
     if let Some(ca_cert_list) = ca_cert_list {
         config.set_ca_list(ca_cert_list, ca_crl);
@@ -77,7 +77,7 @@ pub fn get_sdkms_dataset(
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
 
     config.set_rng(Arc::new(mbedtls::rng::Rdrand));
-    config.set_min_version(Version::Tls1_2).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
+    config.set_min_version(Version::Tls12).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
 
     if let Some(ca_cert_list) = ca_cert_list {
         config.set_ca_list(ca_cert_list, ca_crl);
@@ -112,7 +112,7 @@ pub fn https_get(url: Url,
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
 
     config.set_rng(Arc::new(mbedtls::rng::Rdrand));
-    config.set_min_version(Version::Tls1_2).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
+    config.set_min_version(Version::Tls12).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
 
     if let Some(ca_cert_list) = ca_cert_list {
         config.set_ca_list(ca_cert_list, ca_crl);
@@ -144,7 +144,7 @@ pub fn https_put(url: Url,
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
 
     config.set_rng(Arc::new(mbedtls::rng::Rdrand));
-    config.set_min_version(Version::Tls1_2).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
+    config.set_min_version(Version::Tls12).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
 
     if let Some(ca_cert_list) = ca_cert_list {
         config.set_ca_list(ca_cert_list, ca_crl);
@@ -222,7 +222,7 @@ pub fn get_mbedtls_hyper_connector_pool(ca_chain: Vec<Vec<u8>>, client_pki: Opti
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
 
     config.set_rng(Arc::new(mbedtls::rng::Rdrand));
-    config.set_min_version(Version::Tls1_2).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
+    config.set_min_version(Version::Tls12).map_err(|e| format!("TLS configuration failed: {:?}", e))?;
 
     if !ca_chain.is_empty() {
         let mut list = MbedtlsList::<Certificate>::new();

diff --git a/fortanix-vme/aws-nitro-enclaves/nitro-attestation-verify/Cargo.toml b/fortanix-vme/aws-nitro-enclaves/nitro-attestation-verify/Cargo.toml
@@ -10,7 +10,7 @@ serde_cbor = "0.11"
 # Required until PR36 is accepted
 # https://github.com/awslabs/aws-nitro-enclaves-cose/pull/36
 aws-nitro-enclaves-cose = { version = "0.5.0", git = "https://github.com/fortanix/aws-nitro-enclaves-cose.git", branch = "raoul/crypto_abstraction_pinned", default-features = false }
-mbedtls = { version = "0.9.0", features = ["rdrand", "std", "time"], default-features = false, optional = true }
+mbedtls = { version = "0.10.0", features = ["rdrand", "std", "time"], default-features = false, optional = true }
 num-bigint = "0.4"
 serde = { version = "1.0", features = ["derive"] }
 serde_bytes = "0.11"

diff --git a/intel-sgx/dcap-ql/Cargo.toml b/intel-sgx/dcap-ql/Cargo.toml
@@ -45,15 +45,15 @@ byteorder = "1.1.0" # Unlicense/MIT
 failure = "0.1.1"   # MIT/Apache-2.0
 lazy_static = "1"   # MIT/Apache-2.0
 libc = { version = "0.2", optional = true }        # MIT/Apache-2.0
-mbedtls = { version = ">=0.8.0, <0.10.0", default-features = false, optional = true }
+mbedtls = { version = "0.10.0", default-features = false, optional = true }
 num = { version = "0.2", optional = true }
 num-derive = "0.2"  # MIT/Apache-2.0
 num-traits = "0.2"  # MIT/Apache-2.0
 serde = { version = "1.0.104", features = ["derive"], optional = true } # MIT/Apache-2.0
 yasna = { version = "0.3", features = ["num-bigint", "bit-vec"], optional = true }
 
 [dev-dependencies]
-mbedtls = { version = ">=0.8.0, <0.10.0" }
+mbedtls = { version = "0.10.0" }
 "report-test" = { version = "0.3.1", path = "../report-test" }
 "sgxs" = { version = "0.7.0", path = "../sgxs" }
 serde = { version = "1.0.104", features = ["derive"] }

diff --git a/intel-sgx/ias/Cargo.toml b/intel-sgx/ias/Cargo.toml
@@ -20,7 +20,7 @@ serde_json = { version = "1", optional = true }
 serde = { version = "1.0.7", features = ["derive"] }
 url = "2.2"
 
-mbedtls = { version = ">=0.8.0, <0.10.0", features = ["std"], default-features = false, optional = true }
+mbedtls = { version = "0.10.0", features = ["std"], default-features = false, optional = true }
 pkix = ">=0.1.1, <0.3.0"
 
 sgx-isa = { version = "0.4", path = "../sgx-isa" }

diff --git a/intel-sgx/sgx-isa/Cargo.toml b/intel-sgx/sgx-isa/Cargo.toml
@@ -17,7 +17,7 @@ categories = ["hardware-support"]
 
 [dev-dependencies]
 # External dependencies
-mbedtls = { version = ">=0.8.0, <0.10.0", default-features = false, features = ["std"] }
+mbedtls = { version = "0.10.0", default-features = false, features = ["std"] }
 
 [dependencies]
 # External dependencies