fix: fix no logging

rustls-mbedcrypto-provider/Cargo.toml

@@ -20,7 +20,7 @@ rustls = { git = "https://github.com/rustls/rustls", rev = "b776a5778ad333653670
 mbedtls = { version = "0.12.0-alpha.1", default-features = false, features = [
     "std",
 ] }
-log = "0.4.20"
+log = { version = "0.4.20", optional = true }
 
 [dev-dependencies]
 rustls = { git = "https://github.com/rustls/rustls", rev = "b776a5778ad333653670c34ff9125d8ae59b6047", version = "0.22.0-alpha.4", default-features = false, features = [
@@ -34,10 +34,11 @@ pki-types = { package = "rustls-pki-types", version = "0.2.0" }
 webpki-roots = "0.26.0-alpha.1"
 rustls-pemfile = "=2.0.0-alpha.1"
 env_logger = "0.10"
+log = { version = "0.4.20" }
 
 [features]
 default = ["logging", "tls12"]
-logging = ["rustls/logging"]
+logging = ["rustls/logging", "log"]
 tls12 = ["rustls/tls12"]
 rdrand = ["mbedtls/rdrand"]
 read_buf = ["rustversion", "rustls/read_buf"]

rustls-mbedcrypto-provider/src/lib.rs

@@ -1,20 +1,19 @@
-mod mbedtls;
-
 extern crate alloc;
 
-use rustls::*;
-
-pub use mbedtls::*;
-
 // log for logging (optional).
 #[cfg(feature = "logging")]
 use log;
 
 #[cfg(not(feature = "logging"))]
 #[macro_use]
-mod log {
+#[allow(unused_macros)]
+pub(crate) mod log {
     macro_rules! trace    ( ($($tt:tt)*) => {{}} );
     macro_rules! debug    ( ($($tt:tt)*) => {{}} );
     macro_rules! warn     ( ($($tt:tt)*) => {{}} );
     macro_rules! error    ( ($($tt:tt)*) => {{}} );
 }
+
+mod mbedtls;
+
+pub use mbedtls::*;

rustls-mbedcrypto-provider/src/mbedtls/aead.rs

@@ -3,16 +3,6 @@ use mbedtls::cipher::raw::{CipherId, CipherMode, CipherType};
 /// All the AEADs we support use 128-bit tags.
 pub(crate) const TAG_LEN: usize = 16;
 
-/// The maximum byte length of a tag for the algorithms in this module.
-#[allow(dead_code)]
-pub(crate) const MAX_TAG_LEN: usize = TAG_LEN;
-
-pub(crate) const MAX_FRAGMENT_LEN: usize = 16384;
-
-pub(crate) const GCM_FIXED_IV_LEN: usize = 4;
-pub(crate) const GCM_EXPLICIT_NONCE_LEN: usize = 8;
-pub(crate) const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16;
-
 pub(crate) static AES128_GCM: Algorithm = Algorithm {
     key_length: 128 / 8,
     cipher_type: CipherType::Aes128Gcm,

rustls-mbedcrypto-provider/src/mbedtls/hash.rs

@@ -1,10 +1,10 @@
 use std::sync::Mutex;
 
-use crate::crypto::hash::{self, HashAlgorithm};
 use alloc::boxed::Box;
 use alloc::sync::Arc;
 use alloc::vec;
 use alloc::vec::Vec;
+use rustls::crypto::hash::{self, HashAlgorithm};
 
 pub(crate) static SHA256: Hash = Hash(&MBED_SHA_256);
 pub(crate) static SHA384: Hash = Hash(&MBED_SHA_384);

rustls-mbedcrypto-provider/src/mbedtls/hmac.rs

@@ -1,11 +1,11 @@
-use crate::crypto;
+#[cfg(feature = "logging")]
 use crate::log::error;
 use alloc::boxed::Box;
 use alloc::sync::Arc;
 use alloc::vec;
 use alloc::vec::Vec;
+use rustls::crypto;
 use std::sync::Mutex;
-
 pub(crate) static HMAC_SHA256: Hmac = Hmac(&super::hash::MBED_SHA_256);
 pub(crate) static HMAC_SHA384: Hmac = Hmac(&super::hash::MBED_SHA_384);
 
@@ -63,14 +63,14 @@ impl MbedHmacContext {
                     let mut out = vec![0u8; self.hmac_algo.output_len];
                     match ctx.finish(&mut out) {
                         Ok(_) => out,
-                        Err(e) => {
-                            error!("MbedHmacContext::finalize {:?}", e);
+                        Err(_err) => {
+                            error!("MbedHmacContext::finalize {:?}", _err);
                             vec![]
                         }
                     }
                 }
-                Err(e) => {
-                    error!("MbedHmacContext::finalize {:?}", e);
+                Err(_err) => {
+                    error!("MbedHmacContext::finalize {:?}", _err);
                     vec![]
                 }
             },
@@ -88,12 +88,12 @@ impl MbedHmacContext {
         match self.state.lock().as_mut() {
             Ok(ctx) => match ctx.update(data) {
                 Ok(_) => {}
-                Err(e) => {
-                    error!("MbedHmacContext::update {:?}, input: {:?}", e, data);
+                Err(_err) => {
+                    error!("MbedHmacContext::update {:?}, input: {:?}", _err, data);
                 }
             },
-            Err(e) => {
-                error!("MbedHmacContext::update {:?}", e);
+            Err(_err) => {
+                error!("MbedHmacContext::update {:?}", _err);
             }
         }
     }

rustls-mbedcrypto-provider/src/mbedtls/kx.rs

@@ -1,5 +1,5 @@
 use super::agreement;
-use crate::crypto;
+#[cfg(feature = "logging")]
 use crate::log::error;
 use alloc::boxed::Box;
 use alloc::format;
@@ -11,14 +11,16 @@ use mbedtls::{
     ecp::EcPoint,
     pk::{EcGroup, Pk as PkMbed},
 };
-
+use rustls::crypto;
+use rustls::Error;
+use rustls::NamedGroup;
 /// A key-exchange group supported by *mbedtls*.
 ///
 /// All possible instances of this class are provided by the library in
 /// the `ALL_KX_GROUPS` array.
 struct KxGroup {
     /// The IANA "TLS Supported Groups" name of the group
-    name: crate::NamedGroup,
+    name: NamedGroup,
 
     /// The corresponding [`agreement::Algorithm`]
     agreement_algorithm: &'static agreement::Algorithm,
@@ -31,14 +33,14 @@ impl std::fmt::Debug for KxGroup {
 }
 
 impl SupportedKxGroup for KxGroup {
-    fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, crate::crypto::GetRandomFailed> {
+    fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::crypto::GetRandomFailed> {
         let mut pk = PkMbed::generate_ec(
-            &mut super::rng::rng_new().ok_or(crate::crypto::GetRandomFailed)?,
+            &mut super::rng::rng_new().ok_or(rustls::crypto::GetRandomFailed)?,
             self.agreement_algorithm.group_id,
         )
-        .map_err(|err| {
-            error!("Meet error when generating ec key, mbedtls error: {}", err);
-            crate::crypto::GetRandomFailed
+        .map_err(|_err| {
+            error!("Meet error when generating ec key, mbedtls error: {}", _err);
+            rustls::crypto::GetRandomFailed
         })?;
 
         fn get_key_pair(
@@ -60,47 +62,47 @@ impl SupportedKxGroup for KxGroup {
 
         match get_key_pair(&mut pk, self) {
             Ok(group) => Ok(Box::new(group)),
-            Err(err) => {
-                error!("Unexpected mbedtls error: {}", err);
-                Err(crate::crypto::GetRandomFailed)
+            Err(_err) => {
+                error!("Unexpected mbedtls error: {}", _err);
+                Err(rustls::crypto::GetRandomFailed)
             }
         }
     }
 
-    fn name(&self) -> crate::NamedGroup {
+    fn name(&self) -> NamedGroup {
         self.name
     }
 }
 
 /// Ephemeral ECDH on curve25519 (see RFC7748)
 pub static X25519: &dyn SupportedKxGroup = &KxGroup {
-    name: crate::NamedGroup::X25519,
+    name: NamedGroup::X25519,
     agreement_algorithm: &agreement::X25519,
 };
 
 /// Ephemeral ECDH on secp256r1 (aka NIST-P256)
 pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup {
-    name: crate::NamedGroup::secp256r1,
+    name: NamedGroup::secp256r1,
     agreement_algorithm: &agreement::ECDH_P256,
 };
 
 /// Ephemeral ECDH on secp384r1 (aka NIST-P384)
 pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup {
-    name: crate::NamedGroup::secp384r1,
+    name: NamedGroup::secp384r1,
     agreement_algorithm: &agreement::ECDH_P384,
 };
 
 /// Ephemeral ECDH on secp521r1 (aka NIST-P521)
 pub static SECP521R1: &dyn SupportedKxGroup = &KxGroup {
-    name: crate::NamedGroup::secp521r1,
+    name: NamedGroup::secp521r1,
     agreement_algorithm: &agreement::ECDH_P521,
 };
 
 /// A list of all the key exchange groups supported by mbedtls.
 pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP384R1, SECP521R1];
 
 struct KeyExchange {
-    name: crate::NamedGroup,
+    name: NamedGroup,
     /// The corresponding [`agreement::Algorithm`]
     agreement_algorithm: &'static agreement::Algorithm,
     /// Binary format [`Mpi`]
@@ -113,47 +115,47 @@ impl crypto::ActiveKeyExchange for KeyExchange {
     fn complete(
         self: Box<KeyExchange>,
         peer_public_key: &[u8],
-    ) -> Result<crypto::SharedSecret, crate::Error> {
+    ) -> Result<crypto::SharedSecret, Error> {
         // Get private key from self data
         let group_id = self.agreement_algorithm.group_id;
-        let ec_group = EcGroup::new(group_id).map_err(|err| {
-            crate::Error::General(format!(
+        let ec_group = EcGroup::new(group_id).map_err(|_err| {
+            Error::General(format!(
                 "Failed to create {:?} EcGroup, mbedtls error: {}",
-                group_id, err
+                group_id, _err
             ))
         })?;
-        let private_key = Mpi::from_binary(&self.priv_key).map_err(|err| {
-            crate::Error::General(format!(
+        let private_key = Mpi::from_binary(&self.priv_key).map_err(|_err| {
+            Error::General(format!(
                 "Failed to create {:?} Mpi from private key binary, mbedtls error: {}",
-                group_id, err
+                group_id, _err
             ))
         })?;
 
         let mut sk =
-            PkMbed::private_from_ec_components(ec_group.clone(), private_key).map_err(|err| {
-                crate::Error::General(format!(
+            PkMbed::private_from_ec_components(ec_group.clone(), private_key).map_err(|_err| {
+                Error::General(format!(
                     "Failed to create {:?} Pk from private Mpi, mbedtls error: {}",
-                    group_id, err
+                    group_id, _err
                 ))
             })?;
         if peer_public_key.len() != self.agreement_algorithm.public_key_len {
-            return Err(crate::Error::General(format!(
+            return Err(Error::General(format!(
                 "Failed to validate {:?} comping peer public key, invalid length",
                 group_id
             )));
         }
-        let public_point = EcPoint::from_binary_no_compress(&ec_group, &peer_public_key).map_err(|err| {
-        // let public_point = EcPoint::from_binary(&ec_group, &peer_public_key).map_err(|err| {
-            crate::Error::General(format!(
+        let public_point = EcPoint::from_binary_no_compress(&ec_group, &peer_public_key).map_err(|_err| {
+        // let public_point = EcPoint::from_binary(&ec_group, &peer_public_key).map_err(|_err| {
+            Error::General(format!(
                 "Failed to create {:?} EcPoint from comping peer public key, mbedtls error: {:?}, {}",
-                group_id, err, peer_public_key.len()
+                group_id,_err, peer_public_key.len()
             ))
         })?;
         let peer_pk =
-            PkMbed::public_from_ec_components(ec_group.clone(), public_point).map_err(|err| {
-                crate::Error::General(format!(
+            PkMbed::public_from_ec_components(ec_group.clone(), public_point).map_err(|_err| {
+                Error::General(format!(
                     "Failed to create Pk from EcPoint, mbedtls error: {:?}",
-                    err
+                    _err
                 ))
             })?;
 
@@ -166,12 +168,12 @@ impl crypto::ActiveKeyExchange for KeyExchange {
             .agree(
                 &peer_pk,
                 &mut shared_secret,
-                &mut super::rng::rng_new().ok_or(crate::crypto::GetRandomFailed)?,
+                &mut super::rng::rng_new().ok_or(rustls::crypto::GetRandomFailed)?,
             )
-            .map_err(|err| {
-                crate::Error::General(format!(
+            .map_err(|_err| {
+                Error::General(format!(
                     "Failed to make agreement, mbedtls error: {:?}",
-                    err
+                    _err
                 ))
             })?;
         Ok(crypto::SharedSecret::from(&shared_secret[..len]))
@@ -181,7 +183,7 @@ impl crypto::ActiveKeyExchange for KeyExchange {
         &self.pub_key
     }
 
-    fn group(&self) -> crate::NamedGroup {
+    fn group(&self) -> NamedGroup {
         self.name
     }
 }

rustls-mbedcrypto-provider/src/mbedtls/mod.rs

@@ -35,24 +35,24 @@ pub mod rng {
 /// A `CryptoProvider` backed by the [*mbedtls*] crate.
 ///
 /// [*ring*]: https://github.com/fortanix/rust-mbedtls
-pub static MBEDTLS: &'static dyn crate::crypto::CryptoProvider = &Mbedtls;
+pub static MBEDTLS: &'static dyn rustls::crypto::CryptoProvider = &Mbedtls;
 
 #[derive(Debug)]
 struct Mbedtls;
 
-impl crate::crypto::CryptoProvider for Mbedtls {
-    fn fill_random(&self, bytes: &mut [u8]) -> Result<(), crate::crypto::GetRandomFailed> {
+impl rustls::crypto::CryptoProvider for Mbedtls {
+    fn fill_random(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
         rng::rng_new()
-            .ok_or(crate::crypto::GetRandomFailed)?
+            .ok_or(rustls::crypto::GetRandomFailed)?
             .random(bytes)
-            .map_err(|_| crate::crypto::GetRandomFailed)
+            .map_err(|_| rustls::crypto::GetRandomFailed)
     }
 
-    fn default_cipher_suites(&self) -> &'static [crate::SupportedCipherSuite] {
+    fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] {
         ALL_CIPHER_SUITES
     }
 
-    fn default_kx_groups(&self) -> &'static [&'static dyn crate::crypto::SupportedKxGroup] {
+    fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] {
         ALL_KX_GROUPS
     }
 }
@@ -61,10 +61,10 @@ impl crate::crypto::CryptoProvider for Mbedtls {
 ///
 /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that
 /// shouldn't be enabled by most applications.
-pub static DEFAULT_CIPHER_SUITES: &[crate::SupportedCipherSuite] = ALL_CIPHER_SUITES;
+pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = ALL_CIPHER_SUITES;
 
 /// A list of all the cipher suites supported by the rustls *mbedtls* provider.
-pub static ALL_CIPHER_SUITES: &[crate::SupportedCipherSuite] = &[
+pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[
     // TLS1.3 suites
     tls13::TLS13_AES_256_GCM_SHA384,
     tls13::TLS13_AES_128_GCM_SHA256,
@@ -95,3 +95,4 @@ pub mod kx_group {
 }
 
 pub use kx::ALL_KX_GROUPS;
+use rustls::SupportedCipherSuite;