Porting combined errors from mbedtls changes (#372)

Due to downgrade back to v2.28 (from ~3.X), the enhancement in PR #271 was lost in the mbedtls 2.8 branch being used. we need to port these combined errors from mbedtls changes back to the mbedtls 2.8 branch and build with the latest upgrade in rust toolchain version to apply the enhancement. This PR ports said changes to a latest branch forked from mbedtls master and builds the same on latest rustc 1.83.0-nightly (26d8e9255 2024-10-11) version.
fortanix · Nov 14, 2024 · 9b0dbdb · 9b0dbdb
1 parent 0e5891d
commit 9b0dbdb
Show file tree

Hide file tree

Showing 27 changed files with 586 additions and 450 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/mbedtls/Cargo.toml b/mbedtls/Cargo.toml
@@ -2,7 +2,7 @@
 name = "mbedtls"
 # We jumped from v0.9 to v0.12 because v0.10 and v0.11 were based on mbedtls 3.X, which
 # we decided not to support.
-version = "0.12.3"
+version = "0.13.0"
 authors = ["Jethro Beekman <[email protected]>"]
 build = "build.rs"
 edition = "2018"
@@ -24,8 +24,8 @@ features = ["x509", "ssl"]
 
 [dependencies]
 bitflags = "1"
-serde = { version = "1.0.7", default-features = false, features = ["alloc"] }
-serde_derive = "1.0.7"
+serde = { version = "1.0.214", default-features = false, features = ["alloc"] }
+serde_derive = "1.0.214"
 byteorder = { version = "1.0.0", default-features = false }
 yasna = { version = "0.2", optional = true, features = [
     "num-bigint",

diff --git a/mbedtls/src/bignum/mod.rs b/mbedtls/src/bignum/mod.rs
@@ -6,7 +6,8 @@
  * option. This file may not be copied, modified, or distributed except
  * according to those terms. */
 
-use crate::error::{Error, IntoResult, Result};
+use crate::error::Error;
+use crate::error::{codes, IntoResult, Result};
 use mbedtls_sys::*;
 
 #[cfg(not(feature = "std"))]
@@ -161,7 +162,7 @@ impl Mpi {
     pub fn as_u32(&self) -> Result<u32> {
         if self.bit_length()? > 32 {
             // Not exactly correct but close enough
-            return Err(Error::MpiBufferTooSmall);
+            return Err(codes::MpiBufferTooSmall.into());
         }
 
         Ok(self.get_limb(0) as u32)
@@ -183,7 +184,7 @@ impl Mpi {
         let r = unsafe { mpi_write_string(&self.inner, radix, ::core::ptr::null_mut(), 0, &mut olen) };
 
         if r != ERR_MPI_BUFFER_TOO_SMALL {
-            return Err(Error::from_mbedtls_code(r));
+            return Err(r.into());
         }
 
         let mut buf = vec![0u8; olen];
@@ -264,7 +265,7 @@ impl Mpi {
         let zero = Mpi::new(0)?;
 
         if self < &zero || self >= p {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
         if self == &zero {
             return Ok(zero);
@@ -273,12 +274,12 @@ impl Mpi {
         // This ignores p=2 (for which this algorithm is valid), as not
         // cryptographically interesting.
         if p.get_bit(0) == false || p <= &zero {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         if self.jacobi(p)? != 1 {
             // a is not a quadratic residue mod p
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         if (p % 4)?.as_u32()? == 3 {
@@ -325,7 +326,7 @@ impl Mpi {
                 bo = bo.mod_exp(&two, p)?;
                 m += 1;
                 if m >= r {
-                    return Err(Error::MpiBadInputData);
+                    return Err(codes::MpiBadInputData.into());
                 }
             }
 
@@ -358,7 +359,7 @@ impl Mpi {
         let one = Mpi::new(1)?;
 
         if self < &zero || n < &zero || n.get_bit(0) == false {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         let mut x = self.modulo(n)?;
@@ -431,7 +432,7 @@ impl Mpi {
 pub(super) fn mpi_inner_eq_const_time(x: &mpi, y: &mpi) -> core::prelude::v1::Result<bool, Error> {
     match mpi_inner_cmp_const_time(x, y) {
         Ok(order) => Ok(order == Ordering::Equal),
-        Err(Error::MpiBadInputData) => Ok(false),
+        Err(e) if e == codes::MpiBadInputData.into() => Ok(false),
         Err(e) => Err(e),
     }
 }
@@ -779,7 +780,7 @@ mod tests {
         ])
         .unwrap();
         assert_eq!(mpi3.less_than_const_time(&mpi3), Ok(false));
-        assert_eq!(mpi2.less_than_const_time(&mpi3), Err(Error::MpiBadInputData));
+        assert_eq!(mpi2.less_than_const_time(&mpi3), Err(codes::MpiBadInputData.into()));
     }
 
     #[test]