mesalink: patch rustls to enable customized builds

Cargo.toml

@@ -17,10 +17,20 @@ ring = { version = "0.13.2", features = ["rsa_signing"] }
 webpki = "0.18.1"
 sct = "0.4"
 
+[patch.crates-io]
+webpki = { git = "https://github.com/mesalock-linux/webpki", branch = "develop", default-features = true }
+sct = { git = "https://github.com/mesalock-linux/sct.rs", branch = "develop", default-features = false }
+
 [features]
-default = ["logging"]
+default=["logging", "aesgcm", "chachapoly", "tls13", "x25519", "ecdh", "ecdsa"]
 logging = ["log"]
 dangerous_configuration = []
+aesgcm = []
+chachapoly = []
+tls13 = []
+x25519 = []
+ecdh = []
+ecdsa = ["sct/ecdsa"]
 quic = []
 
 [dev-dependencies]
@@ -35,6 +45,11 @@ ct-logs = "0.4"
 regex = "1.0"
 vecio = "0.1"
 
+[profile.release]
+opt-level = "z"
+lto = true
+panic = "abort"
+
 [[example]]
 name = "bogo_shim"
 path = "examples/internal/bogo_shim.rs"

src/cipher.rs

@@ -88,6 +88,7 @@ pub fn new_tls12(scs: &'static SupportedCipherSuite,
     let aead_alg = scs.get_aead_alg();
 
     match scs.bulk {
+        #[cfg(feature = "aesgcm")]
         BulkAlgorithm::AES_128_GCM |
         BulkAlgorithm::AES_256_GCM => {
             (Box::new(GCMMessageDecrypter::new(aead_alg,
@@ -98,7 +99,7 @@ pub fn new_tls12(scs: &'static SupportedCipherSuite,
                                                write_iv,
                                                explicit_nonce_offs)))
         }
-
+        #[cfg(feature = "chachapoly")]
         BulkAlgorithm::CHACHA20_POLY1305 => {
             (Box::new(ChaCha20Poly1305MessageDecrypter::new(aead_alg,
                                                             read_key,
@@ -110,6 +111,7 @@ pub fn new_tls12(scs: &'static SupportedCipherSuite,
     }
 }
 
+#[cfg(feature = "tls13")]
 pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
                       secret: &[u8]) -> Box<MessageDecrypter> {
     let hash = scs.get_hash();
@@ -120,6 +122,7 @@ pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
     Box::new(TLS13MessageDecrypter::new(aead_alg, &key, &iv))
 }
 
+#[cfg(feature = "tls13")]
 pub fn new_tls13_write(scs: &'static SupportedCipherSuite,
                        secret: &[u8]) -> Box<MessageEncrypter> {
     let hash = scs.get_hash();
@@ -131,6 +134,7 @@ pub fn new_tls13_write(scs: &'static SupportedCipherSuite,
 }
 
 /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only.
+#[cfg(feature = "aesgcm")]
 pub struct GCMMessageEncrypter {
     alg: &'static ring::aead::Algorithm,
     enc_key: ring::aead::SealingKey,
@@ -139,14 +143,18 @@ pub struct GCMMessageEncrypter {
 }
 
 /// A `MessageDecrypter` for AES-GCM AEAD ciphersuites.  TLS1.2 only.
+#[cfg(feature = "aesgcm")]
 pub struct GCMMessageDecrypter {
     dec_key: ring::aead::OpeningKey,
     dec_salt: [u8; 4],
 }
 
+#[cfg(feature = "aesgcm")]
 const GCM_EXPLICIT_NONCE_LEN: usize = 8;
+#[cfg(feature = "aesgcm")]
 const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16;
 
+#[cfg(feature = "aesgcm")]
 impl MessageDecrypter for GCMMessageDecrypter {
     fn decrypt(&self, mut msg: Message, seq: u64) -> Result<Message, TLSError> {
         let payload = msg.take_opaque_payload()
@@ -186,6 +194,7 @@ impl MessageDecrypter for GCMMessageDecrypter {
     }
 }
 
+#[cfg(feature = "aesgcm")]
 impl MessageEncrypter for GCMMessageEncrypter {
     fn encrypt(&self, msg: BorrowMessage, seq: u64) -> Result<Message, TLSError> {
         // The GCM nonce is constructed from a 32-bit 'salt' derived
@@ -223,6 +232,7 @@ impl MessageEncrypter for GCMMessageEncrypter {
     }
 }
 
+#[cfg(feature = "aesgcm")]
 impl GCMMessageEncrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            enc_key: &[u8],
@@ -245,6 +255,7 @@ impl GCMMessageEncrypter {
     }
 }
 
+#[cfg(feature = "aesgcm")]
 impl GCMMessageDecrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            dec_key: &[u8],
@@ -260,18 +271,21 @@ impl GCMMessageDecrypter {
     }
 }
 
+#[cfg(feature = "tls13")]
 struct TLS13MessageEncrypter {
     alg: &'static ring::aead::Algorithm,
     enc_key: ring::aead::SealingKey,
     enc_offset: [u8; 12],
 }
 
+#[cfg(feature = "tls13")]
 struct TLS13MessageDecrypter {
     alg: &'static ring::aead::Algorithm,
     dec_key: ring::aead::OpeningKey,
     dec_offset: [u8; 12],
 }
 
+#[cfg(feature = "tls13")]
 fn unpad_tls13(v: &mut Vec<u8>) -> ContentType {
     loop {
         match v.pop() {
@@ -284,6 +298,7 @@ fn unpad_tls13(v: &mut Vec<u8>) -> ContentType {
     }
 }
 
+#[cfg(feature = "tls13")]
 const TLS13_AAD_SIZE: usize = 1 + 2 + 2;
 fn make_tls13_aad(len: usize, out: &mut [u8]) {
     out[0] = 0x17; // ContentType::ApplicationData
@@ -293,6 +308,7 @@ fn make_tls13_aad(len: usize, out: &mut [u8]) {
     out[4] = len as u8;
 }
 
+#[cfg(feature = "tls13")]
 impl MessageEncrypter for TLS13MessageEncrypter {
     fn encrypt(&self, msg: BorrowMessage, seq: u64) -> Result<Message, TLSError> {
         let mut nonce = [0u8; 12];
@@ -320,6 +336,7 @@ impl MessageEncrypter for TLS13MessageEncrypter {
     }
 }
 
+#[cfg(feature = "tls13")]
 impl MessageDecrypter for TLS13MessageDecrypter {
     fn decrypt(&self, mut msg: Message, seq: u64) -> Result<Message, TLSError> {
         let mut nonce = [0u8; 12];
@@ -364,6 +381,7 @@ impl MessageDecrypter for TLS13MessageDecrypter {
     }
 }
 
+#[cfg(feature = "tls13")]
 impl TLS13MessageEncrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            enc_key: &[u8],
@@ -379,6 +397,7 @@ impl TLS13MessageEncrypter {
     }
 }
 
+#[cfg(feature = "tls13")]
 impl TLS13MessageDecrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            dec_key: &[u8],
@@ -397,6 +416,7 @@ impl TLS13MessageDecrypter {
 /// The RFC7905/RFC7539 ChaCha20Poly1305 construction.
 /// This implementation does the AAD construction required in TLS1.2.
 /// TLS1.3 uses `TLS13MessageEncrypter`.
+#[cfg(feature = "chachapoly")]
 pub struct ChaCha20Poly1305MessageEncrypter {
     alg: &'static ring::aead::Algorithm,
     enc_key: ring::aead::SealingKey,
@@ -406,11 +426,13 @@ pub struct ChaCha20Poly1305MessageEncrypter {
 /// The RFC7905/RFC7539 ChaCha20Poly1305 construction.
 /// This implementation does the AAD construction required in TLS1.2.
 /// TLS1.3 uses `TLS13MessageDecrypter`.
+#[cfg(feature = "chachapoly")]
 pub struct ChaCha20Poly1305MessageDecrypter {
     dec_key: ring::aead::OpeningKey,
     dec_offset: [u8; 12],
 }
 
+#[cfg(feature = "chachapoly")]
 impl ChaCha20Poly1305MessageEncrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            enc_key: &[u8],
@@ -426,6 +448,7 @@ impl ChaCha20Poly1305MessageEncrypter {
     }
 }
 
+#[cfg(feature = "chachapoly")]
 impl ChaCha20Poly1305MessageDecrypter {
     fn new(alg: &'static ring::aead::Algorithm,
            dec_key: &[u8],
@@ -440,8 +463,10 @@ impl ChaCha20Poly1305MessageDecrypter {
     }
 }
 
+#[cfg(feature = "chachapoly")]
 const CHACHAPOLY1305_OVERHEAD: usize = 16;
 
+#[cfg(feature = "chachapoly")]
 impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter {
     fn decrypt(&self, mut msg: Message, seq: u64) -> Result<Message, TLSError> {
         let payload = msg.take_opaque_payload()
@@ -478,6 +503,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter {
     }
 }
 
+#[cfg(feature = "chachapoly")]
 impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
     fn encrypt(&self, msg: BorrowMessage, seq: u64) -> Result<Message, TLSError> {
         let mut nonce = [0u8; 12];

src/client/common.rs

@@ -29,6 +29,7 @@ impl ServerCertDetails {
         }
     }
 
+    #[cfg(feature = "tls13")]
     pub fn take_chain(&mut self) -> CertificatePayload {
         mem::replace(&mut self.cert_chain, Vec::new())
     }
@@ -99,6 +100,7 @@ impl ClientHelloDetails {
             .map(|idx| self.offered_key_shares.remove(idx))
     }
 
+    #[cfg(feature = "tls13")]
     pub fn find_key_share_and_discard_others(&mut self, group: NamedGroup)
             -> Option<suites::KeyExchange> {
         match self.find_key_share(group) {