Fix the build artefacts for RiscV; implement alignment checker

ivmarkov · ivmarkov · commit 3236df0ff341 · 2024-11-19T12:06:05.000Z
diff --git a/.cargo/config.toml b/.cargo/config.toml
@@ -4,8 +4,9 @@
 # Build on target firmware with ESP IDF
 #target = "xtensa-esp32s3-espidf"
 # Build on target firmware with baremetal
-target = "xtensa-esp32s3-none-elf"
+#target = "xtensa-esp32s3-none-elf"
 #target = "xtensa-esp32-none-elf"
+target = "riscv32imc-unknown-none-elf"
 
 [target.xtensa-esp32-none-elf]
 runner = "espflash flash --monitor --baud 921600"
diff --git a/esp-mbedtls-sys/build.rs b/esp-mbedtls-sys/build.rs
@@ -29,7 +29,7 @@ fn main() -> Result<()> {
     let dirs = if esp32 {
         Some((bindings_dir.join("esp32.rs"), libs_dir.join("xtensa-esp32-none-elf")))
     } else if esp32c3 {
-        Some((bindings_dir.join("esp32c3.rs"), libs_dir.join("xtensa-esp32c3-none-elf")))
+        Some((bindings_dir.join("esp32c3.rs"), libs_dir.join("riscv32imc-unknown-none-elf")))
     } else if esp32s2 {
         Some((bindings_dir.join("esp32s2.rs"), libs_dir.join("xtensa-esp32s2-none-elf")))
     } else if esp32s3 {
diff --git a/esp-mbedtls-sys/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a b/esp-mbedtls-sys/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a
diff --git a/esp-mbedtls-sys/libs/xtensa-esp32s3-none-elf/libmbedtls.a b/esp-mbedtls-sys/libs/xtensa-esp32s3-none-elf/libmbedtls.a
diff --git a/esp-mbedtls-sys/src/include/esp32s3.rs b/esp-mbedtls-sys/src/include/esp32s3.rs
@@ -19748,8 +19748,6 @@ pub struct mbedtls_ssl_config {
     pub private_encrypt_then_mac: u8,
     ///< negotiate extended master secret?
     pub private_extended_ms: u8,
-    ///< detect and prevent replay?
-    pub private_anti_replay: u8,
     ///< disable renegotiation?
     pub private_disable_renegotiation: u8,
     ///< use session tickets?
@@ -20065,10 +20063,6 @@ pub struct mbedtls_ssl_context {
     ///< offset of the next record in datagram
     ///(equal to in_left if none)
     pub private_next_record_offset: usize,
-    ///< last validated record seq_num
-    pub private_in_window_top: u64,
-    ///< bitmask for replay detection
-    pub private_in_window: u64,
     ///< current handshake message length,
     ///including the handshake header
     pub private_in_hslen: usize,
@@ -20924,25 +20918,6 @@ extern "C" {
         ilen: usize,
     ) -> crate::c_types::c_int;
 }
-extern "C" {
-    /// \brief          Enable or disable anti-replay protection for DTLS.
-    ///                 (DTLS only, no effect on TLS.)
-    ///                 Default: enabled.
-    ///
-    /// \param conf     SSL configuration
-    /// \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
-    ///
-    /// \warning        Disabling this is a security risk unless the application
-    ///                 protocol handles duplicated packets in a safe way. You
-    ///                 should not disable this without careful consideration.
-    ///                 However, if your application already detects duplicated
-    ///                 packets and needs information about them to adjust its
-    ///                 transmission strategy, then you'll want to disable this.
-    pub fn mbedtls_ssl_conf_dtls_anti_replay(
-        conf: *mut mbedtls_ssl_config,
-        mode: crate::c_types::c_char,
-    );
-}
 extern "C" {
     /// \brief          Set a limit on the number of records with a bad MAC
     ///                 before terminating the connection.
diff --git a/esp-mbedtls/src/esp_hal/sha/sha1.rs b/esp-mbedtls/src/esp_hal/sha/sha1.rs
@@ -15,7 +15,7 @@ pub struct mbedtls_sha1_context {
 #[no_mangle]
 pub unsafe extern "C" fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context) {
     let hasher_mem =
-        crate::calloc(1, core::mem::size_of::<Context<Sha1>>()) as *mut Context<Sha1>;
+        crate::aligned_calloc(core::mem::align_of::<Context<Sha1>>(), core::mem::size_of::<Context<Sha1>>()) as *mut Context<Sha1>;
     core::ptr::write(hasher_mem, Context::<Sha1>::new());
     (*ctx).hasher = hasher_mem;
 }
diff --git a/esp-mbedtls/src/esp_hal/sha/sha256.rs b/esp-mbedtls/src/esp_hal/sha/sha256.rs
@@ -17,9 +17,9 @@ pub struct mbedtls_sha256_context {
 #[no_mangle]
 pub unsafe extern "C" fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context) {
     let sha224_mem =
-        crate::calloc(1, core::mem::size_of::<Context<Sha224>>()) as *mut Context<Sha224>;
+        crate::aligned_calloc(core::mem::align_of::<Context<Sha224>>(), core::mem::size_of::<Context<Sha224>>()) as *mut Context<Sha224>;
     let sha256_mem =
-        crate::calloc(1, core::mem::size_of::<Context<Sha256>>()) as *mut Context<Sha256>;
+        crate::aligned_calloc(core::mem::align_of::<Context<Sha256>>(), core::mem::size_of::<Context<Sha256>>()) as *mut Context<Sha256>;
     (*ctx).sha224_hasher = sha224_mem;
     (*ctx).sha256_hasher = sha256_mem;
 }
diff --git a/esp-mbedtls/src/esp_hal/sha/sha512.rs b/esp-mbedtls/src/esp_hal/sha/sha512.rs
@@ -17,9 +17,9 @@ pub struct mbedtls_sha512_context {
 #[no_mangle]
 pub unsafe extern "C" fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context) {
     let sha384_mem =
-        crate::calloc(1, core::mem::size_of::<Context<Sha384>>()) as *mut Context<Sha384>;
+        crate::aligned_calloc(core::mem::align_of::<Context<Sha384>>(), core::mem::size_of::<Context<Sha384>>()) as *mut Context<Sha384>;
     let sha512_mem =
-        crate::calloc(1, core::mem::size_of::<Context<Sha512>>()) as *mut Context<Sha512>;
+        crate::aligned_calloc(core::mem::align_of::<Context<Sha512>>(), core::mem::size_of::<Context<Sha512>>()) as *mut Context<Sha512>;
     (*ctx).sha384_hasher = sha384_mem;
     (*ctx).sha512_hasher = sha512_mem;
 }
diff --git a/esp-mbedtls/src/lib.rs b/esp-mbedtls/src/lib.rs
@@ -32,6 +32,14 @@ pub mod io {
     pub use embedded_io::*;
 }
 
+unsafe fn aligned_calloc(align: usize, size: usize) -> *const c_void {
+    // if align > 4 {
+    //     panic!("Cannot allocate with alignment > 4 bytes: {align}");
+    // }
+
+    calloc(1, size)
+}
+
 // Baremetal: these will come from `esp-wifi` (i.e. this can only be used together with esp-wifi)
 // STD: these will come from `libc` indirectly via the Rust standard library
 extern "C" {
@@ -323,28 +331,28 @@ impl<'a> Certificates<'a> {
         unsafe {
             error_checked!(psa_crypto_init())?;
 
-            let drbg_context = calloc(1, size_of::<mbedtls_ctr_drbg_context>())
+            let drbg_context = aligned_calloc(align_of::<mbedtls_ctr_drbg_context>(), size_of::<mbedtls_ctr_drbg_context>())
                 as *mut mbedtls_ctr_drbg_context;
             if drbg_context.is_null() {
                 return Err(TlsError::OutOfMemory);
             }
 
             let ssl_context =
-                calloc(1, size_of::<mbedtls_ssl_context>()) as *mut mbedtls_ssl_context;
+                aligned_calloc(align_of::<mbedtls_ssl_context>(), size_of::<mbedtls_ssl_context>()) as *mut mbedtls_ssl_context;
             if ssl_context.is_null() {
                 free(drbg_context as *const _);
                 return Err(TlsError::OutOfMemory);
             }
 
             let ssl_config =
-                calloc(1, size_of::<mbedtls_ssl_config>()) as *mut mbedtls_ssl_config;
+                aligned_calloc(align_of::<mbedtls_ssl_config>(), size_of::<mbedtls_ssl_config>()) as *mut mbedtls_ssl_config;
             if ssl_config.is_null() {
                 free(drbg_context as *const _);
                 free(ssl_context as *const _);
                 return Err(TlsError::OutOfMemory);
             }
 
-            let crt = calloc(1, size_of::<mbedtls_x509_crt>()) as *mut mbedtls_x509_crt;
+            let crt = aligned_calloc(align_of::<mbedtls_x509_crt>(), size_of::<mbedtls_x509_crt>()) as *mut mbedtls_x509_crt;
             if crt.is_null() {
                 free(drbg_context as *const _);
                 free(ssl_context as *const _);
@@ -353,7 +361,7 @@ impl<'a> Certificates<'a> {
             }
 
             let certificate =
-                calloc(1, size_of::<mbedtls_x509_crt>()) as *mut mbedtls_x509_crt;
+                aligned_calloc(align_of::<mbedtls_x509_crt>(), size_of::<mbedtls_x509_crt>()) as *mut mbedtls_x509_crt;
             if certificate.is_null() {
                 free(drbg_context as *const _);
                 free(ssl_context as *const _);
@@ -363,7 +371,7 @@ impl<'a> Certificates<'a> {
             }
 
             let private_key =
-                calloc(1, size_of::<mbedtls_pk_context>()) as *mut mbedtls_pk_context;
+                aligned_calloc(align_of::<mbedtls_pk_context>(), size_of::<mbedtls_pk_context>()) as *mut mbedtls_pk_context;
             if private_key.is_null() {
                 free(drbg_context as *const _);
                 free(ssl_context as *const _);
@@ -930,7 +938,7 @@ pub mod asynch {
 
     #[cfg(feature = "edge-nal")]
     pub use super::edge_nal::*;
-    
+
     /// An async TLS session over a stream represented by `embedded-io-async`'s `Read` and `Write` traits.
     pub struct Session<'a, T> {
         pub(crate) stream: T,

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ pub struct mbedtls_sha1_context {`
`15`	`15`	`#[no_mangle]`
`16`	`16`	`pub unsafe extern "C" fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context) {`
`17`	`17`	`let hasher_mem =`
`18`		`- crate::calloc(1, core::mem::size_of::<Context<Sha1>>()) as *mut Context<Sha1>;`
	`18`	`+ crate::aligned_calloc(core::mem::align_of::<Context<Sha1>>(), core::mem::size_of::<Context<Sha1>>()) as *mut Context<Sha1>;`
`19`	`19`	`core::ptr::write(hasher_mem, Context::<Sha1>::new());`
`20`	`20`	`(*ctx).hasher = hasher_mem;`
`21`	`21`	`}`