wip: super clumsy fixes for no-std build

Slapping `cfg` gates all over the place as a stopgap fix. Fixing
properly will require some reworking that will be done along other
required changes.

Author: cpu

rustls/src/client/builder.rs

@@ -164,7 +164,9 @@ impl ConfigBuilder<ClientConfig, WantsClientCert> {
             #[cfg(feature = "tls12")]
             require_ems: cfg!(feature = "fips"),
             time_provider: self.state.time_provider,
+            #[cfg(feature = "std")]
             grease_ech_hpke_provider: None,
+            #[cfg(feature = "std")]
             ech_config: None,
         }
     }

rustls/src/client/client_conn.rs

@@ -1,4 +1,5 @@
 use alloc::sync::Arc;
+#[cfg(feature = "std")]
 use alloc::vec;
 use alloc::vec::Vec;
 use core::marker::PhantomData;
@@ -10,18 +11,25 @@ use pki_types::{ServerName, UnixTime};
 use super::handy::NoClientSessionStorage;
 use super::hs;
 use crate::builder::ConfigBuilder;
+#[cfg(feature = "std")]
 use crate::client::ech::EchState;
 use crate::common_state::{CommonState, Protocol, Side};
 use crate::conn::{ConnectionCore, UnbufferedConnectionCommon};
+#[cfg(feature = "std")]
 use crate::crypto::hpke::{HpkeProvider, HpkeSuite};
 use crate::crypto::{CryptoProvider, SupportedKxGroup};
 use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme};
 use crate::error::Error;
 #[cfg(feature = "logging")]
 use crate::log::trace;
+#[cfg(feature = "std")]
 use crate::msgs::codec::{Codec, Reader};
-use crate::msgs::enums::{EchVersion, NamedGroup};
-use crate::msgs::handshake::{ClientExtension, EchConfig as EchConfigMsg};
+#[cfg(feature = "std")]
+use crate::msgs::enums::EchVersion;
+use crate::msgs::enums::NamedGroup;
+use crate::msgs::handshake::ClientExtension;
+#[cfg(feature = "std")]
+use crate::msgs::handshake::EchConfig as EchConfigMsg;
 use crate::msgs::persist;
 use crate::suites::SupportedCipherSuite;
 #[cfg(feature = "std")]
@@ -209,8 +217,10 @@ pub struct ClientConfig {
 
     /// Provides the current system time
     pub time_provider: Arc<dyn TimeProvider>,
+
     /// When an HPKE provider is configured and no `ech_config` is provided, a GREASE
     /// ECH extension will be offered when negotiating TLS 1.3.
+    #[cfg(feature = "std")]
     pub grease_ech_hpke_provider: Option<&'static dyn HpkeProvider>,
 
     /// Source of randomness and other crypto.
@@ -224,6 +234,7 @@ pub struct ClientConfig {
     pub(super) verifier: Arc<dyn verify::ServerCertVerifier>,
 
     /// How to offer Encrypted Client Hello (ECH). The default is to not offer ECH.
+    #[cfg(feature = "std")]
     pub(super) ech_config: Option<EchConfig>,
 }
 
@@ -344,6 +355,7 @@ impl ClientConfig {
     ///
     /// If the client configuration has enabled TLS 1.2, this function will return an error. ECH
     /// may only be used with TLS 1.3+.
+    #[cfg(feature = "std")]
     pub fn enable_ech(&mut self, config: EchConfig) -> Result<(), Error> {
         if self
             .versions
@@ -418,7 +430,9 @@ impl Clone for ClientConfig {
             #[cfg(feature = "tls12")]
             require_ems: self.require_ems,
             time_provider: Arc::clone(&self.time_provider),
+            #[cfg(feature = "std")]
             grease_ech_hpke_provider: self.grease_ech_hpke_provider,
+            #[cfg(feature = "std")]
             ech_config: self.ech_config.clone(),
         }
     }
@@ -510,6 +524,7 @@ pub enum Tls12Resumption {
 ///
 /// Note: differs from the protocol-encoded EchConfig (`EchConfigMsg`).
 #[derive(Clone, Debug)]
+#[cfg(feature = "std")]
 pub struct EchConfig {
     /// The provider to use for HPKE operations.
     pub(crate) hpke_provider: &'static dyn HpkeProvider,
@@ -521,6 +536,7 @@ pub struct EchConfig {
     pub(crate) suite: HpkeSuite,
 }
 
+#[cfg(feature = "std")]
 impl EchConfig {
     /// Construct an EchConfig by selecting a ECH config from the provided bytes that is compatible
     /// with the given HPKE provider.

rustls/src/client/ech.rs

@@ -5,6 +5,7 @@ use alloc::vec::Vec;
 use pki_types::{DnsName, ServerName};
 use subtle::ConstantTimeEq;
 
+#[cfg(feature = "std")]
 use crate::client::EchConfig;
 use crate::crypto::hash::Hash;
 use crate::crypto::hpke::{EncapsulatedSecret, HpkeProvider, HpkePublicKey, HpkeSealer, HpkeSuite};

rustls/src/client/hs.rs

@@ -15,6 +15,7 @@ use crate::bs_debug;
 use crate::check::inappropriate_handshake_message;
 use crate::client::client_conn::ClientConnectionData;
 use crate::client::common::ClientHelloDetails;
+#[cfg(feature = "std")]
 use crate::client::ech::EchState;
 use crate::client::{tls13, ClientConfig};
 use crate::common_state::{CommonState, State};
@@ -146,6 +147,7 @@ pub(super) fn start_handshake(
     let random = Random::new(config.provider.secure_random)?;
     let extension_order_seed = crate::rand::random_u16(config.provider.secure_random)?;
 
+    #[cfg(feature = "std")]
     let ech_context = match config.ech_config.as_ref() {
         Some(ech_config) => Some(EchState::new(
             ech_config,
@@ -176,6 +178,7 @@ pub(super) fn start_handshake(
             server_name,
         },
         cx,
+        #[cfg(feature = "std")]
         ech_context,
     )
 }
@@ -186,6 +189,7 @@ struct ExpectServerHello {
     early_key_schedule: Option<KeyScheduleEarly>,
     offered_key_share: Option<Box<dyn ActiveKeyExchange>>,
     suite: Option<SupportedCipherSuite>,
+    #[cfg(feature = "std")]
     ech_context: Option<EchState>,
 }
 
@@ -214,7 +218,7 @@ fn emit_client_hello_for_retry(
     suite: Option<SupportedCipherSuite>,
     mut input: ClientHelloInput,
     cx: &mut ClientContext<'_>,
-    mut ech_context: Option<EchState>,
+    #[cfg(feature = "std")] mut ech_context: Option<EchState>,
 ) -> NextStateOrError<'static> {
     let config = &input.config;
     let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !cx.common.is_quic();
@@ -266,12 +270,19 @@ fn emit_client_hello_for_retry(
     // We only want to send the SNI extension if the server name contains a DNS name and SNI is
     // enabled.
     if let (ServerName::DnsName(dns), true) = (&input.server_name, config.enable_sni) {
-        // If we have an ECH context, then we need to use the ECH config's public name for the
-        // outer hello SNI, otherwise we use the server name from the client config.
-        exts.push(ClientExtension::make_sni(match ech_context.as_ref() {
-            Some(ech_context) => &ech_context.outer_name,
-            None => dns,
-        }));
+        #[cfg(feature = "std")]
+        {
+            // If we have an ECH context, then we need to use the ECH config's public name for the
+            // outer hello SNI, otherwise we use the server name from the client config.
+            exts.push(ClientExtension::make_sni(match ech_context.as_ref() {
+                Some(ech_context) => &ech_context.outer_name,
+                None => dns,
+            }));
+        }
+        #[cfg(not(feature = "std"))]
+        {
+            exts.push(ClientExtension::make_sni(dns));
+        }
     }
 
     if let Some(key_share) = &key_share {
@@ -335,6 +346,7 @@ fn emit_client_hello_for_retry(
     // We don't do renegotiation at all, in fact.
     cipher_suites.push(CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
 
+    #[cfg_attr(not(feature = "std"), allow(unused_mut))]
     let mut chp_payload = ClientHelloPayload {
         client_version: ProtocolVersion::TLSv1_2,
         random: input.random,
@@ -344,6 +356,7 @@ fn emit_client_hello_for_retry(
         extensions: exts,
     };
 
+    #[cfg(feature = "std")]
     match (ech_context.as_mut(), config.grease_ech_hpke_provider) {
         // ECH config, GREASE is irrelevant.
         (Some(ech_context), _) => {
@@ -434,6 +447,7 @@ fn emit_client_hello_for_retry(
         early_key_schedule,
         offered_key_share: key_share,
         suite,
+        #[cfg(feature = "std")]
         ech_context,
     };
 
@@ -730,7 +744,9 @@ impl State<ClientConnectionData> for ExpectServerHello {
                     // We always send a key share when TLS 1.3 is enabled.
                     self.offered_key_share.unwrap(),
                     self.input.sent_tls13_fake_ccs,
+                    #[cfg(feature = "std")]
                     self.ech_context,
+                    #[cfg(feature = "std")]
                     &m,
                 )
             }
@@ -768,7 +784,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
     }
 
     fn handle_hello_retry_request(
-        mut self,
+        #[cfg_attr(not(feature = "std"), allow(unused_mut))] mut self,
         cx: &mut ClientContext<'_>,
         m: Message,
     ) -> NextStateOrError<'static> {
@@ -893,6 +909,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
         cx.common.suite = Some(cs);
 
         // If we offered ECH, we need to confirm that the server accepted it.
+        #[cfg(feature = "std")]
         match (self.next.ech_context.as_ref(), cs.tls13()) {
             (Some(_), None) => {
                 unreachable!("ECH context should only be set when TLS 1.3 was negotiated")
@@ -913,6 +930,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
 
         // If we offered ECH, we also need to update the separate transcript with the
         // hello retry request message.
+        #[cfg(feature = "std")]
         if let Some(ech_context) = self.next.ech_context.as_mut() {
             ech_context.transcript_hrr_update(cs.hash_provider(), &m);
         }
@@ -947,6 +965,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
             Some(cs),
             self.next.input,
             cx,
+            #[cfg(feature = "std")]
             self.next.ech_context,
         )
     }

rustls/src/client/tls13.rs

@@ -10,8 +10,9 @@ use super::client_conn::ClientConnectionData;
 use super::hs::ClientContext;
 use crate::check::inappropriate_handshake_message;
 use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails};
-use crate::client::ech::EchState;
-use crate::client::{ech, hs, ClientConfig, ClientSessionStore};
+#[cfg(feature = "std")]
+use crate::client::ech::{self, EchState};
+use crate::client::{hs, ClientConfig, ClientSessionStore};
 use crate::common_state::{CommonState, Protocol, Side, State};
 use crate::conn::ConnectionRandoms;
 use crate::crypto::ActiveKeyExchange;
@@ -65,15 +66,15 @@ pub(super) fn handle_server_hello(
     server_hello: &ServerHelloPayload,
     mut resuming_session: Option<persist::Tls13ClientSessionValue>,
     server_name: ServerName<'static>,
-    mut randoms: ConnectionRandoms,
+    #[cfg_attr(not(feature = "std"), allow(unused_mut))] mut randoms: ConnectionRandoms,
     suite: &'static Tls13CipherSuite,
-    mut transcript: HandshakeHash,
+    #[cfg_attr(not(feature = "std"), allow(unused_mut))] mut transcript: HandshakeHash,
     early_key_schedule: Option<KeyScheduleEarly>,
     hello: ClientHelloDetails,
     our_key_share: Box<dyn ActiveKeyExchange>,
     mut sent_tls13_fake_ccs: bool,
-    ech_context: Option<EchState>,
-    server_hello_msg: &Message,
+    #[cfg(feature = "std")] ech_context: Option<EchState>,
+    #[cfg(feature = "std")] server_hello_msg: &Message,
 ) -> hs::NextStateOrError<'static> {
     validate_server_hello(cx.common, server_hello)?;
 
@@ -148,6 +149,7 @@ pub(super) fn handle_server_hello(
 
     let shared_secret = our_key_share.complete(&their_key_share.payload.0)?;
 
+    #[cfg_attr(not(feature = "std"), allow(unused_mut))]
     let mut key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret);
 
     // Remember what KX group the server liked for next time.
@@ -160,6 +162,7 @@ pub(super) fn handle_server_hello(
     // the two halves will have different record layer protections.  Disallow this.
     cx.common.check_aligned_handshake()?;
 
+    #[cfg(feature = "std")]
     let ech_status = match ech_context {
         // ECH wasn't offered.
         None => ech::Status::NotOffered,
@@ -205,6 +208,7 @@ pub(super) fn handle_server_hello(
         transcript,
         key_schedule,
         hello,
+        #[cfg(feature = "std")]
         ech_status,
     }))
 }
@@ -397,6 +401,7 @@ struct ExpectEncryptedExtensions {
     transcript: HandshakeHash,
     key_schedule: KeyScheduleHandshake,
     hello: ClientHelloDetails,
+    #[cfg(feature = "std")]
     ech_status: ech::Status,
 }
 
@@ -425,6 +430,7 @@ impl State<ClientConnectionData> for ExpectEncryptedExtensions {
         // this stage rather than in the ExpectServerHello state because we want to be able to
         // include retry configs that may be present in the server's encrypted extensions. This
         // also allows us to send the alert in encrypted form.
+        #[cfg(feature = "std")]
         if matches!(self.ech_status, ech::Status::Rejected) {
             return Err(ech::fatal_alert_required(
                 exts.server_ech_extension()

rustls/src/error.rs

@@ -6,7 +6,9 @@ use core::fmt;
 use std::time::SystemTimeError;
 
 use crate::enums::{AlertDescription, ContentType, HandshakeType};
-use crate::msgs::handshake::{EchConfig, KeyExchangeAlgorithm};
+#[cfg(feature = "std")]
+use crate::msgs::handshake::EchConfig;
+use crate::msgs::handshake::KeyExchangeAlgorithm;
 use crate::rand;
 
 /// rustls reports protocol errors using this type.
@@ -275,6 +277,7 @@ pub enum PeerIncompatible {
     Tls12NotOfferedOrEnabled,
     Tls13RequiredForQuic,
     UncompressedEcPointsRequired,
+    #[cfg(feature = "std")]
     ServerRejectedEncryptedClientHello(Option<Vec<EchConfig>>),
 }
 

rustls/src/lib.rs

@@ -441,9 +441,11 @@ pub mod internal {
         pub mod handshake {
             pub use crate::msgs::handshake::{
                 CertificateChain, ClientExtension, ClientHelloPayload, DistinguishedName,
-                EchConfig, EchConfigContents, HandshakeMessagePayload, HandshakePayload,
-                HpkeKeyConfig, HpkeSymmetricCipherSuite, KeyShareEntry, Random, SessionId,
+                HandshakeMessagePayload, HandshakePayload, HpkeKeyConfig, HpkeSymmetricCipherSuite,
+                KeyShareEntry, Random, SessionId,
             };
+            #[cfg(feature = "std")]
+            pub use crate::msgs::handshake::{EchConfig, EchConfigContents};
         }
         pub mod message {
             pub use crate::msgs::message::{
@@ -534,6 +536,7 @@ pub mod client {
     pub(super) mod builder;
     mod client_conn;
     mod common;
+    #[cfg(feature = "std")]
     mod ech;
     pub(super) mod handy;
     mod hs;
@@ -543,11 +546,11 @@ pub mod client {
 
     pub use builder::WantsClientCert;
     pub use client_conn::{
-        ClientConfig, ClientConnectionData, ClientSessionStore, EarlyDataError, EchConfig,
-        ResolvesClientCert, Resumption, Tls12Resumption, UnbufferedClientConnection,
+        ClientConfig, ClientConnectionData, ClientSessionStore, EarlyDataError, ResolvesClientCert,
+        Resumption, Tls12Resumption, UnbufferedClientConnection,
     };
     #[cfg(feature = "std")]
-    pub use client_conn::{ClientConnection, WriteEarlyData};
+    pub use client_conn::{ClientConnection, EchConfig, WriteEarlyData};
     #[cfg(feature = "std")]
     pub use handy::ClientSessionMemoryCache;
 

rustls/src/msgs/base.rs

@@ -152,6 +152,7 @@ impl fmt::Debug for PayloadU16 {
 pub struct PayloadU8(pub(crate) Vec<u8>);
 
 impl PayloadU8 {
+    #[cfg(feature = "std")]
     pub(crate) fn encode_slice(slice: &[u8], bytes: &mut Vec<u8>) {
         (slice.len() as u8).encode(bytes);
         bytes.extend_from_slice(slice);