You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by di...@apache.org on 2020/12/14 05:51:12 UTC
[incubator-teaclave-sgx-sdk] branch
bump-up-rustls-0.19-ring-0.16.19 updated (255b209 -> 51db6bd)
This is an automated email from the ASF dual-hosted git repository.
dingyu pushed a change to branch bump-up-rustls-0.19-ring-0.16.19
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git.
from 255b209 Merge pull request #295 from apache/yu-probe-sdk
add d1682aa Add instructions to report security issues
new 51db6bd bump up rustls to 0.19 and ring to 0.16.19
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
SECURITY.md | 8 ++++++++
samplecode/mutual-ra/enclave/src/lib.rs | 8 ++++----
samplecode/pcl/encrypted-hello/enclave/Enclave.edl | 1 +
samplecode/pcl/pcl-seal/enclave/src/lib.rs | 2 +-
samplecode/pcl/pcl-user/Cargo.toml | 2 +-
samplecode/pcl/pcl-user/src/main.rs | 2 +-
samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml | 2 +-
samplecode/tr-mpc/tr-mpc-client/Cargo.toml | 2 +-
samplecode/ue-ra/ue-ra-client/Cargo.toml | 2 +-
samplecode/ue-ra/ue-ra-client/src/main.rs | 2 +-
10 files changed, 20 insertions(+), 11 deletions(-)
create mode 100644 SECURITY.md
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org
[incubator-teaclave-sgx-sdk] 01/01: bump up rustls to 0.19 and ring
to 0.16.19
Posted by di...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dingyu pushed a commit to branch bump-up-rustls-0.19-ring-0.16.19
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
commit 51db6bd4c5fbb5dfe2f7964d571271b51c8d26ab
Author: Yu Ding <di...@gmail.com>
AuthorDate: Sun Dec 13 21:50:16 2020 -0800
bump up rustls to 0.19 and ring to 0.16.19
---
samplecode/mutual-ra/enclave/src/lib.rs | 8 ++++----
samplecode/pcl/encrypted-hello/enclave/Enclave.edl | 1 +
samplecode/pcl/pcl-seal/enclave/src/lib.rs | 2 +-
samplecode/pcl/pcl-user/Cargo.toml | 2 +-
samplecode/pcl/pcl-user/src/main.rs | 2 +-
samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml | 2 +-
samplecode/tr-mpc/tr-mpc-client/Cargo.toml | 2 +-
samplecode/ue-ra/ue-ra-client/Cargo.toml | 2 +-
samplecode/ue-ra/ue-ra-client/src/main.rs | 2 +-
9 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/samplecode/mutual-ra/enclave/src/lib.rs b/samplecode/mutual-ra/enclave/src/lib.rs
index 68a9a42..847052c 100644
--- a/samplecode/mutual-ra/enclave/src/lib.rs
+++ b/samplecode/mutual-ra/enclave/src/lib.rs
@@ -515,11 +515,11 @@ impl ClientAuth {
}
impl rustls::ClientCertVerifier for ClientAuth {
- fn client_auth_root_subjects(&self) -> rustls::DistinguishedNames {
- rustls::DistinguishedNames::new()
+ fn client_auth_root_subjects(&self, _sni: Option<&webpki::DNSName>) -> Option<rustls::DistinguishedNames> {
+ Some(rustls::DistinguishedNames::new())
}
- fn verify_client_cert(&self, _certs: &[rustls::Certificate])
+ fn verify_client_cert(&self, _certs: &[rustls::Certificate], _sni: Option<&webpki::DNSName>)
-> Result<rustls::ClientCertVerified, rustls::TLSError> {
println!("client cert: {:?}", _certs);
// This call will automatically verify cert is properly signed
@@ -667,7 +667,7 @@ pub extern "C" fn run_client(socket_fd : c_int, sign_type: sgx_quote_sign_type_t
certs.push(rustls::Certificate(cert_der));
let privkey = rustls::PrivateKey(key_der);
- cfg.set_single_client_cert(certs, privkey);
+ cfg.set_single_client_cert(certs, privkey).unwrap();
cfg.dangerous().set_certificate_verifier(Arc::new(ServerAuth::new(true)));
cfg.versions.clear();
cfg.versions.push(rustls::ProtocolVersion::TLSv1_2);
diff --git a/samplecode/pcl/encrypted-hello/enclave/Enclave.edl b/samplecode/pcl/encrypted-hello/enclave/Enclave.edl
index 4ffc40f..c5fd7a4 100644
--- a/samplecode/pcl/encrypted-hello/enclave/Enclave.edl
+++ b/samplecode/pcl/encrypted-hello/enclave/Enclave.edl
@@ -18,6 +18,7 @@
enclave {
from "sgx_tstd.edl" import *;
from "sgx_stdio.edl" import *;
+ from "sgx_file.edl" import *;
trusted {
/* define ECALLs here. */
diff --git a/samplecode/pcl/pcl-seal/enclave/src/lib.rs b/samplecode/pcl/pcl-seal/enclave/src/lib.rs
index 6f65cd9..5898d74 100644
--- a/samplecode/pcl/pcl-seal/enclave/src/lib.rs
+++ b/samplecode/pcl/pcl-seal/enclave/src/lib.rs
@@ -207,7 +207,7 @@ pub fn make_ias_client_config() -> rustls::ClientConfig {
let certs = load_certs("client.crt");
let privkey = load_private_key("client.key");
- config.set_single_client_cert(certs, privkey);
+ config.set_single_client_cert(certs, privkey).unwrap();
config
}
diff --git a/samplecode/pcl/pcl-user/Cargo.toml b/samplecode/pcl/pcl-user/Cargo.toml
index 065ae12..08427e7 100644
--- a/samplecode/pcl/pcl-user/Cargo.toml
+++ b/samplecode/pcl/pcl-user/Cargo.toml
@@ -7,7 +7,7 @@ build = "build.rs"
[dependencies]
chrono = "0.4.5"
webpki = "0.21"
-rustls = { version = "0.16", features = ["dangerous_configuration"] }
+rustls = { version = "0.19", features = ["dangerous_configuration"] }
itertools = "*"
sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk" }
base64 = "0.9.2"
diff --git a/samplecode/pcl/pcl-user/src/main.rs b/samplecode/pcl/pcl-user/src/main.rs
index ff83909..64c3310 100644
--- a/samplecode/pcl/pcl-user/src/main.rs
+++ b/samplecode/pcl/pcl-user/src/main.rs
@@ -73,7 +73,7 @@ fn make_config() -> rustls::ClientConfig {
let certs = rustls::internal::pemfile::certs(&mut cc_reader).unwrap();
let privk = rustls::internal::pemfile::pkcs8_private_keys(&mut client_key_reader);
- config.set_single_client_cert(certs, privk.unwrap()[0].clone());
+ config.set_single_client_cert(certs, privk.unwrap()[0].clone()).unwrap();
config.dangerous().set_certificate_verifier(Arc::new(ServerAuth::new(true)));
config.versions.clear();
diff --git a/samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml b/samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml
index 376955d..bf2ec4c 100644
--- a/samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml
+++ b/samplecode/pcl/pcl-user/ue_send_recv/Cargo.toml
@@ -8,5 +8,5 @@ default = []
enclave = []
[dependencies]
-rustls = "0.16.0"
+rustls = "0.19.0"
cfg-if = "*"
diff --git a/samplecode/tr-mpc/tr-mpc-client/Cargo.toml b/samplecode/tr-mpc/tr-mpc-client/Cargo.toml
index 3895477..bbe3da5 100644
--- a/samplecode/tr-mpc/tr-mpc-client/Cargo.toml
+++ b/samplecode/tr-mpc/tr-mpc-client/Cargo.toml
@@ -6,7 +6,7 @@ authors = ["The Teaclave Authors"]
[dependencies]
chrono = "0.4.5"
webpki = "0.21"
-rustls = { version = "0.16",features = ["dangerous_configuration"] }
+rustls = { version = "0.19", features = ["dangerous_configuration"] }
itertools = "*"
sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
base64 = "0.9.2"
diff --git a/samplecode/ue-ra/ue-ra-client/Cargo.toml b/samplecode/ue-ra/ue-ra-client/Cargo.toml
index 760e047..4235f3f 100644
--- a/samplecode/ue-ra/ue-ra-client/Cargo.toml
+++ b/samplecode/ue-ra/ue-ra-client/Cargo.toml
@@ -6,7 +6,7 @@ authors = ["The Teaclave Authors"]
[dependencies]
chrono = "0.4.5"
webpki = "0.21"
-rustls = { version = "0.16", features = ["dangerous_configuration"] }
+rustls = { version = "0.19", features = ["dangerous_configuration"] }
itertools = "*"
sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk" }
base64 = "0.9.2"
diff --git a/samplecode/ue-ra/ue-ra-client/src/main.rs b/samplecode/ue-ra/ue-ra-client/src/main.rs
index 62e2968..1bf9712 100644
--- a/samplecode/ue-ra/ue-ra-client/src/main.rs
+++ b/samplecode/ue-ra/ue-ra-client/src/main.rs
@@ -70,7 +70,7 @@ fn make_config() -> rustls::ClientConfig {
let certs = rustls::internal::pemfile::certs(&mut cc_reader).unwrap();
let privk = rustls::internal::pemfile::pkcs8_private_keys(&mut client_key_reader);
- config.set_single_client_cert(certs, privk.unwrap()[0].clone());
+ config.set_single_client_cert(certs, privk.unwrap()[0].clone()).unwrap();
config.dangerous().set_certificate_verifier(Arc::new(ServerAuth::new(true)));
config.versions.clear();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org