switch to no_std rustls

rustls provides `Unbuffered` implementations of server and client
connections that can be used in `no_std`.

This patch implements two helper struct named `TlsServerConnection` and
`TlsClientConnection` which provide much simpler interfaces.

Crate `sys_time` is used to realize a `TimeProvider` and `rust-std-stub`
is kept to provide `io::Read` and `io::Write` traits.

Signed-off-by: Jiaqi Gao <[email protected]>

Cargo.toml

@@ -40,4 +40,3 @@ lto = true
 
 [patch.crates-io]
 ring = { path = "deps/td-shim/library/ring" }
-rustls = { path = "deps/rustls/rustls" }

src/crypto/Cargo.toml

@@ -9,9 +9,10 @@ cfg-if = "1.0"
 der = {version = "0.7.9", features = ["oid", "alloc", "derive"]}
 pki-types = { package = "rustls-pki-types", version = "1" }
 rust_std_stub = { path = "../std-support/rust-std-stub" }
-rustls = { path = "../../deps/rustls/rustls", default-features = false, features = ["no_std"], optional = true }
+rustls = { version = "0.23", default-features = false, features = ["ring" ], optional = true }
 rustls-pemfile = { version = "2.0.0", default-features = false }
-ring = { path = "../../deps/td-shim/library/ring", default-features = false, features = ["alloc"], optional = true }
+ring = { path = "../../deps/td-shim/library/ring", default-features = false, features = ["alloc", "less-safe-getrandom-custom-or-rdrand"], optional = true }
+sys_time = { path = "../std-support/sys_time" }
 zeroize = "1.5.7"
 
 [features]

src/crypto/src/lib.rs

@@ -64,6 +64,9 @@ pub enum Error {
     /// Unable to verify the TLS peer's certificates
     TlsVerifyPeerCert(String),
 
+    /// Error occurs during processing the tls connection
+    TlsConnection,
+
     /// Pem certificate parsing error
     DecodePemCert,