Add several library configurations from os-check.yml to the Rust wrapper CI build

Author: holtrop-wolfssl

.github/workflows/rust-wrapper.yml

@@ -24,10 +24,55 @@ jobs:
       uses: wolfSSL/actions-build-autotools-project@v1
       with:
         path: wolfssl
-        configure: --enable-all
+        configure: ${{ matrix.config }}
     - name: Build Rust Wrapper
       working-directory: wolfssl
       run: make -C wrapper/rust
     - name: Run Rust Wrapper Tests
       working-directory: wolfssl
       run: make -C wrapper/rust test
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '',
+          '--enable-all --enable-asn=template',
+          '--enable-all --enable-asn=original',
+          '--enable-all --enable-asn=template CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
+          '--enable-all --enable-asn=original CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
+          '--enable-harden-tls',
+          '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
+             --enable-opensslextra --enable-sessioncerts
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
+             -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
+          '--enable-all --enable-secure-renegotiation',
+          '--enable-all --enable-haproxy --enable-quic',
+          '--enable-dtls --enable-dtls13 --enable-earlydata
+             --enable-session-ticket --enable-psk
+             CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
+          '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+           --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher
+            CPPFLAGS=-DWOLFSSL_STATIC_RSA',
+          '--enable-ascon --enable-experimental',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
+          '--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys
+            CPPFLAGS=-DWOLFSSL_DH_EXTRA',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+            --enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
+          '--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
+          '--enable-opensslextra=x509small',
+          'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
+          '--enable-lms=small,verify-only --enable-xmss=small,verify-only',
+          '--disable-sys-ca-certs',
+          '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
+          '--enable-coding=no',
+          '--enable-dtls --enable-dtls13 --enable-ocspstapling --enable-ocspstapling2
+           --enable-cert-setup-cb --enable-sessioncerts',
+          '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info',
+          'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY',
+        ]

wolfssl/wolfcrypt/rsa.h

@@ -330,13 +330,15 @@ WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
                                   word32 outLen, RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
                             word32 outLen, RsaKey* key, WC_RNG* rng);
+#ifdef WC_RSA_PSS
 WOLFSSL_API int  wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
                                 word32 outLen, enum wc_HashType hash, int mgf,
                                 RsaKey* key, WC_RNG* rng);
 WOLFSSL_API int  wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,
                                    word32 outLen, enum wc_HashType hash,
                                    int mgf, int saltLen, RsaKey* key,
                                    WC_RNG* rng);
+#endif
 WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
                                     RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
@@ -346,6 +348,7 @@ WOLFSSL_API int  wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
 WOLFSSL_API int  wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
                               word32 outLen, RsaKey* key, int pad_type,
                               enum wc_HashType hash);
+#ifdef WC_RSA_PSS
 WOLFSSL_API int  wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
                                         enum wc_HashType hash, int mgf,
                                         RsaKey* key);
@@ -378,6 +381,7 @@ WOLFSSL_API int  wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen,
                                const byte* digest, word32 digestLen,
                                enum wc_HashType hash, int mgf,
                                RsaKey* key);
+#endif
 
 WOLFSSL_API int  wc_RsaEncryptSize(const RsaKey* key);
 

wrapper/rust/wolfssl/build.rs

@@ -125,6 +125,11 @@ fn scan_cfg() -> Result<()> {
     /* dh */
     check_cfg(&binding, "wc_InitDhKey", "dh");
     check_cfg(&binding, "wc_DhGenerateParams", "dh_keygen");
+    check_cfg(&binding, "wc_Dh_ffdhe2048_Get", "dh_ffdhe_2048");
+    check_cfg(&binding, "wc_Dh_ffdhe3072_Get", "dh_ffdhe_3072");
+    check_cfg(&binding, "wc_Dh_ffdhe4096_Get", "dh_ffdhe_4096");
+    check_cfg(&binding, "wc_Dh_ffdhe6144_Get", "dh_ffdhe_6144");
+    check_cfg(&binding, "wc_Dh_ffdhe8192_Get", "dh_ffdhe_8192");
 
     /* ecc */
     check_cfg(&binding, "wc_ecc_init", "ecc");
@@ -155,6 +160,9 @@ fn scan_cfg() -> Result<()> {
     check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
     check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
 
+    /* hkdf */
+    check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
+
     /* kdf */
     check_cfg(&binding, "wc_PBKDF2", "kdf_pbkdf2");
     check_cfg(&binding, "wc_PKCS12_PBKDF_ex", "kdf_pkcs12");
@@ -169,6 +177,7 @@ fn scan_cfg() -> Result<()> {
     check_cfg(&binding, "wc_InitRsaKey", "rsa");
     check_cfg(&binding, "wc_RsaDirect", "rsa_direct");
     check_cfg(&binding, "wc_MakeRsaKey", "rsa_keygen");
+    check_cfg(&binding, "wc_RsaPSS_Sign", "rsa_pss");
 
     /* sha */
     check_cfg(&binding, "wc_InitSha", "sha");

wrapper/rust/wolfssl/src/wolfcrypt/dh.rs

@@ -38,14 +38,19 @@ pub struct DH {
 
 impl DH {
     /// ffdhe2048 named parameter group.
+    #[cfg(dh_ffdhe_2048)]
     pub const FFDHE_2048: i32 = sys::WC_FFDHE_2048 as i32;
     /// ffdhe3072 named parameter group.
+    #[cfg(dh_ffdhe_3072)]
     pub const FFDHE_3072: i32 = sys::WC_FFDHE_3072 as i32;
     /// ffdhe4096 named parameter group.
+    #[cfg(dh_ffdhe_4096)]
     pub const FFDHE_4096: i32 = sys::WC_FFDHE_4096 as i32;
     /// ffdhe6144 named parameter group.
+    #[cfg(dh_ffdhe_6144)]
     pub const FFDHE_6144: i32 = sys::WC_FFDHE_6144 as i32;
     /// ffdhe8192 named parameter group.
+    #[cfg(dh_ffdhe_8192)]
     pub const FFDHE_8192: i32 = sys::WC_FFDHE_8192 as i32;
 
     /// Perform quick validity check of public key value against prime.
@@ -68,6 +73,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Failed to create RNG");
@@ -87,6 +94,7 @@ impl DH {
     /// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()");
     /// let p = &p[0..(p_size as usize)];
     /// DH::check_pub_value(p, public).expect("Error with check_pub_value()");
+    /// }
     /// ```
     pub fn check_pub_value(prime: &[u8], public: &[u8]) -> Result<(), i32> {
         let prime_size = prime.len() as u32;
@@ -117,6 +125,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");
@@ -130,6 +140,7 @@ impl DH {
     /// let p = &p[0..(p_size as usize)];
     /// let g = &g[0..(g_size as usize)];
     /// assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None));
+    /// }
     /// ```
     pub fn compare_named_key(name: i32, p: &[u8], g: &[u8], q: Option<&[u8]>) -> bool {
         let p_size = p.len() as u32;
@@ -244,10 +255,13 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let min_key_size = DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048);
     /// assert_eq!(min_key_size, 29);
+    /// }
     /// ```
     pub fn get_min_key_size_for_named_parameters(name: i32) -> u32 {
         unsafe { sys::wc_DhGetNamedKeyMinSize(name) }
@@ -265,12 +279,15 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut p_size = 0u32;
     /// let mut g_size = 0u32;
     /// let mut q_size = 0u32;
     /// DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size);
+    /// }
     /// ```
     pub fn get_named_parameter_sizes(name: i32, p_size: &mut u32, g_size: &mut u32, q_size: &mut u32) {
         unsafe {
@@ -292,9 +309,12 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()");
+    /// }
     /// ```
     pub fn new_named(name: i32) -> Result<Self, i32> {
         Self::new_named_ex(name, None, None)
@@ -317,9 +337,12 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut dh = DH::new_named_ex(DH::FFDHE_2048, None, None).expect("Error with new_named_ex()");
+    /// }
     /// ```
     pub fn new_named_ex(name: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
         let mut wc_dhkey: MaybeUninit<sys::DhKey> = MaybeUninit::uninit();
@@ -1023,6 +1046,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1035,6 +1060,7 @@ impl DH {
     /// let private = &private[0..(private_size as usize)];
     /// let public = &public[0..(public_size as usize)];
     /// dh.check_key_pair(public, private).expect("Error with check_key_pair()");
+    /// }
     /// ```
     pub fn check_key_pair(&mut self, public: &[u8], private: &[u8]) -> Result<(), i32> {
         let public_size = public.len() as u32;
@@ -1066,6 +1092,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1077,6 +1105,7 @@ impl DH {
     /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
     /// let private = &private[0..(private_size as usize)];
     /// dh.check_priv_key(private).expect("Error with check_priv_key()");
+    /// }
     /// ```
     pub fn check_priv_key(&mut self, private: &[u8]) -> Result<(), i32> {
         let private_size = private.len() as u32;
@@ -1230,6 +1259,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1241,6 +1272,7 @@ impl DH {
     /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
     /// let public = &public[0..(public_size as usize)];
     /// dh.check_pub_key(public).expect("Error with check_pub_key()");
+    /// }
     /// ```
     pub fn check_pub_key(&mut self, public: &[u8]) -> Result<(), i32> {
         let public_size = public.len() as u32;
@@ -1429,6 +1461,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Failed to create RNG");
@@ -1438,6 +1472,7 @@ impl DH {
     /// let mut public = [0u8; 256];
     /// let mut public_size = 0u32;
     /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()");
+    /// }
     /// ```
     pub fn generate_key_pair(&mut self, rng: &mut RNG,
             private: &mut [u8], private_size: &mut u32,
@@ -1471,6 +1506,8 @@ impl DH {
     /// # Example
     ///
     /// ```rust
+    /// #[cfg(dh_ffdhe_2048)]
+    /// {
     /// use wolfssl::wolfcrypt::random::RNG;
     /// use wolfssl::wolfcrypt::dh::DH;
     /// let mut rng = RNG::new().expect("Error with RNG::new()");
@@ -1488,6 +1525,7 @@ impl DH {
     /// let mut ss0 = [0u8; 256];
     /// let ss0_size = dh.shared_secret(&mut ss0, &private0, &public1).expect("Error with shared_secret()");
     /// let ss0 = &ss0[0..ss0_size];
+    /// }
     /// ```
     pub fn shared_secret(&mut self, dout: &mut [u8], private: &[u8], other_pub: &[u8]) -> Result<usize, i32> {
         let mut dout_size = dout.len() as u32;

wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs

@@ -23,6 +23,8 @@ This module provides a Rust wrapper for the wolfCrypt library's HMAC Key
 Derivation Function (HKDF) functionality.
 */
 
+#![cfg(hkdf)]
+
 use crate::sys;
 use crate::wolfcrypt::hmac::HMAC;
 

wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs

@@ -24,6 +24,7 @@ Function (KDF) functionality.
 */
 
 use crate::sys;
+#[cfg(kdf_tls13)]
 use crate::wolfcrypt::hmac::HMAC;
 
 #[cfg(kdf_srtp)]