diff --git a/.gitignore b/.gitignore index 970dd0a..9d879c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ /rustls-wolfcrypt-provider/target -/rustls-wolfcrypt-provider/Cargo.lock /wolfcrypt-rs/target -/wolfcrypt-rs/Cargo.lock /wolfcrypt-rs/wolfssl-*/ diff --git a/rustls-wolfcrypt-provider/Cargo.lock b/rustls-wolfcrypt-provider/Cargo.lock new file mode 100644 index 0000000..f232468 --- /dev/null +++ b/rustls-wolfcrypt-provider/Cargo.lock @@ -0,0 +1,1533 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common 0.1.7", + "generic-array", +] + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "aws-lc-rs" +version = "1.16.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a054912289d18629dc78375ba2c3726a3afe3ff71b4edba9dedfca0e3446d1fc" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.39.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83a25cf98105baa966497416dbd42565ce3a8cf8dbfd59803ec9ad46f3126399" +dependencies = [ + "cc", + "cmake", + "dunce", + "fs_extra", +] + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + +[[package]] +name = "bindgen" +version = "0.71.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cc" +version = "1.2.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1e928d4b69e3077709075a938a05ffbedfa53a84c8f766efbf8220bb1ff60e1" +dependencies = [ + "find-msvc-tools", + "jobserver", + "libc", + "shlex", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures 0.2.17", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common 0.1.7", + "inout", + "zeroize", +] + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678" +dependencies = [ + "cc", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "data-encoding" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid 0.9.6", + "zeroize", +] + +[[package]] +name = "deranged" +version = "0.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c" +dependencies = [ + "powerfmt", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer 0.10.4", + "const-oid 0.9.6", + "crypto-common 0.1.7", + "subtle", +] + +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer 0.12.0", + "const-oid 0.10.2", + "crypto-common 0.2.1", +] + +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "elliptic-curve", + "signature", + "spki", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "env_filter" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32e90c2accc4b07a8456ea0debdc2e7587bdd890680d71173a15d4ae604f6eef" +dependencies = [ + "log", +] + +[[package]] +name = "env_logger" +version = "0.11.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0621c04f2196ac3f488dd583365b9c09be011a4ab8b9f37248ffcc8f6198b56a" +dependencies = [ + "env_filter", + "log", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "foreign-types" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965" +dependencies = [ + "foreign-types-macros", + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-macros" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "foreign-types-shared" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b" + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", +] + +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "hermit-abi" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hex-literal" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46" + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "hybrid-array" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214" +dependencies = [ + "typenum", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "jobserver" +version = "0.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33" +dependencies = [ + "getrandom 0.3.4", + "libc", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "libloading" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55" +dependencies = [ + "cfg-if", + "windows-link", +] + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "mio" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-bigint-dig" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7" +dependencies = [ + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-conv" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", + "libm", +] + +[[package]] +name = "num_cpus" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "pem" +version = "3.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d30c53c26bc5b31a98cd02d20f25a7c8567146caf63ed593a9d87b2775291be" +dependencies = [ + "base64", + "serde_core", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures 0.2.17", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rayon" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "rcgen" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2" +dependencies = [ + "pem", + "ring", + "rustls-pki-types", + "time", + "yasna", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "rsa" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d" +dependencies = [ + "const-oid 0.9.6", + "digest 0.10.7", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2 0.10.9", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "rustls" +version = "0.23.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" +dependencies = [ + "aws-lc-rs", + "log", + "once_cell", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pemfile" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +dependencies = [ + "zeroize", +] + +[[package]] +name = "rustls-webpki" +version = "0.103.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +dependencies = [ + "aws-lc-rs", + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustls-wolfcrypt-provider" +version = "0.1.0" +dependencies = [ + "anyhow", + "chacha20poly1305", + "der", + "ecdsa", + "env_logger", + "foreign-types", + "hex", + "hex-literal", + "hmac", + "lazy_static", + "log", + "num_cpus", + "pkcs8", + "rand_core", + "rayon", + "rcgen", + "rsa", + "rustls", + "rustls-pemfile", + "rustls-pki-types", + "rustls-webpki", + "serial_test", + "sha2 0.10.9", + "signature", + "tokio", + "webpki-roots 0.26.11", + "wolfcrypt-rs", + "wycheproof", + "zeroize", +] + +[[package]] +name = "scc" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46e6f046b7fef48e2660c57ed794263155d713de679057f2d0c169bfc6e756cc" +dependencies = [ + "sdd", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "sdd" +version = "3.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serial_test" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "911bd979bf1070a3f3aa7b691a3b3e9968f339ceeec89e08c280a8a22207a32f" +dependencies = [ + "once_cell", + "parking_lot", + "scc", + "serial_test_derive", +] + +[[package]] +name = "serial_test_derive" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a7d91949b85b0d2fb687445e448b40d322b6b3e4af6b44a29b21d9a5f33e6d9" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "time" +version = "0.3.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" +dependencies = [ + "deranged", + "num-conv", + "powerfmt", + "serde_core", + "time-core", +] + +[[package]] +name = "time-core" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" + +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "pin-project-lite", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "typenum" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common 0.1.7", + "subtle", +] + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.2+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "0.26.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9" +dependencies = [ + "webpki-roots 1.0.6", +] + +[[package]] +name = "webpki-roots" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" + +[[package]] +name = "wolfcrypt-rs" +version = "0.1.0" +dependencies = [ + "bindgen", + "sha2 0.11.0", +] + +[[package]] +name = "wycheproof" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efb3be19abfb206c6adcbdf2007b09b0e8ca1f6530db40c03b42ce8ed4719894" +dependencies = [ + "data-encoding", + "serde", + "serde_json", +] + +[[package]] +name = "yasna" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" +dependencies = [ + "time", +] + +[[package]] +name = "zerocopy" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/rustls-wolfcrypt-provider/Cargo.toml b/rustls-wolfcrypt-provider/Cargo.toml index c47eb9f..e3ddb34 100644 --- a/rustls-wolfcrypt-provider/Cargo.toml +++ b/rustls-wolfcrypt-provider/Cargo.toml @@ -14,7 +14,7 @@ rand_core = { version = "0.6", default-features = false, features = ["getrandom" rsa = { version = "0.9", features = ["sha2"], default-features = false } sha2 = { version = "0.10", default-features = false } signature = { version = "2", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.103.10", features = ["alloc"], default-features = false } foreign-types = { version = "0.5.0", default-features = false } rustls-pki-types = { version = "1.11.0", default-features = false } log = { version = "0.4.25", default-features = false } diff --git a/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs b/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs index 0e3763a..ff6d221 100644 --- a/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs +++ b/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs @@ -118,7 +118,7 @@ impl MessageEncrypter for WCTls12Encrypter { // Initialize Aes structure. ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; // This function is used to set the key for AES GCM (Galois/Counter Mode). // It initializes an AES object with the given key. @@ -129,7 +129,7 @@ impl MessageEncrypter for WCTls12Encrypter { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // This function encrypts the input message, held in the buffer in, // and stores the resulting cipher text in the output buffer out. @@ -154,7 +154,7 @@ impl MessageEncrypter for WCTls12Encrypter { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmEncrypt failed".into()))?; payload.extend_from_slice(&auth_tag); @@ -194,7 +194,7 @@ impl MessageDecrypter for WCTls12Decrypter { let mut ret; ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; ret = unsafe { wc_AesGcmSetKey( @@ -203,7 +203,7 @@ impl MessageDecrypter for WCTls12Decrypter { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // Finally, we have everything to decrypt the message // from the payload. @@ -226,7 +226,7 @@ impl MessageDecrypter for WCTls12Decrypter { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmDecrypt failed".into()))?; payload.copy_within(payload_start..(payload_len - GCM_TAG_LENGTH), 0); payload.truncate(payload_len - ((payload_start) + GCM_TAG_LENGTH)); @@ -294,7 +294,7 @@ impl MessageEncrypter for WCTls13Cipher { // Initialize Aes structure. ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; // This function is used to set the key for AES GCM (Galois/Counter Mode). // It initializes an AES object with the given key. @@ -305,7 +305,7 @@ impl MessageEncrypter for WCTls13Cipher { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // This function encrypts the input message, held in the buffer in, // and stores the resulting cipher text in the output buffer out. @@ -328,7 +328,7 @@ impl MessageEncrypter for WCTls13Cipher { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmEncrypt failed".into()))?; // Finally, we add the authentication tag at the end of it // after the process of encryption is done. @@ -364,7 +364,7 @@ impl MessageDecrypter for WCTls13Cipher { let mut ret; ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; ret = unsafe { wc_AesGcmSetKey( @@ -373,7 +373,7 @@ impl MessageDecrypter for WCTls13Cipher { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // Finally, we have everything to decrypt the message // from the payload. @@ -391,7 +391,7 @@ impl MessageDecrypter for WCTls13Cipher { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmDecrypt failed".into()))?; payload.truncate(message_len); diff --git a/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs b/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs index 11ae159..3c83703 100644 --- a/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs +++ b/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs @@ -118,7 +118,7 @@ impl MessageEncrypter for WCTls12Encrypter { // Initialize Aes structure. ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; // This function is used to set the key for AES GCM (Galois/Counter Mode). // It initializes an AES object with the given key. @@ -129,7 +129,7 @@ impl MessageEncrypter for WCTls12Encrypter { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // This function encrypts the input message, held in the buffer in, // and stores the resulting cipher text in the output buffer out. @@ -154,7 +154,7 @@ impl MessageEncrypter for WCTls12Encrypter { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmEncrypt failed".into()))?; payload.extend_from_slice(&auth_tag); @@ -194,7 +194,7 @@ impl MessageDecrypter for WCTls12Decrypter { let mut ret; ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; ret = unsafe { wc_AesGcmSetKey( @@ -203,7 +203,7 @@ impl MessageDecrypter for WCTls12Decrypter { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // Finally, we have everything to decrypt the message // from the payload. @@ -226,7 +226,7 @@ impl MessageDecrypter for WCTls12Decrypter { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmDecrypt failed".into()))?; payload.copy_within(payload_start..(payload_len - GCM_TAG_LENGTH), 0); payload.truncate(payload_len - ((payload_start) + GCM_TAG_LENGTH)); @@ -294,7 +294,7 @@ impl MessageEncrypter for WCTls13Cipher { // Initialize Aes structure. ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; // This function is used to set the key for AES GCM (Galois/Counter Mode). // It initializes an AES object with the given key. @@ -305,7 +305,7 @@ impl MessageEncrypter for WCTls13Cipher { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // This function encrypts the input message, held in the buffer in, // and stores the resulting cipher text in the output buffer out. @@ -328,7 +328,7 @@ impl MessageEncrypter for WCTls13Cipher { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmEncrypt failed".into()))?; // Finally, we add the authentication tag at the end of it // after the process of encryption is done. @@ -364,7 +364,7 @@ impl MessageDecrypter for WCTls13Cipher { let mut ret; ret = unsafe { wc_AesInit(aes_object.as_ptr(), ptr::null_mut(), INVALID_DEVID) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesInit failed".into()))?; ret = unsafe { wc_AesGcmSetKey( @@ -373,7 +373,7 @@ impl MessageDecrypter for WCTls13Cipher { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmSetKey failed".into()))?; // Finally, we have everything to decrypt the message // from the payload. @@ -391,7 +391,7 @@ impl MessageDecrypter for WCTls13Cipher { aad.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_AesGcmDecrypt failed".into()))?; payload.truncate(message_len); diff --git a/rustls-wolfcrypt-provider/src/aead/chacha20.rs b/rustls-wolfcrypt-provider/src/aead/chacha20.rs index c4ec90d..36a3b41 100644 --- a/rustls-wolfcrypt-provider/src/aead/chacha20.rs +++ b/rustls-wolfcrypt-provider/src/aead/chacha20.rs @@ -108,7 +108,8 @@ impl MessageEncrypter for WCTls12Cipher { auth_tag.as_mut_ptr(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ChaCha20Poly1305_Encrypt failed".into()))?; let mut output = PrefixedPayload::with_capacity(total_len); @@ -161,7 +162,8 @@ impl MessageDecrypter for WCTls12Cipher { payload[..message_len].as_mut_ptr(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ChaCha20Poly1305_Decrypt failed".into()))?; // We extract the final result... payload.truncate(message_len); @@ -252,7 +254,8 @@ impl MessageEncrypter for WCTls13Cipher { auth_tag.as_mut_ptr(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ChaCha20Poly1305_Encrypt failed".into()))?; // Finally, we add the authentication tag at the end of it // after the process of encryption is done. @@ -303,7 +306,8 @@ impl MessageDecrypter for WCTls13Cipher { payload[..message_len].as_mut_ptr(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ChaCha20Poly1305_Decrypt failed".into()))?; // We extract the final result... payload.truncate(message_len); diff --git a/rustls-wolfcrypt-provider/src/hash/sha256.rs b/rustls-wolfcrypt-provider/src/hash/sha256.rs index fc32755..c544187 100644 --- a/rustls-wolfcrypt-provider/src/hash/sha256.rs +++ b/rustls-wolfcrypt-provider/src/hash/sha256.rs @@ -1,6 +1,8 @@ use crate::error::check_if_zero; +use crate::types::*; use alloc::boxed::Box; use core::mem; +use foreign_types::ForeignType; use rustls::crypto::hash; use wolfcrypt_rs::*; @@ -9,11 +11,13 @@ pub struct WCSha256; impl hash::Hash for WCSha256 { fn start(&self) -> Box { - let sha256_c_type: wc_Sha256 = unsafe { mem::zeroed() }; + let mut sha256_storage = Box::new(unsafe { mem::zeroed::() }); + let sha256_object = unsafe { Sha256Object::from_ptr(&mut *sha256_storage) }; let hash: [u8; WC_SHA256_DIGEST_SIZE as usize] = [0; WC_SHA256_DIGEST_SIZE as usize]; let mut hasher = WCHasher256 { - sha256_c_type, + sha256_object, + _sha256_storage: sha256_storage, hash, }; @@ -38,15 +42,16 @@ impl hash::Hash for WCSha256 { } struct WCHasher256 { - sha256_c_type: wc_Sha256, + sha256_object: Sha256Object, + _sha256_storage: Box, hash: [u8; WC_SHA256_DIGEST_SIZE as usize], } impl WCHasher256 { fn wchasher_init(&mut self) { // This function initializes SHA256. This is automatically called by wc_Sha256Hash. - let ret = unsafe { wc_InitSha256(&mut self.sha256_c_type) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_InitSha256(self.sha256_object.as_ptr()) }; + check_if_zero(ret).expect("wc_InitSha256 failed"); } fn wchasher_update(&mut self, data: &[u8]) { @@ -54,15 +59,15 @@ impl WCHasher256 { // Hash the provided byte array of length len. // Can be called continually. - let ret = unsafe { wc_Sha256Update(&mut self.sha256_c_type, data.as_ptr(), length) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_Sha256Update(self.sha256_object.as_ptr(), data.as_ptr(), length) }; + check_if_zero(ret).expect("wc_Sha256Update failed"); } fn wchasher_final(&mut self) -> &[u8] { // Finalizes hashing of data. Result is placed into hash. // Resets state of the sha256 struct. - let ret = unsafe { wc_Sha256Final(&mut self.sha256_c_type, self.hash.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_Sha256Final(self.sha256_object.as_ptr(), self.hash.as_mut_ptr()) }; + check_if_zero(ret).expect("wc_Sha256Final failed"); &self.hash } @@ -92,20 +97,17 @@ unsafe impl Sync for WCHasher256 {} unsafe impl Send for WCHasher256 {} impl Clone for WCHasher256 { fn clone(&self) -> WCHasher256 { - let mut new_hasher = WCHasher256 { - sha256_c_type: unsafe { mem::zeroed() }, + let mut new_storage = Box::new(unsafe { mem::zeroed::() }); + let new_object = unsafe { Sha256Object::from_ptr(&mut *new_storage) }; + let ret = unsafe { wc_InitSha256(new_object.as_ptr()) }; + check_if_zero(ret).expect("wc_InitSha256 failed in clone"); + let ret = unsafe { wc_Sha256Copy(self.sha256_object.as_ptr(), new_object.as_ptr()) }; + check_if_zero(ret).expect("wc_Sha256Copy failed"); + WCHasher256 { + sha256_object: new_object, + _sha256_storage: new_storage, hash: self.hash, - }; - let ret = unsafe { wc_InitSha256(&mut new_hasher.sha256_c_type) }; - check_if_zero(ret).unwrap(); - let ret = unsafe { - wc_Sha256Copy( - &self.sha256_c_type as *const wc_Sha256 as *mut wc_Sha256, - &mut new_hasher.sha256_c_type, - ) - }; - check_if_zero(ret).unwrap(); - new_hasher + } } } diff --git a/rustls-wolfcrypt-provider/src/hash/sha384.rs b/rustls-wolfcrypt-provider/src/hash/sha384.rs index ca5ab41..c42953d 100644 --- a/rustls-wolfcrypt-provider/src/hash/sha384.rs +++ b/rustls-wolfcrypt-provider/src/hash/sha384.rs @@ -1,19 +1,23 @@ use alloc::boxed::Box; use core::mem; +use foreign_types::ForeignType; use rustls::crypto::hash; use wolfcrypt_rs::*; use crate::error::check_if_zero; +use crate::types::*; pub struct WCSha384; impl hash::Hash for WCSha384 { fn start(&self) -> Box { - let sha384_c_type: wc_Sha384 = unsafe { mem::zeroed() }; + let mut sha384_storage = Box::new(unsafe { mem::zeroed::() }); + let sha384_object = unsafe { Sha384Object::from_ptr(&mut *sha384_storage) }; let hash: [u8; WC_SHA384_DIGEST_SIZE as usize] = [0; WC_SHA384_DIGEST_SIZE as usize]; let mut hasher = WCHasher384 { - sha384_c_type, + sha384_object, + _sha384_storage: sha384_storage, hash, }; @@ -38,15 +42,16 @@ impl hash::Hash for WCSha384 { } struct WCHasher384 { - sha384_c_type: wc_Sha384, + sha384_object: Sha384Object, + _sha384_storage: Box, hash: [u8; WC_SHA384_DIGEST_SIZE as usize], } impl WCHasher384 { fn wchasher_init(&mut self) { // This function initializes SHA384. This is automatically called by wc_Sha384Hash. - let ret = unsafe { wc_InitSha384(&mut self.sha384_c_type) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_InitSha384(self.sha384_object.as_ptr()) }; + check_if_zero(ret).expect("wc_InitSha384 failed"); } fn wchasher_update(&mut self, data: &[u8]) { @@ -54,15 +59,15 @@ impl WCHasher384 { // Hash the provided byte array of length len. // Can be called continually. - let ret = unsafe { wc_Sha384Update(&mut self.sha384_c_type, data.as_ptr(), length) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_Sha384Update(self.sha384_object.as_ptr(), data.as_ptr(), length) }; + check_if_zero(ret).expect("wc_Sha384Update failed"); } fn wchasher_final(&mut self) -> &[u8] { // Finalizes hashing of data. Result is placed into hash. // Resets state of the sha384 struct. - let ret = unsafe { wc_Sha384Final(&mut self.sha384_c_type, self.hash.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + let ret = unsafe { wc_Sha384Final(self.sha384_object.as_ptr(), self.hash.as_mut_ptr()) }; + check_if_zero(ret).expect("wc_Sha384Final failed"); &self.hash } @@ -110,19 +115,16 @@ unsafe impl Sync for WCHasher384 {} unsafe impl Send for WCHasher384 {} impl Clone for WCHasher384 { fn clone(&self) -> WCHasher384 { - let mut new_hasher = WCHasher384 { - sha384_c_type: unsafe { mem::zeroed() }, + let mut new_storage = Box::new(unsafe { mem::zeroed::() }); + let new_object = unsafe { Sha384Object::from_ptr(&mut *new_storage) }; + let ret = unsafe { wc_InitSha384(new_object.as_ptr()) }; + check_if_zero(ret).expect("wc_InitSha384 failed in clone"); + let ret = unsafe { wc_Sha384Copy(self.sha384_object.as_ptr(), new_object.as_ptr()) }; + check_if_zero(ret).expect("wc_Sha384Copy failed"); + WCHasher384 { + sha384_object: new_object, + _sha384_storage: new_storage, hash: self.hash, - }; - let ret = unsafe { wc_InitSha384(&mut new_hasher.sha384_c_type) }; - check_if_zero(ret).unwrap(); - let ret = unsafe { - wc_Sha384Copy( - &self.sha384_c_type as *const wc_Sha384 as *mut wc_Sha384, - &mut new_hasher.sha384_c_type, - ) - }; - check_if_zero(ret).unwrap(); - new_hasher + } } } diff --git a/rustls-wolfcrypt-provider/src/hkdf.rs b/rustls-wolfcrypt-provider/src/hkdf.rs index c10cd1a..fd1e9a5 100644 --- a/rustls-wolfcrypt-provider/src/hkdf.rs +++ b/rustls-wolfcrypt-provider/src/hkdf.rs @@ -41,7 +41,7 @@ impl RustlsHkdf for WCHkdfUsingHmac { extracted_key.as_mut_ptr(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HKDF_Extract failed"); Box::new(WolfHkdfExpander::new( Zeroizing::new(extracted_key), @@ -77,13 +77,13 @@ impl RustlsHkdf for WCHkdfUsingHmac { key.as_ref().len() as u32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacSetKey failed in hmac_sign"); ret = unsafe { wc_HmacUpdate(&mut hmac_ctx, message.as_ptr(), message.len() as u32) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacUpdate failed in hmac_sign"); ret = unsafe { wc_HmacFinal(&mut hmac_ctx, hmac.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacFinal failed in hmac_sign"); unsafe { wc_HmacFree(&mut hmac_ctx) }; diff --git a/rustls-wolfcrypt-provider/src/hmac/mod.rs b/rustls-wolfcrypt-provider/src/hmac/mod.rs index f6351e2..1092fa8 100644 --- a/rustls-wolfcrypt-provider/src/hmac/mod.rs +++ b/rustls-wolfcrypt-provider/src/hmac/mod.rs @@ -96,19 +96,19 @@ impl WCHmacKey { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacSetKey failed"); hmac_ptr } fn hmac_update(&self, hmac_ptr: *mut Hmac, input: &[u8]) { let ret = unsafe { wc_HmacUpdate(hmac_ptr, input.as_ptr(), input.len() as word32) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacUpdate failed"); } fn hmac_final(&self, hmac_ptr: *mut Hmac) -> Vec { let mut digest = vec![0u8; self.variant.digest_size()]; let ret = unsafe { wc_HmacFinal(hmac_ptr, digest.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacFinal failed"); unsafe { wc_HmacFree(hmac_ptr); diff --git a/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs b/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs index a4e180b..6209e12 100644 --- a/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs +++ b/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs @@ -60,7 +60,7 @@ impl WCHmac256Key { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacSetKey failed"); hmac_ptr } @@ -69,7 +69,7 @@ impl WCHmac256Key { let ret = unsafe { wc_HmacUpdate(hmac_ptr, input.as_ptr(), input.len() as word32) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacUpdate failed"); } fn hmac_final(&self, hmac_ptr: *mut Hmac) -> [u8; WC_SHA256_DIGEST_SIZE as usize] { @@ -77,7 +77,7 @@ impl WCHmac256Key { // This function computes the final hash of an Hmac object's message. let ret = unsafe { wc_HmacFinal(hmac_ptr, digest.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacFinal failed"); unsafe { wc_HmacFree(hmac_ptr); diff --git a/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs b/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs index af2ce78..97295c5 100644 --- a/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs +++ b/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs @@ -59,7 +59,7 @@ impl WCHmac384Key { self.key.len() as word32, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacSetKey failed"); hmac_ptr } @@ -68,7 +68,7 @@ impl WCHmac384Key { let ret = unsafe { wc_HmacUpdate(hmac_ptr, input.as_ptr(), input.len() as word32) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacUpdate failed"); } fn hmac_final(&self, hmac_ptr: *mut wolfcrypt_rs::Hmac) -> [u8; WC_SHA384_DIGEST_SIZE as usize] { @@ -78,7 +78,7 @@ impl WCHmac384Key { // This function computes the final hash of an Hmac object's message. let ret = unsafe { wc_HmacFinal(hmac_ptr, digest.as_mut_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).expect("wc_HmacFinal failed"); unsafe { wc_HmacFree(hmac_ptr); diff --git a/rustls-wolfcrypt-provider/src/kx.rs b/rustls-wolfcrypt-provider/src/kx.rs index b1a122e..e60c372 100644 --- a/rustls-wolfcrypt-provider/src/kx.rs +++ b/rustls-wolfcrypt-provider/src/kx.rs @@ -16,7 +16,7 @@ macro_rules! define_kx_group { impl crypto::SupportedKxGroup for $name { fn start(&self) -> Result, rustls::Error> { - Ok(Box::new(<$kx_type>::$kx_func())) + Ok(Box::new(<$kx_type>::$kx_func()?)) } fn name(&self) -> rustls::NamedGroup { diff --git a/rustls-wolfcrypt-provider/src/kx/sec256r1.rs b/rustls-wolfcrypt-provider/src/kx/sec256r1.rs index 5ee7360..426362f 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec256r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec256r1.rs @@ -19,7 +19,7 @@ pub struct ECCPubKey { } impl KeyExchangeSecP256r1 { - pub fn use_secp256r1() -> Self { + pub fn use_secp256r1() -> Result { let mut key: ecc_key = unsafe { mem::zeroed() }; let key_object = ECCKeyObject::new(&mut key); let mut rng: WC_RNG = unsafe { mem::zeroed() }; @@ -48,7 +48,8 @@ impl KeyExchangeSecP256r1 { ecc_curve_id_ECC_SECP256R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_make_key_ex failed".into()))?; ret = unsafe { wc_ecc_export_private_only( @@ -57,7 +58,8 @@ impl KeyExchangeSecP256r1 { &mut priv_key_raw_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_private_only failed".into()))?; ret = unsafe { wc_ecc_export_public_raw( @@ -68,7 +70,8 @@ impl KeyExchangeSecP256r1 { &mut pub_key_raw.qy_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_public_raw failed".into()))?; // One byte prefix (0x04) + 32 bytes X coord + 32 bytes Y coord let mut pub_key_bytes = [0x04; 65]; @@ -78,10 +81,10 @@ impl KeyExchangeSecP256r1 { // Copy Y coordinate into bytes 33-64 pub_key_bytes[33..65].copy_from_slice(&pub_key_raw.qy); - KeyExchangeSecP256r1 { + Ok(KeyExchangeSecP256r1 { priv_key_bytes: Zeroizing::new(Box::new(priv_key_raw)), pub_key_bytes: Box::new(pub_key_bytes), - } + }) } pub fn derive_shared_secret(&self, peer_pub_key: &[u8]) -> Result, rustls::Error> { @@ -112,7 +115,8 @@ impl KeyExchangeSecP256r1 { ecc_curve_id_ECC_SECP256R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import ECC private key".into()))?; ret = unsafe { wc_ecc_import_unsigned( @@ -123,15 +127,18 @@ impl KeyExchangeSecP256r1 { ecc_curve_id_ECC_SECP256R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import peer ECC public key".into()))?; rng_object.init(); ret = unsafe { wc_ecc_set_rng(pub_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on public key".into()))?; ret = unsafe { wc_ecc_set_rng(priv_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on private key".into()))?; let mut out = [0u8; 32]; let mut out_len: word32 = out.len() as word32; @@ -144,7 +151,8 @@ impl KeyExchangeSecP256r1 { &mut out_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to compute ECC shared secret".into()))?; Ok(Box::new(out)) } @@ -175,8 +183,8 @@ mod tests { #[test] fn test_secp256r1_kx() { - let alice = Box::new(KeyExchangeSecP256r1::use_secp256r1()); - let bob = Box::new(KeyExchangeSecP256r1::use_secp256r1()); + let alice = Box::new(KeyExchangeSecP256r1::use_secp256r1().unwrap()); + let bob = Box::new(KeyExchangeSecP256r1::use_secp256r1().unwrap()); assert_eq!( alice.derive_shared_secret(bob.pub_key()).unwrap(), diff --git a/rustls-wolfcrypt-provider/src/kx/sec384r1.rs b/rustls-wolfcrypt-provider/src/kx/sec384r1.rs index 270e191..36e4ce5 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec384r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec384r1.rs @@ -20,7 +20,7 @@ pub struct ECCPubKey { } impl KeyExchangeSecP384r1 { - pub fn use_secp384r1() -> Self { + pub fn use_secp384r1() -> Result { let mut key: ecc_key = unsafe { mem::zeroed() }; let key_object = ECCKeyObject::new(&mut key); let mut rng: WC_RNG = unsafe { mem::zeroed() }; @@ -47,7 +47,8 @@ impl KeyExchangeSecP384r1 { ecc_curve_id_ECC_SECP384R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_make_key_ex failed".into()))?; let mut priv_key_raw = [0u8; 48]; let mut priv_key_raw_len: word32 = priv_key_raw.len() as word32; @@ -59,7 +60,8 @@ impl KeyExchangeSecP384r1 { &mut priv_key_raw_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_private_only failed".into()))?; ret = unsafe { wc_ecc_export_public_raw( @@ -70,7 +72,8 @@ impl KeyExchangeSecP384r1 { &mut pub_key_raw.qy_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_public_raw failed".into()))?; // One byte prefix + 48 bytes X + 48 bytes Y let mut pub_key_bytes = [0x04; 97]; @@ -81,10 +84,10 @@ impl KeyExchangeSecP384r1 { // Copy Y coordinate into bytes 49-97 pub_key_bytes[49..97].copy_from_slice(&pub_key_raw.qy); - KeyExchangeSecP384r1 { + Ok(KeyExchangeSecP384r1 { priv_key_bytes: Zeroizing::new(Box::new(priv_key_raw)), pub_key_bytes: Box::new(pub_key_bytes), - } + }) } pub fn derive_shared_secret(&self, peer_pub_key: &[u8]) -> Result, rustls::Error> { @@ -115,7 +118,8 @@ impl KeyExchangeSecP384r1 { ecc_curve_id_ECC_SECP384R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import ECC private key".into()))?; /* * Skipping first byte because rustls uses this format: @@ -130,15 +134,18 @@ impl KeyExchangeSecP384r1 { ecc_curve_id_ECC_SECP384R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import peer ECC public key".into()))?; rng_object.init(); ret = unsafe { wc_ecc_set_rng(pub_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on public key".into()))?; ret = unsafe { wc_ecc_set_rng(priv_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on private key".into()))?; let mut out = [0u8; 48]; let mut out_len: word32 = out.len() as word32; @@ -151,7 +158,8 @@ impl KeyExchangeSecP384r1 { &mut out_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to compute ECC shared secret".into()))?; Ok(Box::new(out)) } @@ -182,8 +190,8 @@ mod tests { #[test] fn test_secp384r1_kx() { - let alice = Box::new(KeyExchangeSecP384r1::use_secp384r1()); - let bob = Box::new(KeyExchangeSecP384r1::use_secp384r1()); + let alice = Box::new(KeyExchangeSecP384r1::use_secp384r1().unwrap()); + let bob = Box::new(KeyExchangeSecP384r1::use_secp384r1().unwrap()); assert_eq!( alice.derive_shared_secret(bob.pub_key()).unwrap(), diff --git a/rustls-wolfcrypt-provider/src/kx/sec521r1.rs b/rustls-wolfcrypt-provider/src/kx/sec521r1.rs index 36f048a..fa24011 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec521r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec521r1.rs @@ -19,7 +19,7 @@ pub struct ECCPubKey { } impl KeyExchangeSecP521r1 { - pub fn use_secp521r1() -> Self { + pub fn use_secp521r1() -> Result { let mut key: ecc_key = unsafe { mem::zeroed() }; let key_object = ECCKeyObject::new(&mut key); let mut rng: WC_RNG = unsafe { mem::zeroed() }; @@ -48,7 +48,8 @@ impl KeyExchangeSecP521r1 { ecc_curve_id_ECC_SECP521R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_make_key_ex failed".into()))?; let mut priv_key_raw = [0u8; 66]; let mut priv_key_raw_len: word32 = priv_key_raw.len() as word32; @@ -60,7 +61,8 @@ impl KeyExchangeSecP521r1 { &mut priv_key_raw_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_private_only failed".into()))?; ret = unsafe { wc_ecc_export_public_raw( @@ -71,7 +73,8 @@ impl KeyExchangeSecP521r1 { &mut pub_key_raw.qy_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ecc_export_public_raw failed".into()))?; let mut pub_key_bytes = [0x04; 133]; // One byte prefix + 66 bytes X + 66 bytes Y @@ -81,10 +84,10 @@ impl KeyExchangeSecP521r1 { // Copy Y coordinate into bytes 67-133 pub_key_bytes[67..133].copy_from_slice(&pub_key_raw.qy); - KeyExchangeSecP521r1 { + Ok(KeyExchangeSecP521r1 { priv_key_bytes: Zeroizing::new(Box::new(priv_key_raw)), pub_key_bytes: Box::new(pub_key_bytes), - } + }) } pub fn derive_shared_secret(&self, peer_pub_key: &[u8]) -> Result, rustls::Error> { @@ -116,7 +119,8 @@ impl KeyExchangeSecP521r1 { ecc_curve_id_ECC_SECP521R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import ECC private key".into()))?; /* * Skipping first byte because rustls uses this format: @@ -131,15 +135,18 @@ impl KeyExchangeSecP521r1 { ecc_curve_id_ECC_SECP521R1, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import peer ECC public key".into()))?; rng_object.init(); ret = unsafe { wc_ecc_set_rng(pub_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on public key".into()))?; ret = unsafe { wc_ecc_set_rng(priv_key_object.as_ptr(), rng_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to set RNG on private key".into()))?; let mut out = [0u8; 66]; let mut out_len: word32 = out.len() as word32; @@ -152,7 +159,8 @@ impl KeyExchangeSecP521r1 { &mut out_len, ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to compute ECC shared secret".into()))?; Ok(Box::new(out)) } @@ -183,8 +191,8 @@ mod tests { #[test] fn test_secp521r1_kx() { - let alice = Box::new(KeyExchangeSecP521r1::use_secp521r1()); - let bob = Box::new(KeyExchangeSecP521r1::use_secp521r1()); + let alice = Box::new(KeyExchangeSecP521r1::use_secp521r1().unwrap()); + let bob = Box::new(KeyExchangeSecP521r1::use_secp521r1().unwrap()); assert_eq!( alice.derive_shared_secret(bob.pub_key()).unwrap(), diff --git a/rustls-wolfcrypt-provider/src/kx/x25519.rs b/rustls-wolfcrypt-provider/src/kx/x25519.rs index e65293f..e9d2916 100644 --- a/rustls-wolfcrypt-provider/src/kx/x25519.rs +++ b/rustls-wolfcrypt-provider/src/kx/x25519.rs @@ -11,7 +11,7 @@ pub struct KeyExchangeX25519 { } impl KeyExchangeX25519 { - pub fn use_curve25519() -> Self { + pub fn use_curve25519() -> Result { let mut key: curve25519_key = unsafe { mem::zeroed() }; let key_object = Curve25519KeyObject::new(&mut key); let mut rng: WC_RNG = unsafe { mem::zeroed() }; @@ -32,7 +32,8 @@ impl KeyExchangeX25519 { // This function generates a Curve25519 key using the given random number generator, rng, // of the size given (keysize), and stores it in the given curve25519_key structure. ret = unsafe { wc_curve25519_make_key(&mut rng, 32, key_object.as_ptr()) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_curve25519_make_key failed".into()))?; // Export curve25519 key pair. Big or little endian. ret = unsafe { @@ -45,12 +46,13 @@ impl KeyExchangeX25519 { endian.try_into().unwrap(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_curve25519_export_key_raw_ex failed".into()))?; - KeyExchangeX25519 { + Ok(KeyExchangeX25519 { pub_key_bytes: Box::new(pub_key_raw), priv_key_bytes: Zeroizing::new(Box::new(priv_key_raw)), - } + }) } pub fn derive_shared_secret(&self, peer_pub_key: &[u8]) -> Result, rustls::Error> { @@ -78,7 +80,8 @@ impl KeyExchangeX25519 { endian.try_into().unwrap(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Invalid Curve25519 public key".into()))?; // We initialize the curve25519 key object before we import the public key in it. pub_key_provided_object.init(); @@ -93,7 +96,8 @@ impl KeyExchangeX25519 { endian.try_into().unwrap(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret) + .map_err(|_| rustls::Error::General("Failed to import Curve25519 public key".into()))?; // We initialize the curve25519 key object before we import the private key in it. private_key_object.init(); @@ -108,7 +112,9 @@ impl KeyExchangeX25519 { endian.try_into().unwrap(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| { + rustls::Error::General("Failed to import Curve25519 private key".into()) + })?; // This function computes a shared secret key given a secret private key and // a received public key. Stores the generated secret in the buffer out. @@ -121,7 +127,9 @@ impl KeyExchangeX25519 { endian.try_into().unwrap(), ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| { + rustls::Error::General("Failed to compute Curve25519 shared secret".into()) + })?; Ok(Box::new(out)) } @@ -155,8 +163,8 @@ mod tests { #[test] fn test_curve25519_kx() { - let alice = Box::new(KeyExchangeX25519::use_curve25519()); - let bob = Box::new(KeyExchangeX25519::use_curve25519()); + let alice = Box::new(KeyExchangeX25519::use_curve25519().unwrap()); + let bob = Box::new(KeyExchangeX25519::use_curve25519().unwrap()); assert_eq!( alice.derive_shared_secret(bob.pub_key()).unwrap(), diff --git a/rustls-wolfcrypt-provider/src/prf.rs b/rustls-wolfcrypt-provider/src/prf.rs index 13a5877..5da8ac7 100644 --- a/rustls-wolfcrypt-provider/src/prf.rs +++ b/rustls-wolfcrypt-provider/src/prf.rs @@ -54,7 +54,7 @@ fn wc_prf( ) }; - check_if_zero(ret).unwrap(); + check_if_zero(ret).map_err(|_| rustls::Error::General("wc_PRF_TLS failed".into()))?; Ok(()) } diff --git a/rustls-wolfcrypt-provider/src/sign/eddsa.rs b/rustls-wolfcrypt-provider/src/sign/eddsa.rs index 54f74ea..c7a9a47 100644 --- a/rustls-wolfcrypt-provider/src/sign/eddsa.rs +++ b/rustls-wolfcrypt-provider/src/sign/eddsa.rs @@ -158,7 +158,9 @@ impl Signer for Ed25519Signer { ed25519_key_object.as_ptr(), ) }; - check_if_zero(ret).unwrap(); + + check_if_zero(ret) + .map_err(|_| rustls::Error::General("wc_ed25519_import_private_key failed".into()))?; ret = unsafe { wc_ed25519_sign_msg( diff --git a/rustls-wolfcrypt-provider/src/sign/rsa.rs b/rustls-wolfcrypt-provider/src/sign/rsa.rs index ab725f6..0c75790 100644 --- a/rustls-wolfcrypt-provider/src/sign/rsa.rs +++ b/rustls-wolfcrypt-provider/src/sign/rsa.rs @@ -57,12 +57,23 @@ impl fmt::Debug for RsaPrivateKey { } } +/// Owns both the heap-allocated RsaKey and its RsaKeyObject wrapper. +/// Rust drops fields in declaration order: `object` (which calls +/// wc_FreeRsaKey) is dropped first, then `_storage` frees the heap, +/// preventing use-after-free. +struct OwnedRsaKey { + object: RsaKeyObject, + _storage: Box, +} + +impl OwnedRsaKey { + fn as_ptr(&self) -> *mut RsaKey { + self.object.as_ptr() + } +} + /// Import the stored DER bytes into a fresh RsaKey C struct. -/// Returns the boxed RsaKey (to keep memory alive) and the RsaKeyObject wrapper. -fn import_rsa_key( - der_bytes: &[u8], - format: &RsaKeyFormat, -) -> Result<(Box, RsaKeyObject), rustls::Error> { +fn import_rsa_key(der_bytes: &[u8], format: &RsaKeyFormat) -> Result { let mut rsa_key_box = Box::new(unsafe { mem::zeroed::() }); let rsa_key_object = unsafe { RsaKeyObject::from_ptr(&mut *rsa_key_box) }; @@ -84,7 +95,10 @@ fn import_rsa_key( check_if_zero(decode_ret) .map_err(|_| rustls::Error::General("wc_RsaPrivateKeyDecode failed".into()))?; - Ok((rsa_key_box, rsa_key_object)) + Ok(OwnedRsaKey { + object: rsa_key_object, + _storage: rsa_key_box, + }) } impl TryFrom<&PrivateKeyDer<'_>> for RsaPrivateKey { @@ -102,7 +116,7 @@ impl TryFrom<&PrivateKeyDer<'_>> for RsaPrivateKey { }; // Validate that the key can be decoded before accepting it. - let (_rsa_key_box, _rsa_key_object) = import_rsa_key(&der_bytes, &format)?; + let _rsa_key = import_rsa_key(&der_bytes, &format)?; Ok(Self { der_bytes: Arc::new(Zeroizing::new(der_bytes)), @@ -151,7 +165,7 @@ impl fmt::Debug for RsaSigner { impl Signer for RsaSigner { fn sign(&self, message: &[u8]) -> Result, rustls::Error> { - let (_rsa_key_box, rsa_key_object) = import_rsa_key(&self.der_bytes, &self.format)?; + let rsa_key = import_rsa_key(&self.der_bytes, &self.format)?; // Prepare a random generator let mut rng: WC_RNG = unsafe { mem::zeroed() }; @@ -218,7 +232,7 @@ impl Signer for RsaSigner { sig_buf.len() as u32, hash_ty, mgf_ty.try_into().unwrap(), - rsa_key_object.as_ptr(), + rsa_key.as_ptr(), rng_object.as_ptr(), ) }; @@ -248,7 +262,7 @@ impl Signer for RsaSigner { let mut sig_len: u32 = sig_buf.len() as u32; // wc_SignatureGenerate will produce a PKCS#1 signature, including hashing. - let deref_rsa_key_c_type = unsafe { *(rsa_key_object.as_ptr()) }; + let deref_rsa_key_c_type = unsafe { *(rsa_key.as_ptr()) }; let ret = unsafe { wc_SignatureGenerate( hash_ty, @@ -257,7 +271,7 @@ impl Signer for RsaSigner { message.len() as u32, sig_buf.as_mut_ptr(), &mut sig_len, - rsa_key_object.as_ptr() as *const core::ffi::c_void, + rsa_key.as_ptr() as *const core::ffi::c_void, mem::size_of_val(&deref_rsa_key_c_type).try_into().unwrap(), rng_object.as_ptr(), ) @@ -269,7 +283,7 @@ impl Signer for RsaSigner { let actual_sig_size = unsafe { wc_SignatureGetSize( wc_SignatureType_WC_SIGNATURE_TYPE_RSA_W_ENC, - rsa_key_object.as_ptr() as *const core::ffi::c_void, + rsa_key.as_ptr() as *const core::ffi::c_void, mem::size_of_val(&deref_rsa_key_c_type).try_into().unwrap(), ) }; diff --git a/rustls-wolfcrypt-provider/src/types/mod.rs b/rustls-wolfcrypt-provider/src/types/mod.rs index 06b80fe..fc86caa 100644 --- a/rustls-wolfcrypt-provider/src/types/mod.rs +++ b/rustls-wolfcrypt-provider/src/types/mod.rs @@ -41,7 +41,10 @@ macro_rules! define_foreign_type { /// Given an $init_function, it calls it with the object's ptr as argument. pub fn init(&self) { - unsafe { check_if_zero($init_function(self.as_ptr())).unwrap() } + unsafe { + check_if_zero($init_function(self.as_ptr())) + .expect(concat!(stringify!($init_function), " failed")) + } } } }; @@ -105,32 +108,6 @@ macro_rules! define_foreign_type_with_copy { } } }; - - ($struct_name:ident, $ref_name:ident, $c_type:ty, drop($drop_fn:ident)) => { - define_foreign_type_with_copy!($struct_name, $ref_name, $c_type); - - /// Implements Drop trait for cryptographic types that require cleanup. - /// This safely frees memory and other resources when the type goes out of scope. - /// Any cleanup errors are logged but cannot be returned since this is Drop. - /// The unsafe block is needed for FFI calls to the underlying C functions. - impl Drop for $struct_name { - fn drop(&mut self) { - unsafe { - let ret = $drop_fn(self.as_ptr()); - match check_if_zero(ret) { - Err(err) => { - error!( - "Error while freeing resource in Drop for {}: {}", - stringify!($struct_name), - err - ); - } - Ok(()) => {} - } - } - } - } - }; } /// Like define_foreign_type_with_copy but without Copy (needed when Drop is implemented). @@ -229,3 +206,15 @@ define_foreign_type!( define_foreign_type_no_copy!(RsaKeyObject, RsaKeyObjectRef, RsaKey, drop(wc_FreeRsaKey)); define_foreign_type_with_copy!(HmacObject, HmacObjectRef, wolfcrypt_rs::Hmac); define_foreign_type_no_copy!(AesObject, AesObjectRef, Aes, drop_void(wc_AesFree)); +define_foreign_type_no_copy!( + Sha256Object, + Sha256ObjectRef, + wc_Sha256, + drop_void(wc_Sha256Free) +); +define_foreign_type_no_copy!( + Sha384Object, + Sha384ObjectRef, + wc_Sha384, + drop_void(wc_Sha384Free) +); diff --git a/rustls-wolfcrypt-provider/src/verify/ecdsa.rs b/rustls-wolfcrypt-provider/src/verify/ecdsa.rs index 8b8c626..78065f2 100644 --- a/rustls-wolfcrypt-provider/src/verify/ecdsa.rs +++ b/rustls-wolfcrypt-provider/src/verify/ecdsa.rs @@ -5,7 +5,7 @@ use core::ptr; use foreign_types::ForeignType; use rustls::pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; use rustls::SignatureScheme; -use webpki::alg_id; +use rustls_pki_types::alg_id; use wolfcrypt_rs::*; /// A unified ECDSA verifier for P-256, P-384, and P-521. @@ -57,6 +57,7 @@ impl SignatureVerificationAlgorithm for EcdsaVerifier { message: &[u8], signature: &[u8], ) -> Result<(), InvalidSignature> { + // Verify length of the public key before doing any slicing. unsafe { // Initialize WolfSSL ECC key let mut ecc_c_type: ecc_key = mem::zeroed(); @@ -86,6 +87,11 @@ impl SignatureVerificationAlgorithm for EcdsaVerifier { _ => return Err(InvalidSignature), }; + let expected_len = 1 + 2 * skip_len; + if public_key.len() != expected_len { + return Err(InvalidSignature); + } + /* * Skipping first byte because rustls uses this format: * https://www.rfc-editor.org/rfc/rfc8446#section-4.2.8.2 diff --git a/rustls-wolfcrypt-provider/src/verify/eddsa.rs b/rustls-wolfcrypt-provider/src/verify/eddsa.rs index b7c132a..015392d 100644 --- a/rustls-wolfcrypt-provider/src/verify/eddsa.rs +++ b/rustls-wolfcrypt-provider/src/verify/eddsa.rs @@ -2,7 +2,7 @@ use crate::{error::check_if_zero, types::*}; use core::mem; use foreign_types::ForeignType; use rustls::pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; -use webpki::alg_id; +use rustls_pki_types::alg_id; use wolfcrypt_rs::*; #[derive(Debug)] diff --git a/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs b/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs index eafbd7c..3b5d7b3 100644 --- a/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs +++ b/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs @@ -7,7 +7,7 @@ use foreign_types::ForeignType; use rustls::pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; use core::ptr; -use webpki::alg_id; +use rustls_pki_types::alg_id; use wolfcrypt_rs::*; #[derive(Debug)] diff --git a/rustls-wolfcrypt-provider/src/verify/rsapss.rs b/rustls-wolfcrypt-provider/src/verify/rsapss.rs index 8de73ba..29ac311 100644 --- a/rustls-wolfcrypt-provider/src/verify/rsapss.rs +++ b/rustls-wolfcrypt-provider/src/verify/rsapss.rs @@ -5,7 +5,7 @@ use core::mem; use core::ptr; use foreign_types::ForeignType; use rustls::pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; -use webpki::alg_id; +use rustls_pki_types::alg_id; use wolfcrypt_rs::*; #[derive(Debug)] diff --git a/wolfcrypt-rs/Cargo.lock b/wolfcrypt-rs/Cargo.lock new file mode 100644 index 0000000..6feccc4 --- /dev/null +++ b/wolfcrypt-rs/Cargo.lock @@ -0,0 +1,299 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "bindgen" +version = "0.71.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" + +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + +[[package]] +name = "hybrid-array" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214" +dependencies = [ + "typenum", +] + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "libloading" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55" +dependencies = [ + "cfg-if", + "windows-link", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "typenum" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "wolfcrypt-rs" +version = "0.1.0" +dependencies = [ + "bindgen", + "sha2", +] diff --git a/wolfcrypt-rs/Cargo.toml b/wolfcrypt-rs/Cargo.toml index 3d1e6df..98a6fc0 100644 --- a/wolfcrypt-rs/Cargo.toml +++ b/wolfcrypt-rs/Cargo.toml @@ -8,6 +8,7 @@ std = [] [build-dependencies] bindgen = "0.71.1" +sha2 = "0.11.0" [profile.release] strip = true diff --git a/wolfcrypt-rs/build.rs b/wolfcrypt-rs/build.rs index df1ffff..e51f964 100644 --- a/wolfcrypt-rs/build.rs +++ b/wolfcrypt-rs/build.rs @@ -1,9 +1,9 @@ extern crate bindgen; +use sha2::{Digest, Sha256}; use std::env; use std::fs; -use std::io::{self, Result}; -use std::path::Path; +use std::io::{self, Read, Result}; use std::path::PathBuf; use std::process::Command; @@ -11,6 +11,7 @@ use std::process::Command; const WOLFSSL_DIR: &str = "wolfssl-5.7.6-stable"; const WOLFSSL_ZIP: &str = "wolfssl-5.7.6-stable.zip"; const WOLFSSL_URL: &str = "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v5.7.6-stable.zip"; +const WOLFSSL_SHA256: &str = "1aeb6e49222bb9d8cf012063f0dfc3f229084f24ce2b5740a2dcdb64d72b00bf"; /// Entry point for the build script. /// Handles the main build process and exits with an error code if anything fails. @@ -30,7 +31,8 @@ fn main() { /// /// Returns `Ok(())` if successful, or an error if any step fails. fn run_build() -> Result<()> { - if fs::metadata(WOLFSSL_DIR).is_err() { + let prefix = install_prefix(); + if fs::metadata(WOLFSSL_DIR).is_err() || fs::metadata(prefix.join("lib")).is_err() { setup_wolfssl()?; } @@ -47,9 +49,14 @@ fn run_build() -> Result<()> { /// 4. Writes the bindings to a file /// /// Returns `Ok(())` if successful, or an error if binding generation fails. +fn install_prefix() -> PathBuf { + PathBuf::from(env::var("OUT_DIR").unwrap()).join("wolfssl-install") +} + fn generate_bindings() -> Result<()> { - let wolfssl_lib_dir = Path::new("/opt/wolfssl-rs/lib/"); - let wolfssl_include_dir = Path::new("/opt/wolfssl-rs/include/"); + let prefix = install_prefix(); + let wolfssl_lib_dir = prefix.join("lib"); + let wolfssl_include_dir = prefix.join("include"); println!( "cargo:rustc-link-search={}", @@ -82,6 +89,7 @@ fn generate_bindings() -> Result<()> { /// Returns `Ok(())` if all steps complete successfully, or an error if any step fails. fn setup_wolfssl() -> Result<()> { download_wolfssl()?; + verify_download(WOLFSSL_ZIP, WOLFSSL_SHA256)?; unzip_wolfssl()?; remove_zip()?; build_wolfssl()?; @@ -113,6 +121,32 @@ fn download_wolfssl() -> Result<()> { Ok(()) } +/// Verifies the SHA-256 hash of a downloaded file against an expected value. +/// +/// Returns `Ok(())` if the hash matches, or an error if it doesn't. +fn verify_download(path: &str, expected_sha256: &str) -> Result<()> { + let mut file = fs::File::open(path)?; + let mut hasher = Sha256::new(); + let mut buf = [0u8; 8192]; + loop { + let n = file.read(&mut buf)?; + if n == 0 { + break; + } + hasher.update(&buf[..n]); + } + let hash = hasher.finalize(); + let hex: String = hash.iter().map(|b| format!("{:02x}", b)).collect(); + if hex != expected_sha256 { + return Err(io::Error::other(format!( + "SHA-256 mismatch: expected {}, got {}", + expected_sha256, hex + ))); + } + println!("SHA-256 verification passed."); + Ok(()) +} + /// Extracts the downloaded WolfSSL archive. /// /// Uses the unzip command to extract the contents of the downloaded ZIP file. @@ -120,7 +154,7 @@ fn download_wolfssl() -> Result<()> { /// /// Returns `Ok(())` if extraction succeeds, or an error if it fails. fn unzip_wolfssl() -> Result<()> { - let output = Command::new("unzip").arg(WOLFSSL_ZIP).output()?; + let output = Command::new("unzip").arg("-o").arg(WOLFSSL_ZIP).output()?; if !output.status.success() { return Err(io::Error::other(format!( @@ -157,6 +191,9 @@ fn build_wolfssl() -> Result<()> { env::set_current_dir(WOLFSSL_DIR)?; println!("Changed directory to {}.", WOLFSSL_DIR); + let prefix = install_prefix(); + let prefix_arg = format!("--prefix={}", prefix.to_str().unwrap()); + run_command("./autogen.sh", &[])?; run_command( "./configure", @@ -165,11 +202,11 @@ fn build_wolfssl() -> Result<()> { "--enable-all-crypto", "--enable-debug", "--disable-shared", - "--prefix=/opt/wolfssl-rs/", + &prefix_arg, ], )?; run_command("make", &[])?; - run_command("sudo", &["make", "install"])?; + run_command("make", &["install"])?; Ok(()) }