Update wolfssl-wolfcrypt Rust crate to v2.0.0

This commit is contained in:
Josh Holtrop
2026-06-08 10:14:24 -04:00
parent 8fca95ce65
commit 243926f5da
4 changed files with 65 additions and 3 deletions
@@ -1,5 +1,31 @@
# wolfssl-wolfcrypt Change Log
## v2.0.0
New features:
- Add RustCrypto trait support: digest, signature, mac, cipher, aead, rand_core,
kem, and password-hash traits
- Add RSA-OAEP API
- Add scrypt KDF support and scrypt password-hash trait implementation
- Add BLAKE2 digest module (blake2_digest)
- Add BLAKE2 MAC module (blake2_mac)
- Add Aes192Ccm and Aes192Gcm
- Implement Clone for HMAC types
- Improve cross-compilation and bare-metal target support in build.rs
Fixes and improvements:
- LMS fixes and improvements
- Replace Lms::sigs_left() with Lms::has_sigs_left()
- Fix CFB::encrypt1 and CFB::decrypt1 to take size in bits
- Dilithium: fix context-length API to take length in bytes
- Handle MAC_CMP_FAILED_E from CMAC::verify{,_ex}()
- Numerous memory-safety, zeroization, and buffer-length validation hardening
fixes (zeroize structs on drop, check slice/buffer length conversions, avoid
uninitialized and overlapping buffers, fix possible ECC resource leaks)
- Document minimum wolfSSL version requirement
## v1.2.0
- Add LMS wrapper (wolfssl_wolfcrypt::lms module)
+1 -1
View File
@@ -485,7 +485,7 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
[[package]]
name = "wolfssl-wolfcrypt"
version = "1.2.0"
version = "2.0.0"
dependencies = [
"aead",
"bindgen",
+1 -1
View File
@@ -1,6 +1,6 @@
[package]
name = "wolfssl-wolfcrypt"
version = "1.2.0"
version = "2.0.0"
edition = "2024"
description = "Rust wrapper for wolfssl C library cryptographic functionality"
license = "GPL-3.0"
+37 -1
View File
@@ -5,6 +5,12 @@ algorithms portion of the wolfSSL C library.
This crate requires wolfSSL version 5.9.0 or newer.
The crate uses `no_std` so that no Rust standard library is required.
This makes it well-suited for embedded/bare-metal environments.
There is an optional `alloc` feature that enables APIs which require heap
allocation.
## Installation
The `wolfssl` C library must be installed to be used by the Rust crate.
@@ -16,7 +22,7 @@ For example:
```
[dependencies]
wolfssl-wolfcrypt = "1.0"
wolfssl-wolfcrypt = "2.0"
```
## API Coverage
@@ -44,6 +50,7 @@ functionality:
* PRF
* RNG
* RSA
* scrypt
* SHA
* SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384,
SHA3-512, SHAKE128, SHAKE256
@@ -51,6 +58,35 @@ functionality:
* SSH KDF
* TLSv1.3 HKDF
## RustCrypto Trait Support
In addition to its native API, this crate can implement the common
[RustCrypto](https://github.com/RustCrypto) traits for wolfCrypt-backed types.
Each set of trait implementations is gated behind a Cargo feature so that
projects only pull in the dependencies they need. All features are off by
default.
| Feature | RustCrypto crate | wolfCrypt types |
| --------------- | ---------------- | ------------------------------------- |
| `digest` | `digest` | SHA (sha_digest), BLAKE2 (blake2_digest) |
| `mac` | `digest` (mac) | HMAC (hmac_mac), CMAC (cmac_mac), BLAKE2 (blake2_mac) |
| `signature` | `signature` | ECDSA (ecdsa), RSA PKCS#1 v1.5 (rsa_pkcs1v15) |
| `cipher` | `cipher` | AES (aes) |
| `aead` | `aead` | AES-GCM/CCM/EAX (aes), ChaCha20-Poly1305 |
| `rand_core` | `rand_core` | RNG (random) |
| `kem` | `kem` | ML-KEM (mlkem_kem) |
| `password-hash` | `password-hash` | PBKDF2 (pbkdf2_password_hash), scrypt (scrypt_password_hash) |
The BLAKE2, CMAC, and HMAC trait modules additionally require the corresponding
algorithm support to be enabled in the wolfSSL C library.
Enable features in your `Cargo.toml`, for example:
```
[dependencies]
wolfssl-wolfcrypt = { version = "2.0", features = ["digest", "signature"] }
```
## Build Notes
### WOLFSSL_PREFIX