Rust wrapper: add rand_core, aead, cipher trait implementations#10070
Merged
dgarske merged 6 commits intowolfSSL:masterfrom Apr 13, 2026
Merged
Rust wrapper: add rand_core, aead, cipher trait implementations#10070dgarske merged 6 commits intowolfSSL:masterfrom
dgarske merged 6 commits intowolfSSL:masterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends the wolfssl-wolfcrypt Rust wrapper with trait implementations from common ecosystem crates (rand_core, aead, cipher) to improve interoperability with existing Rust crypto APIs.
Changes:
- Add optional crate features and dependencies for
rand_core,aead, andcipher. - Implement
rand_coreRNG traits forRNG, plusaead/ciphertrait adapters for ChaCha20-Poly1305/XChaCha20-Poly1305 and multiple AES modes. - Add new unit tests covering the new trait-based APIs, and update the wrapper Makefile to build/test with these features enabled.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| wrapper/rust/wolfssl-wolfcrypt/src/random.rs | Adds rand_core trait implementation for RNG. |
| wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs | Adds aead trait adapter types for ChaCha20-Poly1305 and XChaCha20-Poly1305; adjusts XChaCha struct form. |
| wrapper/rust/wolfssl-wolfcrypt/src/aes.rs | Adds aead adapters for AES-GCM/CCM and cipher adapters for AES ECB/CBC and stream modes (CTR/OFB). |
| wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs | Adds tests validating rand_core trait behavior on RNG. |
| wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs | Adds aead-trait tests for ChaCha20-Poly1305 and XChaCha20-Poly1305. |
| wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs | Adds aead and cipher trait tests for AES modes (GCM/CCM, ECB/CBC, CTR/OFB). |
| wrapper/rust/wolfssl-wolfcrypt/Cargo.toml | Declares new optional features/dependencies and dev-dependencies for tests. |
| wrapper/rust/wolfssl-wolfcrypt/Makefile | Builds/tests/docs with the new features enabled by default. |
| wrapper/rust/wolfssl-wolfcrypt/Cargo.lock | Locks newly introduced dependency graph entries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
Author
|
retest this please (Calling Pipeline was cancelled) |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 9 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gasbytes
reviewed
Mar 26, 2026
…peration maximum length
gasbytes
approved these changes
Mar 26, 2026
dgarske
requested changes
Apr 9, 2026
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: REQUEST_CHANGES
Findings: 8 total — 6 posted, 2 skipped
Posted findings
- [High]
check_remainingno-op allows silentlen as u32truncation in StreamCipher impls —wrapper/rust/wolfssl-wolfcrypt/src/aes.rs:3250-3252 - [Medium] AEAD key wrapper structs do not zeroize key material on Drop —
wrapper/rust/wolfssl-wolfcrypt/src/aes.rs:499-501 - [Medium] GCM/CCM AEAD wrappers re-initialize crypto context on every operation —
wrapper/rust/wolfssl-wolfcrypt/src/aes.rs:1587-1611 - [Medium]
TryRng::try_fill_bytespanics on wolfCrypt RNG failure instead of returning error —wrapper/rust/wolfssl-wolfcrypt/src/random.rs:401-403 - [Low] ~1000 lines of near-identical boilerplate for AES key-size variants —
wrapper/rust/wolfssl-wolfcrypt/src/aes.rs:2882-3885 - [Low] AEAD GCM/CCM
buffer.len() as u32truncates silently for buffers > 4GB —wrapper/rust/wolfssl-wolfcrypt/src/aes.rs:1601
Skipped findings
- [Medium] XChaCha20Poly1305Aead has undocumented 4096-byte message limit with large stack allocation
- [Low] Missing AES-192 variants for GCM/CCM AEAD trait implementations
Review generated by Skoll via openclaw
dgarske
approved these changes
Apr 13, 2026
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Merging and @holtrop-wolfssl will followup with recommended fixes (already in another branch).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds APIs which implement the traits in the rand_core, aead, and cipher crates.
This makes our crate more compatible with the rest of the Rust ecosystem.
Testing
Unit tests
Checklist