Rust wrapper: add signature implementations

Author: holtrop-wolfssl

wrapper/rust/wolfssl-wolfcrypt/Cargo.lock

@@ -16,18 +16,21 @@ rand_core = ["dep:rand_core"]
 aead = ["dep:aead"]
 cipher = ["dep:cipher"]
 digest = ["dep:digest"]
+signature = ["dep:signature"]
 
 [dependencies]
 rand_core = { version = "0.10", optional = true, default-features = false }
 aead = { version = "0.5", optional = true, default-features = false }
 cipher = { version = "0.5", optional = true, default-features = false }
 digest = { version = "0.11", optional = true, default-features = false, features = ["block-api"] }
+signature = { version = "2.2", optional = true, default-features = false }
 zeroize = { version = "1.3", default-features = false, features = ["derive"] }
 
 [dev-dependencies]
 aead = { version = "0.5", features = ["alloc", "dev"] }
 cipher = "0.5"
 digest = { version = "0.11", features = ["dev"] }
+signature = "2.2"
 
 [build-dependencies]
 bindgen = "0.72.1"

wrapper/rust/wolfssl-wolfcrypt/Cargo.toml

@@ -1,4 +1,4 @@
-FEATURES := rand_core,aead,cipher,digest
+FEATURES := rand_core,aead,cipher,digest,signature
 CARGO_FEATURE_FLAGS := --features $(FEATURES)
 
 .PHONY: all

wrapper/rust/wolfssl-wolfcrypt/Makefile

@@ -433,6 +433,22 @@ fn scan_cfg() -> Result<()> {
     check_cfg(&binding, "wc_RNG_DRBG_Reseed", "random_hashdrbg");
     check_cfg(&binding, "wc_InitRng", "random");
 
+    // When WOLFSSL_NO_MALLOC is set without WOLFSSL_STATIC_MEMORY, the
+    // WC_RNG struct contains an inline `drbg_data` field and wolfCrypt sets
+    // `rng->drbg = &rng->drbg_data` — a self-referential pointer.  Rust
+    // moves values by memcpy, which would silently invalidate that pointer.
+    // Detect this configuration and refuse to build.
+    if binding.contains("drbg_data") {
+        eprintln!(
+            "error: wolfSSL appears to be built with WOLFSSL_NO_MALLOC \
+             (without WOLFSSL_STATIC_MEMORY). This embeds a self-referential \
+             pointer inside WC_RNG (drbg -> drbg_data) that is incompatible \
+             with Rust move semantics. Please rebuild wolfSSL without \
+             WOLFSSL_NO_MALLOC, or enable WOLFSSL_STATIC_MEMORY."
+        );
+        std::process::exit(1);
+    }
+
     /* rsa */
     check_cfg(&binding, "wc_InitRsaKey", "rsa");
     check_cfg(&binding, "wc_RsaDirect", "rsa_direct");

wrapper/rust/wolfssl-wolfcrypt/build.rs

@@ -296,7 +296,7 @@ impl Drop for ECCPoint {
 /// `import_x963_ex()`, `import_private_key()`, `import_private_key_ex()`,
 /// `import_raw()`, or `import_raw_ex()`.
 pub struct ECC {
-    wc_ecc_key: sys::ecc_key,
+    pub(crate) wc_ecc_key: sys::ecc_key,
 }
 
 #[cfg(ecc_curve_ids)]