Extend AES minimal and rdseed examples

.gitignore

@@ -137,6 +137,8 @@ crypto/aes/aesctr-file-encrypt
 crypto/aes/aesgcm-file-encrypt
 crypto/aes/aesgcm-oneshot
 crypto/aes/aesgcm-minimal
+crypto/aes/aesgcm-file-encrypt-minimal
+crypto/aes/rdseed/aesgcm-rdseed
 crypto/camellia/camellia-encrypt
 crypto/pkcs12/pkcs12-create-example
 crypto/pkcs12/pkcs12-example

crypto/aes/Makefile

@@ -3,7 +3,7 @@ CFLAGS=-Wall
 WOLFSSL_INSTALL_DIR=/usr/local
 LIBS=-L$(WOLFSSL_INSTALL_DIR)/lib -lwolfssl -lm
 
-all: aes-file-encrypt aescfb-file-encrypt aesctr-file-encrypt aesgcm-file-encrypt aesgcm-oneshot aesgcm-minimal
+all: aes-file-encrypt aescfb-file-encrypt aesctr-file-encrypt aesgcm-file-encrypt aesgcm-file-encrypt-minimal aesgcm-oneshot aesgcm-minimal
 
 aes-file-encrypt: aes-file-encrypt.o
 	$(CC) -o $@ $^ $(CFLAGS) $(LIBS) 
@@ -23,7 +23,10 @@ aesgcm-oneshot: aesgcm-oneshot.o
 aesgcm-minimal: aesgcm-minimal.o
 	$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
 
+aesgcm-file-encrypt-minimal: aesgcm-file-encrypt-minimal.o
+	$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
+
 .PHONY: clean
 
 clean:
-	rm -f *.o aes-file-encrypt aescfb-file-encrypt aesctr-file-encrypt aesgcm-file-encrypt text* aesgcm-oneshot aesgcm-minimal
+	rm -f *.o aes-file-encrypt aescfb-file-encrypt aesctr-file-encrypt aesgcm-file-encrypt aesgcm-file-encrypt-minimal text* aesgcm-oneshot aesgcm-minimal

crypto/aes/aesgcm-file-encrypt-minimal.c

@@ -0,0 +1,206 @@
+/* aesgcm-file-encrypt-minimal.c
+ *
+ * Copyright (C) 2006-2026 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define KEY_SZ   AES_256_KEY_SIZE
+#define NONCE_SZ GCM_NONCE_MID_SZ
+#define TAG_SZ   AES_BLOCK_SIZE
+
+static int GenerateKeyAndIv(byte* key, byte* iv)
+{
+    WC_RNG rng;
+    int ret;
+
+    ret = wc_InitRng(&rng);
+    if (ret != 0) {
+        return ret;
+    }
+
+    ret = wc_RNG_GenerateBlock(&rng, key, KEY_SZ);
+    if (ret == 0) {
+        ret = wc_RNG_GenerateBlock(&rng, iv, NONCE_SZ);
+    }
+    wc_FreeRng(&rng);
+    return ret;
+}
+
+static int Encrypt(const byte* key, const byte* iv, const byte* plaintext,
+    word32 plaintextSz, byte* ciphertext, byte* tag)
+{
+    int ret;
+    Aes aes;
+
+    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_AesGcmSetKey(&aes, key, KEY_SZ);
+    }
+    if (ret == 0) {
+        ret = wc_AesGcmEncrypt(&aes, ciphertext, plaintext, plaintextSz, iv,
+            NONCE_SZ, tag, TAG_SZ, NULL, 0);
+    }
+    wc_AesFree(&aes);
+    return ret;
+}
+
+static int ReadFile(const char* path, byte** data, long* sz)
+{
+    FILE* file;
+    long fileSz;
+    byte* buf;
+
+    *data = NULL;
+    *sz = 0;
+
+    file = fopen(path, "rb");
+    if (file == NULL) {
+        return -1;
+    }
+
+    if (fseek(file, 0, SEEK_END) != 0) {
+        fclose(file);
+        return -1;
+    }
+    fileSz = ftell(file);
+    if (fileSz < 0) {
+        fclose(file);
+        return -1;
+    }
+    if (fseek(file, 0, SEEK_SET) != 0) {
+        fclose(file);
+        return -1;
+    }
+
+    buf = (byte*)malloc((size_t)fileSz);
+    if (buf == NULL && fileSz != 0) {
+        fclose(file);
+        return -1;
+    }
+
+    if (fileSz != 0 && fread(buf, 1, (size_t)fileSz, file) != (size_t)fileSz) {
+        free(buf);
+        fclose(file);
+        return -1;
+    }
+
+    fclose(file);
+    *data = buf;
+    *sz = fileSz;
+    return 0;
+}
+
+static int WriteFile(const char* path, const byte* iv, const byte* tag,
+    const byte* ciphertext, long ciphertextSz)
+{
+    FILE* file;
+
+    file = fopen(path, "wb");
+    if (file == NULL) {
+        return -1;
+    }
+
+    if (fwrite(iv, 1, NONCE_SZ, file) != NONCE_SZ ||
+        fwrite(tag, 1, TAG_SZ, file) != TAG_SZ ||
+        (ciphertextSz != 0 &&
+         fwrite(ciphertext, 1, (size_t)ciphertextSz, file) !=
+             (size_t)ciphertextSz)) {
+        fclose(file);
+        return -1;
+    }
+
+    fclose(file);
+    return 0;
+}
+
+static void print_hex(const char* label, const byte* data, word32 sz)
+{
+    int i;
+    printf("%s: ", label);
+    for (i = 0; i < sz; i++) {
+        printf("%02x", data[i]);
+    }
+    printf("\n");
+}
+
+int main(int argc, char** argv)
+{
+    byte key[KEY_SZ];
+    byte iv[NONCE_SZ];
+    byte tag[TAG_SZ];
+    byte* plaintext = NULL;
+    byte* ciphertext = NULL;
+    long plaintextSz = 0;
+    int ret = 1;
+
+    if (argc != 3) {
+        printf("Usage: %s <input-file> <output-file>\n", argv[0]);
+        return 1;
+    }
+
+    if (ReadFile(argv[1], &plaintext, &plaintextSz) != 0) {
+        printf("Failed to read input file: %s\n", argv[1]);
+        return 1;
+    }
+
+    ciphertext = (byte*)malloc((size_t)plaintextSz);
+    if (ciphertext == NULL && plaintextSz != 0) {
+        printf("Failed to allocate ciphertext buffer\n");
+        goto exit;
+    }
+
+    ret = GenerateKeyAndIv(key, iv);
+    if (ret != 0) {
+        printf("Key/IV generation failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = Encrypt(key, iv, plaintext, (word32)plaintextSz, ciphertext, tag);
+    if (ret != 0) {
+        printf("Encryption failed: %d\n", ret);
+        goto exit;
+    }
+
+    if (WriteFile(argv[2], iv, tag, ciphertext, plaintextSz) != 0) {
+        printf("Failed to write output file: %s\n", argv[2]);
+        ret = 1;
+        goto exit;
+    }
+
+    print_hex("Key", key, sizeof(key));
+    print_hex("IV", iv, sizeof(iv));
+    print_hex("Tag", tag, sizeof(tag));
+    printf("Wrote %ld bytes of ciphertext to %s\n", plaintextSz, argv[2]);
+    printf("Output format: IV || TAG || ciphertext\n");
+    ret = 0;
+
+exit:
+    free(ciphertext);
+    free(plaintext);
+    return ret;
+}

crypto/aes/aesgcm-minimal.c

@@ -23,7 +23,6 @@
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 
 #include <stdio.h>
@@ -33,58 +32,12 @@
 #define NONCE_SZ GCM_NONCE_MID_SZ
 #define TAG_SZ   AES_BLOCK_SIZE
 
-/* Optional setup path: seed wolfSSL RNG via RDSEED when available. */
-#if defined(__x86_64__)
-    #define RDSEED_ENABLED 1
-#endif
-
-#if defined(WC_RNG_SEED_CB) && defined(RDSEED_ENABLED)
-#include <immintrin.h>
-
-/* wc_RngSeed_Cb: feed wolfSSL DRBG seed using RDSEED. */
-__attribute__((target("rdseed")))
-static int RdseedSeedCb(OS_Seed* os, byte* seed, word32 sz)
-{
-    word32 i = 0;
-    (void)os;
-
-    while (i < sz) {
-        unsigned long long v = 0;
-        int ok = 0;
-        int tries;
-        word32 n;
-
-        for (tries = 0; tries < 16; tries++) {
-            if (_rdseed64_step(&v)) {
-                ok = 1;
-                break;
-            }
-        }
-        if (!ok) {
-            return RNG_FAILURE_E;
-        }
-
-        n = (sz - i < (word32)sizeof(v)) ? (sz - i) : (word32)sizeof(v);
-        memcpy(seed + i, &v, n);
-        i += n;
-    }
-    return 0;
-}
-#endif
-
 static int GenerateKeyAndIv(byte* key, byte* iv)
 {
     WC_RNG rng;
     int ret;
 
-    /* Setup: initialize RNG and (optionally) override seed source. */
-#if defined(WC_RNG_SEED_CB) && defined(RDSEED_ENABLED)
-    wc_SetSeed_Cb(RdseedSeedCb);
     ret = wc_InitRng(&rng);
-    wc_SetSeed_Cb(NULL);
-#else
-    ret = wc_InitRng(&rng);
-#endif
     if (ret != 0) {
         return ret;
     }
@@ -137,8 +90,9 @@ static int Decrypt(const byte* key, const byte* iv, const byte* ciphertext,
 
 void print_hex(const char* label, const byte* data, word32 sz)
 {
+    int i;
     printf("%s: ", label);
-    for (word32 i = 0; i < sz; i++) {
+    for (i = 0; i < sz; i++) {
         printf("%02x", data[i]);
     }
     printf("\n");

crypto/aes/rdseed/Makefile

@@ -0,0 +1,14 @@
+CC=gcc
+CFLAGS=-Wall -DWOLFSSL_USER_SETTINGS -I.
+WOLFSSL_INSTALL_DIR=/usr/local
+LIBS=-L$(WOLFSSL_INSTALL_DIR)/lib -lwolfssl -lm
+
+all: aesgcm-rdseed
+
+aesgcm-rdseed: aesgcm-rdseed.o
+	$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
+
+.PHONY: clean
+
+clean:
+	rm -f *.o aesgcm-rdseed