1

(3 replies, posted in wolfSSL)

Hello Kareem,

One more update.

Steps to reproduce the issue
1. Clone the wolfssl version 5.6.3-stable version.
2. Trigger ./autogen.sh
3. Trigger below configure command
configure --host=arm-linux-gnueabihf --prefix=/home/wolfssl --disable-dependency-tracking --enable-static --enable-opensslall --enable-pkcs7 --enable-debug --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-asyncthreads --disable-ocsp --disable-rsa --disable-hashdrbg --disable-base64encode --disable-supportedcurves --disable-memory --disable-tlsv12 --disable-aesgcm --disable-pkcs12 --enable-sys-ca-certs=no --enable-error-queue-per-thread=no --enable-x963kdf=no --enable-pwdbased=no --enable-oldnames=no --enable-filesystem=no --enable-debug=no CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER -DNO_TLS -DNO_SHA -DNO_PWDBASED -DNO_SESSION_CACHE -DSMALL_SESSION_CACHE -DNO_DEV_URANDOM -DWOLFSSL_NO_SIGALG -DWOLFSSL_SP_NO_2048 -DWOLFSSL_SP_NO_3072 -DWOLFSSL_SP_NO_256 -DNO_RESUME_SUITE_CHECK -DWOLFSSL_AEAD_ONLY -DNO_FILESYSTEM -DNO_ASN_TIME -DNO_WOLSSL_IO -fPIC -fshort-wchar -fstack-check=no -fstack-protector-explicit -Wp,-U_FORTIFY_SOURCE -Os -flto=auto -ffat-lto-objects -flto-partition=balanced -fuse-linker-plugin -ffunction-sections -fdata-sections -Wl,--gc-sections -DSESSION_CERTS -DHAVE_ECC_DHE -Wp,-UHAVE_ERRNO_H -Wp,-UXINET_PTON -DWOLFSSL_USER_IO -DNO_FILESYSTEM -Wp,-UCloseSocket -DCTYPE_USER -DOPENSSL_EXTRA_X509_SMALL" CXXFLAGS="" LDFLAGS=""
4. Using arm gnu toolchain 11.3.0

Regards
Anika

2

(3 replies, posted in wolfSSL)

Hello Kareem

Config.log file is not getting generated as compilation of wolfssl fails durimg configure command only.
Also, as suggested by you I have used same comamnd for arm arch with WOLFSSL version 5.6.4 and observes same error.

Error:
configure: Generating user options header...
checking for wolfssl/openssl/aes.h... no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

Command:
configure --host=arm-linux-gnueabihf --prefix=/home/wolfssl --disable-dependency-tracking --enable-static --enable-opensslall --enable-pkcs7 --enable-debug --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-asyncthreads --disable-ocsp --disable-rsa --disable-hashdrbg --disable-base64encode --disable-supportedcurves --disable-memory --disable-tlsv12 --disable-aesgcm --disable-pkcs12 --enable-sys-ca-certs=no --enable-error-queue-per-thread=no --enable-x963kdf=no --enable-pwdbased=no --enable-oldnames=no --enable-filesystem=no --enable-debug=no CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER -DNO_TLS -DNO_SHA -DNO_PWDBASED -DNO_SESSION_CACHE -DSMALL_SESSION_CACHE -DNO_DEV_URANDOM -DWOLFSSL_NO_SIGALG -DWOLFSSL_SP_NO_2048 -DWOLFSSL_SP_NO_3072 -DWOLFSSL_SP_NO_256 -DNO_RESUME_SUITE_CHECK -DWOLFSSL_AEAD_ONLY -DNO_FILESYSTEM -DNO_ASN_TIME -DNO_WOLSSL_IO -fPIC -fshort-wchar -fstack-check=no -fstack-protector-explicit -Wp,-U_FORTIFY_SOURCE -Os -flto=auto -ffat-lto-objects -flto-partition=balanced -fuse-linker-plugin -ffunction-sections -fdata-sections -Wl,--gc-sections -DSESSION_CERTS -DHAVE_ECC_DHE -Wp,-UHAVE_ERRNO_H -Wp,-UXINET_PTON -DWOLFSSL_USER_IO -DNO_FILESYSTEM -Wp,-UCloseSocket -DCTYPE_USER -DOPENSSL_EXTRA_X509_SMALL" CXXFLAGS="" LDFLAGS=""

Thanks,
Anika

3

(3 replies, posted in wolfSSL)

Hello All,

We are using WOLFSSL version 5.6.3-stable.
Compiling the wolfssl for x86 and arm arch and we are facing the compilation issue on enabling RNG.

Configure command that we are using to compile wolfssl for x86 arch:
./configure  --prefix=/home/wolfssl/ --enable-static --enable-opensslall --enable-pkcs7 --enable-debug --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-asyncthreads --disable-ocsp --disable-rsa --disable-hashdrbg --disable-base64encode --disable-supportedcurves --disable-memory --disable-tlsv12 --disable-aesgcm --disable-pkcs12 CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER -DNO_TLS -DNO_SHA -DNO_PWDBASED -DNO_SESSION_CACHE -DSMALL_SESSION_CACHE -DNO_DEV_URANDOM -DWOLFSSL_NO_SIGALG -DWOLFSSL_SP_NO_2048 -DWOLFSSL_SP_NO_3072 -DWOLFSSL_SP_NO_256 -DNO_RESUME_SUITE_CHECK -DWOLFSSL_AEAD_ONLY -DNO_FILESYSTEM -DNO_ASN_TIME -DNO_WOLSSL_IO -fPIC"

For arm arch:
./configure --host=arm-linux-gnueabihf --prefix=/home/wolfssl --disable-dependency-tracking --enable-static --enable-opensslall --enable-pkcs7 --enable-debug --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-asyncthreads --disable-ocsp --disable-rsa --disable-hashdrbg --disable-base64encode --disable-supportedcurves --disable-memory --disable-tlsv12 --disable-aesgcm --disable-pkcs12  --srcdir=/home/anika/git/linux-kernel/bootloader/wolfssl/wolfssl --enable-sys-ca-certs=no --enable-error-queue-per-thread=no --enable-x963kdf=no --enable-pwdbased=no --enable-oldnames=no --enable-filesystem=no --enable-debug=no CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER -DNO_TLS -DNO_SHA -DNO_PWDBASED -DNO_SESSION_CACHE -DSMALL_SESSION_CACHE -DNO_DEV_URANDOM -DWOLFSSL_NO_SIGALG -DWOLFSSL_SP_NO_2048 -DWOLFSSL_SP_NO_3072 -DWOLFSSL_SP_NO_256 -DNO_RESUME_SUITE_CHECK -DWOLFSSL_AEAD_ONLY -DNO_FILESYSTEM -DNO_ASN_TIME -DNO_WOLSSL_IO -fPIC -fshort-wchar -fstack-check=no -fstack-protector-explicit -Wp,-U_FORTIFY_SOURCE -Os -flto=auto -ffat-lto-objects -flto-partition=balanced -fuse-linker-plugin -ffunction-sections -fdata-sections -Wl,--gc-sections -DSESSION_CERTS -DHAVE_ECC_DHE -Wp,-UHAVE_ERRNO_H -Wp,-UXINET_PTON -DWOLFSSL_USER_IO -DNO_FILESYSTEM -Wp,-UCloseSocket -DCTYPE_USER -DOPENSSL_EXTRA_X509_SMALL" CXXFLAGS="" LDFLAGS=""

Error: configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h

Please let us know whether we need to enable any new config?

Regards
Anika

4

(1 replies, posted in wolfSSL)

Hi,

I'm working on a project in that I've optimized wolfssl source code according to project requirements.Basically I want to contribute my changes into WolfSSL code.

In that change I've added new enable flag for BIO Chaining and PKCS7 functionality. I know opensslall flag also provides same but with my new flag size of wolfssl lib is 250KB lesser than lib with opensslall flag.


Please let me know steps to raise pull request on WolfSSL git.


Thanks,
Anika

Hello All,

We are using WOLFSSL release branch with v5.5.4.0.
Just want to confirm whether this is the stable release branch or some changes are still undergoing on it?

Thank you for your repsonse.
It really helps.

OPENSSL provide CMS_get1_certs API to extract siner certiicate from CMS signature without performing verification.
Is there any  API In wolfssl which provide similar functionality?

Hello,

Is there any WOLFSSL API present to exatract signer Certificate from CMS signature without performing verification?
We checked wolfssl code and found this "wolfSSL_X509_STORE_GetCerts" API but it works on store.

Just want to know is there any API in which we can pass cms signature and extract signer certificate using wolfssl?

Hello Eric,

Thank you for quick response.
For BIO chaining we must need "--enable-opensslall", whereas "--enable-opensslall" and "--enable-cryptonly" flags are not compatible and can not be used together.
So, if we disable opensslall and enable cryptonly flag as shown in below configure comamnd we are facing compilation issues.

./configure --prefix=/home/mangal/test_work/fresh_wolf/wolfssl_test/ --enable-static --enable-pkcs7 --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-pkcs11 --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-crypttests --disable-asyncthreads --disable-oldnames --disable-ocsp --disable-rsa --disable-rsapss --disable-fastmath --disable-shared --enable-cryptonly


Compilation Issues:
hm_sigfw_verify.c:925:13: warning: implicit declaration of function ‘wolfSSL_OPENSSL_free’; did you mean ‘wolfSSL_SESSION_free’? [-Wimplicit-function-declaration]
  925 |             wolfSSL_OPENSSL_free( ctx->buf );
      |             ^~~~~~~~~~~~~~~~~~~~
      |             wolfSSL_SESSION_free
hm_sigfw_verify.c: In function ‘hmsigfw_bio_sig_ctrl’:
hm_sigfw_verify.c:1354:14: error: ‘BIO_CTRL_RESET’ undeclared (first use in this function)
1354 |         case BIO_CTRL_RESET:
      |              ^~~~~~~~~~~~~~
hm_sigfw_verify.c:1354:14: note: each undeclared identifier is reported only once for each function it appears in
hm_sigfw_verify.c:1359:14: error: ‘BIO_CTRL_EOF’ undeclared (first use in this function)
1359 |         case BIO_CTRL_EOF:         /* More to read */
      |              ^~~~~~~~~~~~
hm_sigfw_verify.c:1383:13: error: ‘BIO_CTRL_DUP’ undeclared (first use in this function)
1383 |        case BIO_CTRL_DUP:
      |             ^~~~~~~~~~~~
hm_sigfw_verify.c:1384:13: error: ‘BIO_CTRL_WPENDING’ undeclared (first use in this function)
1384 |        case BIO_CTRL_WPENDING:    /* More to write in buffer */
      |             ^~~~~~~~~~~~~~~~~
hm_sigfw_verify.c:1385:13: error: ‘BIO_CTRL_PENDING’ undeclared (first use in this function)
1385 |        case BIO_CTRL_PENDING:     /* More to read in buffer */
      |             ^~~~~~~~~~~~~~~~
hm_sigfw_verify.c:1386:13: error: ‘BIO_CTRL_FLUSH’ undeclared (first use in this function)
1386 |        case BIO_CTRL_FLUSH:       /* Finally flush the underlying BIO */
      |             ^~~~~~~~~~~~~~
hm_sigfw_verify.c:1387:13: error: ‘BIO_CTRL_INFO’ undeclared (first use in this function)
1387 |        case BIO_CTRL_INFO:
      |             ^~~~~~~~~~~~~
hm_sigfw_verify.c:1388:13: error: ‘BIO_CTRL_GET’ undeclared (first use in this function)
1388 |        case BIO_CTRL_GET:
      |             ^~~~~~~~~~~~
hm_sigfw_verify.c:1389:13: error: ‘BIO_CTRL_SET’ undeclared (first use in this function)
1389 |        case BIO_CTRL_SET:
      |             ^~~~~~~~~~~~
hm_sigfw_verify.c:1390:13: error: ‘BIO_CTRL_PUSH’ undeclared (first use in this function)
1390 |        case BIO_CTRL_PUSH:
      |             ^~~~~~~~~~~~~
hm_sigfw_verify.c: In function ‘hmsigfw_bio_set_file_type’:
hm_sigfw_verify.c:1608:9: warning: implicit declaration of function ‘wolfSSL_BIO_set_fp’; did you mean ‘wolfSSL_BIO_set_fd’? [-Wimplicit-function-declaration]
1608 |     if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
      |         ^~~~~~~~~~~~~~~~~~
      |         wolfSSL_BIO_set_fd
hm_sigfw_verify.c:1608:35: error: ‘BIO_CLOSE’ undeclared (first use in this function)
1608 |     if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
      |                                   ^~~~~~~~~
hm_sigfw_verify.c: In function ‘hm_load_ca_chain’:
hm_sigfw_verify.c:1833:27: warning: implicit declaration of function ‘STACK_OF’ [-Wimplicit-function-declaration]
1833 |    /*STACK_OF(X509_INFO)*/STACK_OF(WOLFSSL_X509_INFO) *xis = NULL; /* This is a stack variable, where CA chain certifcates are pushed.*/
      |                           ^~~~~~~~
hm_sigfw_verify.c:1833:36: error: expected expression before ‘WOLFSSL_X509_INFO’
1833 |    /*STACK_OF(X509_INFO)*/STACK_OF(WOLFSSL_X509_INFO) *xis = NULL; /* This is a stack variable, where CA chain certifcates are pushed.*/
      |                                    ^~~~~~~~~~~~~~~~~
hm_sigfw_verify.c:1833:56: error: ‘xis’ undeclared (first use in this function)
1833 |    /*STACK_OF(X509_INFO)*/STACK_OF(WOLFSSL_X509_INFO) *xis = NULL; /* This is a stack variable, where CA chain certifcates are pushed.*/
      |                                                        ^~~
hm_sigfw_verify.c:1852:11: warning: implicit declaration of function ‘wolfSSL_BIO_new_file’; did you mean ‘wolfSSL_BIO_new_fd’? [-Wimplicit-function-declaration]
1852 |     bio = wolfSSL_BIO_new_file(file, "r");
      |           ^~~~~~~~~~~~~~~~~~~~
      |           wolfSSL_BIO_new_fd
hm_sigfw_verify.c:1852:9: warning: assignment to ‘WOLFSSL_BIO *’ {aka ‘struct WOLFSSL_BIO *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
1852 |     bio = wolfSSL_BIO_new_file(file, "r");
      |         ^
hm_sigfw_verify.c:1859:13: warning: implicit declaration of function ‘wolfSSL_PEM_X509_INFO_read_bio’ [-Wimplicit-function-declaration]
1859 |       xis = wolfSSL_PEM_X509_INFO_read_bio(bio, NULL,
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hm_sigfw_verify.c:1868:19: warning: implicit declaration of function ‘wolfSSL_sk_X509_new’; did you mean ‘wolfSSL_X509_new’? [-Wimplicit-function-declaration]
1868 |         *pcerts = wolfSSL_sk_X509_new();
      |                   ^~~~~~~~~~~~~~~~~~~
      |                   wolfSSL_X509_new
hm_sigfw_verify.c:1868:17: warning: assignment to ‘WOLFSSL_STACK *’ {aka ‘struct WOLFSSL_STACK *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
1868 |         *pcerts = wolfSSL_sk_X509_new();
      |                 ^
hm_sigfw_verify.c:1874:58: warning: implicit declaration of function ‘wolfSSL_sk_X509_INFO_num’; did you mean ‘wolfSSL_sk_X509_CRL_num’? [-Wimplicit-function-declaration]
1874 |         for (index = 0; index < /*sk_X509_INFO_num(xis)*/wolfSSL_sk_X509_INFO_num(xis); index++)
      |                                                          ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                                          wolfSSL_sk_X509_CRL_num
hm_sigfw_verify.c:1877:18: warning: implicit declaration of function ‘wolfSSL_sk_X509_INFO_value’; did you mean ‘wolfSSL_sk_X509_CRL_value’? [-Wimplicit-function-declaration]
1877 |             xi = wolfSSL_sk_X509_INFO_value(xis, index);
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                  wolfSSL_sk_X509_CRL_value
hm_sigfw_verify.c:1894:5: warning: implicit declaration of function ‘wolfSSL_sk_X509_INFO_pop_free’; did you mean ‘wolfSSL_sk_X509_CRL_pop_free’? [-Wimplicit-function-declaration]
1894 |     wolfSSL_sk_X509_INFO_pop_free(xis, wolfSSL_X509_INFO_free);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |     wolfSSL_sk_X509_CRL_pop_free
hm_sigfw_verify.c:1894:40: error: ‘wolfSSL_X509_INFO_free’ undeclared (first use in this function); did you mean ‘wolfSSL_X509_CRL_free’?
1894 |     wolfSSL_sk_X509_INFO_pop_free(xis, wolfSSL_X509_INFO_free);
      |                                        ^~~~~~~~~~~~~~~~~~~~~~
      |                                        wolfSSL_X509_CRL_free
hm_sigfw_verify.c:1898:9: warning: implicit declaration of function ‘wolfSSL_sk_X509_pop_free’; did you mean ‘wolfSSL_sk_X509_CRL_free’? [-Wimplicit-function-declaration]
1898 |         wolfSSL_sk_X509_pop_free(*pcerts, wolfSSL_X509_free);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         wolfSSL_sk_X509_CRL_free
hm_sigfw_verify.c: At top level:
hm_sigfw_verify.c:1925:28: error: unknown type name ‘PKCS7’
1925 | int my_verify_signer_certs(PKCS7* pkcs7,WOLFSSL_STACK* certs,WOLFSSL_X509_STORE* store, int flags)
      |                            ^~~~~
hm_sigfw_verify.c:1981:1: error: unknown type name ‘PKCS7’
1981 | PKCS7* my_d2i_pkcs7_bio(WOLFSSL_BIO* bio, PKCS7** p7,char *data_s, long unsigned len)
      | ^~~~~
hm_sigfw_verify.c:1981:43: error: unknown type name ‘PKCS7’
1981 | PKCS7* my_d2i_pkcs7_bio(WOLFSSL_BIO* bio, PKCS7** p7,char *data_s, long unsigned len)
      |                                           ^~~~~
hm_sigfw_verify.c: In function ‘hmapi_cms_signature_verify’:
hm_sigfw_verify.c:2054:5: error: unknown type name ‘PKCS7’
2054 |     PKCS7 *pkcs7 = NULL;
      |     ^~~~~
hm_sigfw_verify.c:2058:5: error: unknown type name ‘WOLFSSL_PKCS7’; did you mean ‘WOLFSSL_OCSP’?
2058 |     WOLFSSL_PKCS7* p7;
      |     ^~~~~~~~~~~~~
      |     WOLFSSL_OCSP
hm_sigfw_verify.c:2076:31: warning: assignment to ‘WOLFSSL_BIO *’ {aka ‘struct WOLFSSL_BIO *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
2076 |         tbio                  = wolfSSL_BIO_new_file(signer_ca_file_path, "r");
      |                               ^
hm_sigfw_verify.c:2090:19: warning: implicit declaration of function ‘wolfSSL_PEM_read_bio_X509’; did you mean ‘wolfSSL_get_chain_X509’? [-Wimplicit-function-declaration]
2090 |         ca_cert = wolfSSL_PEM_read_bio_X509(tbio, NULL, 0, NULL);
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                   wolfSSL_get_chain_X509
hm_sigfw_verify.c:2090:17: warning: assignment to ‘WOLFSSL_X509 *’ {aka ‘struct WOLFSSL_X509 *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
2090 |         ca_cert = wolfSSL_PEM_read_bio_X509(tbio, NULL, 0, NULL);
      |                 ^
hm_sigfw_verify.c:2133:15: warning: implicit declaration of function ‘wolfSSL_PEM_read_bio’; did you mean ‘wolfSSL_thread_id’? [-Wimplicit-function-declaration]
2133 |         ret = wolfSSL_PEM_read_bio(cms_sign, &name,&header,&data,&len); // Working fine data having CMS signature in der format
      |               ^~~~~~~~~~~~~~~~~~~~
      |               wolfSSL_thread_id
hm_sigfw_verify.c:2157:2: warning: implicit declaration of function ‘wolfSSL_d2i_PKCS7_ex’; did you mean ‘wolfSSL_d2i_PKCS12_fp’? [-Wimplicit-function-declaration]
2157 |  wolfSSL_d2i_PKCS7_ex(&pkcs7,(const unsigned char**)&data,len,data_total,total_read);
      |  ^~~~~~~~~~~~~~~~~~~~
      |  wolfSSL_d2i_PKCS12_fp
hm_sigfw_verify.c:2174:9: warning: implicit declaration of function ‘wc_PKCS7_Free’; did you mean ‘wc_PKCS12_free’? [-Wimplicit-function-declaration]
2174 |         wc_PKCS7_Free(pkcs7);
      |         ^~~~~~~~~~~~~
      |         wc_PKCS12_free

Can you please suggest a way how we can resolve this issue?

Hi,

Need to use wolfSSL with minimal size as much as possible to perform CMS/PKCS7 verification.
For that require OPENSSL and PKCS7 utility only as need BIO chaining and verification support from WOLFSSL.

To achieve this, tried compilation of wolfSSL with below command, and able to reduce the size of wolfssl to 1.9 MB.

./configure --prefix=/home/mangal/test_work/wolfssl_test2/ --enable-static --enable-singlethreaded --disable-pkcs8 --disable-dh --disable-poly1305 --disable-md5 --disable-sha224 --disable-sha384 --disable-sha3 --disable-chacha --disable-examples --disable-crypttests --disable-pkcs11 --disable-benchmark --disable-tls13 --disable-harden --disable-aligndata --disable-eccshamir --disable-errorstrings --disable-errorqueue --disable-oldtls --disable-secure-renegotiation-info --disable-extended-master --disable-enc-then-mac --disable-crypttests --disable-asyncthreads --disable-oldnames --disable-ocsp --disable-rsa --disable-rsapss --disable-fastmath --disable-shared --enable-opensslall --enable-pkcs7 --disable-kdf

Need your support for below points:
1. Please suggest a way to reduce the wolfssl size further and how I can achieve that?
2. How much wolfssl's size can be reduced just to perform pkcs7 verification with BIO chaining only?
3. Facing compilation issues on disabling flags as mentioned below, So Can you please suggest a way how I can disable those flags and remove their dependencies?
{--enable-hmac, --enable-asm, --enable-rng, --enable-aescbc, --enable-aesgcm, --enable-SHA512, --enable-ecc, --enable-tlsv12, --enable-memory, --enable-oaep, --enable-asn, --enable-aes, --enable-coding, --enable-base64encode, --enable-sha, --enable-hashdrbg,  --enable-filesystem,  --enable-inline and --enable-pkcs12}