From 27ea9d9bce4c2ccbdda226010fdb02ccc609826c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 13 Mar 2019 17:54:33 -0700 Subject: [PATCH 1/3] Configure Fixes 1. The combination enable-all and disable-rsa breaks some of the testing. Added the NO_RSA guards as appropriate. 2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they use test certificates with RSA keys. --- examples/server/server.c | 3 +++ scripts/include.am | 5 +++++ src/ssl.c | 40 +++++++++++++++++++++++++++++++++------- tests/api.c | 9 ++++++--- wolfcrypt/test/test.c | 7 +++++-- 5 files changed, 52 insertions(+), 12 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 4eda55701..9d19773f6 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1889,6 +1889,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); } #endif +#ifndef NO_RSA +/* All the OSCP Stapling test certs are RSA. */ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) @@ -1900,6 +1902,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); #endif +#endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) diff --git a/scripts/include.am b/scripts/include.am index 7cf8df579..3fc4208c6 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -15,6 +15,9 @@ dist_noinst_SCRIPTS+= scripts/resume.test EXTRA_DIST+= scripts/benchmark.test EXTRA_DIST+= scripts/memtest.sh +# The CRL and OCSP tests use RSA certificates. +if BUILD_RSA + if BUILD_CRL # make revoked test rely on completion of resume test dist_noinst_SCRIPTS+= scripts/crl-revoked.test @@ -46,6 +49,8 @@ endif endif +endif + if BUILD_PSK dist_noinst_SCRIPTS+= scripts/psk.test endif diff --git a/src/ssl.c b/src/ssl.c index ae1449ea7..766f55e5d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26559,6 +26559,8 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + +#ifndef NO_RSA /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO * * bio the WOLFSSL_BIO to write to @@ -26639,6 +26641,8 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, return ret; } +#endif /* NO_RSA */ + int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, @@ -26666,9 +26670,11 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, keyDer = (byte*)key->pkey.ptr; switch (key->type) { +#ifndef NO_RSA case EVP_PKEY_RSA: type = PRIVATEKEY_TYPE; break; +#endif #ifndef NO_DSA case EVP_PKEY_DSA: @@ -29920,8 +29926,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) -/* needed SetName function from asn.c is wrapped by NO_RSA */ +#if defined(WOLFSSL_CERT_GEN) /* helper function for CopyX509NameToCertName() * * returns WOLFSSL_SUCCESS on success @@ -35598,6 +35603,8 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) + +#ifndef NO_RSA int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) { if (pkey == NULL || key == NULL) @@ -35609,6 +35616,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) return WOLFSSL_SUCCESS; } +#endif int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) { @@ -36189,12 +36197,16 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, Cert cert; byte der[2048]; int derSz = sizeof(der); - void* key; - int type; + void* key = NULL; + int type = -1; int sigType; int hashType; +#ifndef NO_RSA RsaKey rsa; +#endif +#ifdef HAVE_ECC ecc_key ecc; +#endif WC_RNG rng; word32 idx = 0; @@ -36257,6 +36269,7 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, return WOLFSSL_FAILURE; /* Create a public key object from requests public key. */ +#ifndef NO_RSA if (req->pubKeyOID == RSAk) { type = RSA_TYPE; ret = wc_InitRsaKey(&rsa, req->heap); @@ -36270,7 +36283,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, } key = (void*)&rsa; } - else { +#endif +#ifdef HAVE_ECC + if (req->pubKeyOID == ECDSAk) { type = ECC_TYPE; ret = wc_ecc_init(&ecc); if (ret != 0) @@ -36283,6 +36298,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, } key = (void*)&ecc; } +#endif + if (key == NULL) + return WOLFSSL_FAILURE; /* Make the body of the certificate request. */ ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key); @@ -36290,21 +36308,29 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, return WOLFSSL_FAILURE; /* Dispose of the public key object. */ +#ifndef NO_RSA if (req->pubKeyOID == RSAk) wc_FreeRsaKey(&rsa); - else +#endif +#ifdef HAVE_ECC + if (req->pubKeyOID == ECDSAk) wc_ecc_free(&ecc); +#endif idx = 0; /* Get the private key object and type from pkey. */ +#ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { type = RSA_TYPE; key = pkey->rsa->internal; } - else { +#endif +#ifdef HAVE_ECC + if (pkey->type == EVP_PKEY_EC) { type = ECC_TYPE; key = pkey->ecc->internal; } +#endif /* Sign the certificate request body. */ ret = wc_InitRng(&rng); diff --git a/tests/api.c b/tests/api.c index f52200e40..b0725ea01 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20477,7 +20477,9 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) { BIO* bio = NULL; EVP_PKEY* pkey = NULL; +#ifndef NO_RSA RSA* rsa = NULL; +#endif WOLFSSL_CTX* ctx; #if defined(WOLFSSL_KEY_GEN) @@ -20550,13 +20552,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#ifndef NO_RSA /* Tests bad parameters */ AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); /* RSA not set yet, expecting to fail*/ AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); -#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) /* set RSA using bio*/ AssertIntGT(BIO_write(bio, client_key_der_2048, sizeof_client_key_der_2048), 0); @@ -20568,13 +20571,13 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); +#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */ RSA_free(rsa); -#endif +#endif /* NO_RSA */ SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio); bio = NULL; - (void)rsa; printf(resultFmt, passed); } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ae350a378..c32a9b6ed 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8685,7 +8685,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; #endif #ifdef WOLFSSL_CERT_GEN - static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; + #ifndef NO_RSA + /* eccKeyPubFile is used in a test that requires RSA. */ + static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; + #endif static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -8836,7 +8839,7 @@ static const CertName certDefaultName = { static const char certKeyUsage[] = "digitalSignature,nonRepudiation"; #endif - #if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU) + #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA) static const char certKeyUsage2[] = "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; #endif From 6b89b1f97a14dc947739e7b8c6f522621e63d882 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 13 Mar 2019 17:56:45 -0700 Subject: [PATCH 2/3] Configure Fixes One of the external sites contacted for the OCSP stapling test increased the size of one of their intermediate certificates. The test failed silently as the certificate was ignored. Increased the FP_MAX_BITS so that the test can pass with the enable-all option. That option was setting the FP_MAX_BITS for 3072-bit certificates, and the site in question is using a 4096-bit certificate. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e5f0cecb9..64b2f80cf 100644 --- a/configure.ac +++ b/configure.ac @@ -194,7 +194,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" # Enable DH const table speedups (eliminates `-lm` math lib dependency) - AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=6144" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192" fi AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"]) From 3e3f746f3b5d2d46cbd2b74ed09d1d3f44912bad Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 14 Mar 2019 10:37:40 -0700 Subject: [PATCH 3/3] Configure Fixes When enable-all and disable-rsa is configured, some of the tests needed for all don't work because they only use RSA keys or certificates. Disabled those test cases in that build combination. --- tests/api.c | 61 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/tests/api.c b/tests/api.c index b0725ea01..520fb8b5a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -744,7 +744,7 @@ static void test_wolfSSL_CTX_use_certificate_file(void) #endif } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static int test_wolfSSL_CTX_use_certificate_ASN1(void) { #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) @@ -765,7 +765,7 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void) return WOLFSSL_SUCCESS; #endif } -#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ +#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into * context using buffer. @@ -880,10 +880,12 @@ static void test_wolfSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; +#ifndef NO_RSA WOLFSSL_CERT_MANAGER* cm; #ifdef PERSIST_CERT_CACHE int cacheSz; #endif +#endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) const char* load_certs_path = "./certs/external"; const char* load_no_certs_path = "./examples"; @@ -908,9 +910,8 @@ static void test_wolfSSL_CTX_load_verify_locations(void) /* load ca cert */ #ifdef NO_RSA AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E); -#else +#else /* Skip the following test without RSA certs. */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); -#endif #ifdef PERSIST_CERT_CACHE /* Get cert cache size */ @@ -925,11 +926,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void) #endif /* load ca cert again */ -#ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E); -#else AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); -#endif /* Test getting CERT_MANAGER */ AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); @@ -941,6 +938,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void) /* Verify no certs (result is less than cacheSz) */ AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif +#endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) /* Test loading CA certificates using a path */ @@ -1067,7 +1065,8 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) static void test_wolfSSL_CertManagerCRL(void) { -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ + !defined(NO_RSA) const char* ca_cert = "./certs/ca-cert.pem"; const char* crl1 = "./certs/crl/crl.pem"; @@ -1097,7 +1096,7 @@ static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \ defined(USE_CERT_BUFFERS_2048) && defined(OPENSSL_EXTRA) && \ -defined(WOLFSSL_CERT_GEN) +defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) WOLFSSL_CTX* ctx; @@ -1246,9 +1245,11 @@ static void test_wolfSSL_CTX_der_load_verify_locations(void) /* Case 5 filePath empty */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); +#ifndef NO_RSA /* Case 6 success case */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif wolfSSL_CTX_free(ctx); #endif @@ -16354,7 +16355,11 @@ static void test_wc_PKCS7_Degenerate(void) AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); +#ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#else + AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#endif wc_PKCS7_Free(pkcs7); /* test with turning off degenerate cases */ @@ -16589,7 +16594,11 @@ static void test_wc_PKCS7_BER(void) AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); +#ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#else + AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#endif wc_PKCS7_Free(pkcs7); #ifndef NO_DES3 @@ -16599,7 +16608,11 @@ static void test_wc_PKCS7_BER(void) derSz = (word32)ret; XFCLOSE(f); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); +#ifndef NO_RSA AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); +#else + AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); +#endif AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); @@ -16607,8 +16620,13 @@ static void test_wc_PKCS7_BER(void) XFCLOSE(f); pkcs7->privateKey = der; pkcs7->privateKeySz = derSz; +#ifndef NO_RSA AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), 0); +#else + AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, + sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN); +#endif wc_PKCS7_Free(pkcs7); #endif /* !NO_DES3 */ @@ -17597,7 +17615,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_FILESYSTEM) + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ + !defined(NO_RSA) && !defined(NO_FILESYSTEM) { pem_password_cb* passwd_cb; void* passwd_cb_userdata; @@ -18692,7 +18711,7 @@ static void test_wolfSSL_CTX_set_srp_password(void) static void test_wolfSSL_X509_STORE(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_RSA) X509_STORE *store; X509_CRL *crl; X509 *x509; @@ -19169,7 +19188,8 @@ static void test_wolfSSL_set_options(void) * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. */ static void test_wolfSSL_set_tlsext_status_type(void){ - #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(NO_RSA) SSL* ssl; SSL_CTX* ctx; @@ -19183,7 +19203,7 @@ static void test_wolfSSL_set_tlsext_status_type(void){ == SSL_SUCCESS); SSL_free(ssl); SSL_CTX_free(ctx); - #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST */ + #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */ } static void test_wolfSSL_PEM_read_bio(void) @@ -20472,7 +20492,7 @@ static void test_wolfSSL_d2i_PUBKEY(void) #endif } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static void test_wolfSSL_d2i_PrivateKeys_bio(void) { BIO* bio = NULL; @@ -21778,7 +21798,7 @@ static void test_wc_GetPkcs8TraditionalOffset(void) static void test_wc_SetSubjectRaw(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.pem"; WOLFSSL_X509* x509; int peerCertSz; @@ -21820,7 +21840,7 @@ static void test_wc_GetSubjectRaw(void) static void test_wc_SetIssuerRaw(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.pem"; WOLFSSL_X509* x509; int peerCertSz; @@ -21846,7 +21866,7 @@ static void test_wc_SetIssuerRaw(void) static void test_wc_SetIssueBuffer(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.pem"; WOLFSSL_X509* x509; int peerCertSz; @@ -23182,7 +23202,8 @@ static void test_wolfSSL_X509_CRL(void) static void test_wolfSSL_PEM_read_X509(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) X509 *x509 = NULL; XFILE fp; @@ -23799,7 +23820,7 @@ void ApiTest(void) test_wolfSSL_DES_ncbc(); test_wolfSSL_AES_cbc_encrypt(); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); test_wolfSSL_d2i_PrivateKeys_bio(); #endif /* OPENSSL_ALL || WOLFSSL_ASIO */