Merge pull request #4156 from SparkiDev/regression_fixes_1

Regression test fixes

configure.ac

@@ -3260,10 +3260,10 @@ fi
 
 if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA -DNO_CHACHA_ASM"
+    AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
 fi
 
-if test "$ENABLED_CHACHA" = "yes"
+if test "$ENABLED_CHACHA" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
 fi

examples/server/server.c

@@ -1259,7 +1259,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         WOLFSSL_MEM_STATS mem_stats;
     #endif
 #endif
-#if defined(WOLFSSL_TLS13)
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
     int onlyKeyShare = 0;
 #endif
 #if defined(HAVE_SESSION_TICKET)
@@ -1643,13 +1643,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 break;
 
             case 'y' :
-                #if defined(WOLFSSL_TLS13) && !defined(NO_DH)
+                #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \
+                    && !defined(NO_DH)
                     onlyKeyShare = 1;
                 #endif
                 break;
 
             case 'Y' :
-                #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
+                #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \
+                    && defined(HAVE_ECC)
                     onlyKeyShare = 2;
                 #endif
                 break;
@@ -1657,7 +1659,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             case 't' :
                 #ifdef HAVE_CURVE25519
                     useX25519 = 1;
-                    #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
+                    #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
                         onlyKeyShare = 2;
                     #endif
                 #endif
@@ -1786,7 +1788,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             case '8' :
                 #ifdef HAVE_CURVE448
                     useX448 = 1;
-                    #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
+                    #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
                         onlyKeyShare = 2;
                     #endif
                 #endif
@@ -2558,7 +2560,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             SetupPkCallbackContexts(ssl, &pkCbInfo);
 #endif
 
-    #ifdef WOLFSSL_TLS13
+    #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
         if (version >= 4) {
             SetKeyShare(ssl, onlyKeyShare, useX25519, useX448);   
         }

src/internal.c

@@ -14240,7 +14240,7 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
 #endif
 
 
-#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
 /* Used for the older version of creating AEAD tags with Poly1305 */
 static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
                        byte* cipher, word16 sz, byte* tag)
@@ -14630,7 +14630,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
     return ret;
 }
-#endif /* HAVE_CHACHA && HAVE_POLY1305 */
+#endif /* HAVE_CHACHA && HAVE_POLY1305 && !NO_CHAPOL_AEAD*/
 #endif /* HAVE_AEAD */
 
 
@@ -14814,7 +14814,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
             break;
     #endif
 
-    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+        !defined(NO_CHAPOL_AEAD)
         case wolfssl_chacha:
             ret = ChachaAEADEncrypt(ssl, out, input, sz);
             break;
@@ -15085,7 +15086,8 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
             break;
     #endif
 
-    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+        !defined(NO_CHAPOL_AEAD)
         case wolfssl_chacha:
             ret = ChachaAEADDecrypt(ssl, plain, input, sz);
             break;
@@ -20451,9 +20453,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         int    i;
         word32 length;
 
-        next   = XSTRSTR(next, ":");
-        length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
-                                         : (word32)(next - current));
+        next = XSTRSTR(next, ":");
+        length = MAX_SUITE_NAME + 1;
+        if (next != NULL) {
+            word32 currLen = (word32)(next - current);
+            if (length > currLen) {
+                length = currLen;
+            }
+        }
 
         XSTRNCPY(name, current, length);
         name[(length == sizeof(name)) ? length - 1 : length] = 0;
@@ -26572,8 +26579,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     case ecdhe_psk_kea:
                         /* Fall through to create temp ECC key */
                 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
-                #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
-                                                          defined(HAVE_CURVE448)
+                #if defined(HAVE_ECC) || \
+                    ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
+                     (defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+                      !defined(NO_RSA)))
                     case ecc_diffie_hellman_kea:
                     {
                     #ifdef HAVE_CURVE25519
@@ -26661,7 +26670,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             case TLS_ASYNC_BUILD:
             {
             #if (!defined(NO_DH) && !defined(NO_RSA)) || (defined(HAVE_ECC) || \
-                             defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
+                    (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+                    (defined(HAVE_CURVE448) && defined(HAVE_ED448)))
                 word32 preSigSz, preSigIdx;
             #endif
 
@@ -26918,8 +26928,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         break;
                     }
                 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
-                #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
-                                                          defined(HAVE_CURVE448)
+                #if defined(HAVE_ECC) || \
+                    ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
+                     (defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+                      !defined(NO_RSA)))
                     case ecc_diffie_hellman_kea:
                     {
                         enum wc_HashType hashType;
@@ -26963,7 +26975,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                        args->exportBuf, &args->exportSz) != 0) {
                                 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
                             }
-                     #endif
+                    #endif
                         }
                         args->length += args->exportSz;
 

src/keys.c

@@ -2273,7 +2273,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 #endif /* BUILD_ARC4 */
 
 
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
     /* Check that the max implicit iv size is suffecient */
     #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
         #error AEAD_MAX_IMP_SZ is too small for ChaCha20

src/ssl.c

@@ -6762,8 +6762,10 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
     long   sz = 0;
     XFILE  file;
     void*  heapHint = wolfSSL_CTX_GetHeap(ctx, ssl);
+#ifndef NO_CODING
     const char* header = NULL;
     const char* footer = NULL;
+#endif
 
     (void)crl;
     (void)heapHint;
@@ -6800,6 +6802,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
     else {
         /* Try to detect type by parsing cert header and footer */
         if (type == DETECT_CERT_TYPE) {
+#ifndef NO_CODING
             if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
                (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
                 type = CA_TYPE;
@@ -6814,7 +6817,9 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
                     (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
                 type = CERT_TYPE;
             }
-            else {
+            else
+#endif
+            {
                 WOLFSSL_MSG("Failed to detect certificate type");
                 if (dynamic)
                     XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);

src/tls.c

@@ -10244,10 +10244,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
     int usingPSK = 0;
 #endif
-#if defined(HAVE_SUPPORTED_CURVES) || defined(HAVE_QSH)
+#if (defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)) || \
+                                                               defined(HAVE_QSH)
     TLSX* extension = NULL;
 #endif
-#if defined(HAVE_SUPPORTED_CURVES)
+#if defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)
     word16 namedGroup = 0;
 #endif
 #ifdef HAVE_QSH
@@ -10623,8 +10624,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
     (void)public_key;
     (void)public_key_len;
     (void)ssl;
-    (void)extension;
-    (void)namedGroup;
 
     return ret;
 }

tests/api.c

@@ -1131,7 +1131,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
 
 static void test_wolfSSL_CertManagerCheckOCSPResponse(void)
 {
-#ifdef HAVE_OCSP
+#if defined(HAVE_OCSP) && !defined(NO_RSA)
 /* Need one of these for wolfSSL_OCSP_REQUEST_new. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
     defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
@@ -5744,7 +5744,8 @@ static void test_wolfSSL_UseSNI(void)
 
 static void test_wolfSSL_UseTrustedCA(void)
 {
-#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
+    && !defined(NO_RSA)
     WOLFSSL_CTX *ctx;
     WOLFSSL     *ssl;
     byte        id[20];
@@ -5791,7 +5792,8 @@ static void test_wolfSSL_UseTrustedCA(void)
 
 static void test_wolfSSL_UseMaxFragment(void)
 {
-#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
   #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
     AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
@@ -5833,7 +5835,8 @@ static void test_wolfSSL_UseMaxFragment(void)
 
 static void test_wolfSSL_UseTruncatedHMAC(void)
 {
-#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
   #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
     AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
@@ -6721,7 +6724,7 @@ static void test_wolfSSL_PKCS8(void)
     XFILE f;
     int bytes;
     WOLFSSL_CTX* ctx;
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) && !defined(NO_CODING)
     int ret;
     ecc_key key;
     word32 x = 0;
@@ -6738,6 +6741,8 @@ static void test_wolfSSL_PKCS8(void)
     int flag;
 #endif
 
+    (void)der;
+
     printf(testingFmt, "wolfSSL_PKCS8()");
 
 #ifndef NO_WOLFSSL_CLIENT
@@ -6867,6 +6872,7 @@ static void test_wolfSSL_PKCS8(void)
     AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
+#ifndef NO_CODING
     /* decrypt PKCS8 PEM to key in DER format */
     AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
         (word32)sizeof(der), NULL)), 0);
@@ -6876,6 +6882,7 @@ static void test_wolfSSL_PKCS8(void)
         wc_ecc_free(&key);
     }
     AssertIntEQ(ret, 0);
+#endif
 
     /* Test PKCS8 DER ECC key no crypt */
     f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
@@ -27182,7 +27189,7 @@ static void test_wolfSSL_X509_NAME(void)
 #ifndef NO_BIO
 static void test_wolfSSL_X509_INFO(void)
 {
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
     STACK_OF(X509_INFO) *info_stack;
     X509_INFO *info;
     BIO *cert;
@@ -27289,7 +27296,7 @@ static void test_wolfSSL_X509_check_host(void)
 
 static void test_wolfSSL_X509_check_email(void)
 {
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
     X509* x509;
     const char goodEmail[] = "info@wolfssl.com";
     const char badEmail[] = "disinfo@wolfssl.com";
@@ -29548,7 +29555,7 @@ static void test_wolfSSL_X509_Name_canon(void)
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
      defined(WOLFSSL_CERT_GEN) && \
-    (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT))
+    (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
     
     const long ex_hash1 = 0x0fdb2da4;
     const long ex_hash2 = 0x9f3e8c9e;
@@ -30546,8 +30553,8 @@ static void test_wolfSSL_X509_STORE(void)
 
 static void test_wolfSSL_X509_STORE_load_locations(void)
 {
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)\
-    && !defined(NO_WOLFSSL_DIR)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
     SSL_CTX *ctx;
     X509_STORE *store;
 
@@ -31951,7 +31958,8 @@ static void test_wolfSSL_X509(void)
 
 static void test_wolfSSL_X509_get_ext_count(void)
 {
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA)
     int ret = 0;
     WOLFSSL_X509* x509;
     const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
@@ -31992,7 +32000,7 @@ static void test_wolfSSL_X509_get_ext_count(void)
 
 static void test_wolfSSL_X509_sign2(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && \
     (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
@@ -32189,7 +32197,7 @@ static void test_wolfSSL_X509_sign2(void)
 static void test_wolfSSL_X509_sign(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
-    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
     int ret;
     char *caSubject;
     X509_NAME *name;
@@ -32382,7 +32390,8 @@ static void test_wolfSSL_X509_get0_tbs_sigalg(void)
 
 static void test_wolfSSL_X509_ALGOR_get0(void)
 {
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
+    !defined(NO_SHA256) && !defined(NO_RSA)
     X509* x509 = NULL;
     const ASN1_OBJECT* obj = NULL;
     const X509_ALGOR* alg;
@@ -32571,7 +32580,8 @@ static void test_wolfSSL_X509_get_X509_PUBKEY(void)
 
 static void test_wolfSSL_X509_PUBKEY(void)
 {
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
+    !defined(NO_SHA256) && !defined(NO_RSA)
     X509* x509 = NULL;
     ASN1_OBJECT* obj = NULL;
     X509_PUBKEY* pubKey;
@@ -35215,7 +35225,7 @@ static void test_wolfSSL_RSA_meth(void)
 
 static void test_wolfSSL_verify_mode(void)
 {
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL*     ssl;
     WOLFSSL_CTX* ctx;
 
@@ -36894,6 +36904,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
 #if !defined(NO_ASN)
 static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
 {
+#if !defined(NO_RSA)
     WOLFSSL_X509* x509;
     WOLFSSL_X509_NAME* subject;
     WOLFSSL_X509_NAME_ENTRY* e;
@@ -36937,6 +36948,7 @@ static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
 
     wolfSSL_X509_free(x509);
     XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 }
 
 static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
@@ -36972,6 +36984,7 @@ static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
 
 static void test_wolfSSL_sk_CIPHER_description(void)
 {
+#if !defined(NO_RSA)
     const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
     int i,j,k;
     int numCiphers = 0;
@@ -37033,10 +37046,12 @@ static void test_wolfSSL_sk_CIPHER_description(void)
     SSL_CTX_free(ctx);
 
     printf(resultFmt, passed);
+#endif
 }
 
 static void test_wolfSSL_get_ciphers_compat(void)
 {
+#if !defined(NO_RSA)
     const SSL_METHOD *method = NULL;
     const char certPath[] = "./certs/client-cert.pem";
     STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
@@ -37070,6 +37085,7 @@ static void test_wolfSSL_get_ciphers_compat(void)
     SSL_CTX_free(ctx);
 
     printf(resultFmt, passed);
+#endif
 }
 
 static void test_wolfSSL_X509_PUBKEY_get(void)
@@ -38870,7 +38886,7 @@ static void test_wolfSSL_EC_KEY_set_group(void)
 }
 
 static void test_wolfSSL_X509V3_EXT_get(void) {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     FILE* f;
     int numOfExt =0;
     int extNid = 0;
@@ -38902,7 +38918,7 @@ static void test_wolfSSL_X509V3_EXT_get(void) {
 }
 
 static void test_wolfSSL_X509V3_EXT(void) {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     FILE* f;
     int numOfExt = 0, nid = 0, i = 0, expected, actual;
     char* str;
@@ -39046,7 +39062,7 @@ static void test_wolfSSL_X509V3_EXT(void) {
 }
 
 static void test_wolfSSL_X509_get_ext(void){
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     int ret = 0;
     FILE* f;
     WOLFSSL_X509* x509;
@@ -39081,7 +39097,7 @@ static void test_wolfSSL_X509_get_ext(void){
 
 static void test_wolfSSL_X509_get_ext_by_NID(void)
 {
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
     int rc;
     FILE* f;
     WOLFSSL_X509* x509;
@@ -39127,7 +39143,7 @@ static void test_wolfSSL_X509_EXTENSION_new(void)
 
 static void test_wolfSSL_X509_EXTENSION_get_object(void)
 {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509;
     WOLFSSL_X509_EXTENSION* ext;
     WOLFSSL_ASN1_OBJECT* o;
@@ -39155,7 +39171,7 @@ static void test_wolfSSL_X509_EXTENSION_get_object(void)
 
 static void test_wolfSSL_X509_EXTENSION_get_data(void)
 {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509;
     WOLFSSL_X509_EXTENSION* ext;
     WOLFSSL_ASN1_STRING* str;
@@ -39177,7 +39193,7 @@ static void test_wolfSSL_X509_EXTENSION_get_data(void)
 
 static void test_wolfSSL_X509_EXTENSION_get_critical(void)
 {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509;
     WOLFSSL_X509_EXTENSION* ext;
     FILE* file;
@@ -39200,7 +39216,8 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void)
 
 static void test_wolfSSL_X509V3_EXT_print(void)
 {
-#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) && !defined(NO_BIO)
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
+    !defined(NO_RSA)
     printf(testingFmt, "wolfSSL_X509V3_EXT_print");
 
     {
@@ -39275,7 +39292,7 @@ static void test_wolfSSL_X509V3_EXT_print(void)
 
 static void test_wolfSSL_X509_cmp(void)
 {
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
     FILE* file1;
     FILE* file2;
     WOLFSSL_X509* cert1;
@@ -39387,7 +39404,8 @@ static void test_wolfSSL_i2d_PrivateKey(void)
 
 static void test_wolfSSL_OCSP_id_get0_info(void)
 {
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA)
     X509* cert;
     X509* issuer;
     OCSP_CERTID* id;
@@ -40889,7 +40907,8 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void)
 #ifdef HAVE_SMIME
 static void test_wolfSSL_SMIME_read_PKCS7(void)
 {
-#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA)
     PKCS7* pkcs7 = NULL;
     BIO* bio = NULL;
     BIO* bcont = NULL;
@@ -42193,7 +42212,8 @@ static void test_wolfSSL_X509_CRL(void)
 
 static void test_wolfSSL_X509_load_crl_file(void)
 {
-#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_RSA)
     int i;
     char pem[][100] = {
         "./certs/crl/crl.pem",
@@ -42282,7 +42302,8 @@ static void test_wolfSSL_X509_load_crl_file(void)
 
 static void test_wolfSSL_d2i_X509_REQ(void)
 {
-#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && \
+    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
     /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
      * generated by libest
      * ./certs/csr.attr.der contains sample attributes
@@ -42844,7 +42865,7 @@ static void test_wolfssl_EVP_aes_gcm(void)
 #ifndef NO_BIO
 static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
 {
-#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     BIO* bio;
     X509_INFO* info;
     STACK_OF(X509_INFO)* sk;
@@ -42995,7 +43016,7 @@ static void test_wolfSSL_ASN1_INTEGER_set(void)
 static void test_wolfSSL_X509_STORE_get1_certs(void)
 {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
-    !defined(NO_FILESYSTEM)
+    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     X509_STORE_CTX *storeCtx;
     X509_STORE *store;
     X509 *caX509;
@@ -44098,7 +44119,7 @@ static int test_various_pathlen_chains(void)
 }
 #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
 
-#ifdef HAVE_KEYING_MATERIAL
+#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
 static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
 {
     byte ekm[100] = {0};
@@ -44665,7 +44686,7 @@ static void test_CONF_CTX_CMDLINE(void)
     
     /* cmd Certificate and Private Key*/
     {
-    #ifndef NO_CERTS
+    #if !defined(NO_CERTS) && !defined(NO_RSA)
         const char*  ourCert = svrCertFile;
         const char*  ourKey  = svrKeyFile;
         
@@ -44701,7 +44722,7 @@ static void test_CONF_CTX_CMDLINE(void)
     /* cmd DH parameter */
     {
     #if !defined(NO_DH) && !defined(NO_BIO)
-        const char* ourdhcert = "./certs/dh4096.pem";
+        const char* ourdhcert = "./certs/dh2048.pem";
         
         AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), 
                                                         -3);
@@ -44745,7 +44766,7 @@ static void test_CONF_CTX_FILE(void)
     
     /* cmd Certificate and Private Key*/
     {
-    #ifndef NO_CERTS
+    #if !defined(NO_CERTS) && !defined(NO_RSA)
         const char*  ourCert = svrCertFile;
         const char*  ourKey  = svrKeyFile;
         
@@ -45449,7 +45470,7 @@ void ApiTest(void)
 #endif
 
 
-#ifdef HAVE_KEYING_MATERIAL
+#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
     test_export_keying_material();
 #endif /* HAVE_KEYING_MATERIAL */
 

wolfcrypt/benchmark/benchmark.c

@@ -783,7 +783,9 @@ static const char* bench_desc_words[][14] = {
 #endif
 
 #if defined(BENCH_ASYM)
-#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH)
+#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
+    defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
+    defined(HAVE_CURVE448) || defined(HAVE_ED448)
 static const char* bench_result_words2[][5] = {
     { "ops took", "sec"     , "avg" , "ops/sec", NULL },            /* 0 English  */
 #ifndef NO_MULTIBYTE_PRINT
@@ -1325,7 +1327,9 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count,
 }
 
 #ifdef BENCH_ASYM
-#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH)
+#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
+    defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
+    defined(HAVE_CURVE448) || defined(HAVE_ED448)
 static void bench_stats_asym_finish(const char* algo, int strength,
     const char* desc, int doAsync, int count, double start, int ret)
 {

wolfcrypt/src/sp_int.c

@@ -3007,10 +3007,34 @@ int sp_cmp_d(sp_int* a, sp_int_digit d)
 }
 #endif
 
-#if defined(WOLFSSL_SP_INT_NEGATIVE) || !defined(NO_PWDBASED) || \
-    defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
-    ((defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA)) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY))
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
+    !defined(NO_DSA) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
+#define WOLFSSL_SP_ADD_D
+#endif
+#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
+#define WOLFSSL_SP_SUB_D
+#endif
+#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#define WOLFSSL_SP_READ_RADIX_10
+#endif
+#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#define WOLFSSL_SP_INVMOD
+#endif
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
+#define WOLFSSL_SP_INVMOD_MONT_CT
+#endif
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) || \
+    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+#define WOLFSSL_SP_PRIME_GEN
+#endif
+
+#if defined(WOLFSSL_SP_ADD_D) || (defined(WOLFSSL_SP_INT_NEGATIVE) && \
+    defined(WOFLSSL_SP_SUB_D)) || defined(WOLFSSL_SP_READ_RADIX_10)
 /* Add a one digit number to the multi-precision number.
  *
  * @param  [in]   a  SP integer be added to.
@@ -3057,13 +3081,12 @@ static int _sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* WOLFSSL_SP_INT_NEGATIVE || !NO_PWDBASED || WOLFSSL_KEY_GEN ||
-        * !NO_DH || !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
+#endif /* WOLFSSL_SP_ADD_D || (WOLFSSL_SP_INT_NEGATIVE && WOFLSSL_SP_SUB_D) ||
+        * defined(WOLFSSL_SP_READ_RADIX_10) */
 
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
-    defined(WOLFSSL_SP_INT_NEGATIVE) || \
-    !defined(NO_DH) || !defined(NO_DSA) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
+#if (defined(WOLFSSL_SP_INT_NEGATIVE) && defined(WOLFSSL_SP_ADD_D)) || \
+    defined(WOLFSSL_SP_SUB_D) || defined(WOLFSSL_SP_INVMOD) || \
+    defined(WOLFSSL_SP_INVMOD_MONT_CT) || defined(WOLFSSL_SP_PRIME_GEN)
 /* Sub a one digit number from the multi-precision number.
  *
  * returns MP_OKAY always.
@@ -3099,11 +3122,11 @@ static void _sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
         sp_clamp(r);
     }
 }
-#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_INT_NEGATIVE || !NO_DH || !NO_DSA ||
-        * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
+#endif /* (WOLFSSL_SP_INT_NEGATIVE && WOLFSSL_SP_ADD_D) || WOLFSSL_SP_SUB_D
+        * WOLFSSL_SP_INVMOD || WOLFSSL_SP_INVMOD_MONT_CT ||
+        * WOLFSSL_SP_PRIME_GEN */
 
-#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
-    !defined(NO_DSA) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
+#ifdef WOLFSSL_SP_ADD_D
 /* Add a one digit number to the multi-precision number.
  *
  * @param  [in]   a  SP integer be added to.
@@ -3150,10 +3173,9 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* !NO_PWDBASED || WOLFSSL_KEY_GEN || !NO_DH || !NO_DSA || !NO_RSA */
+#endif /* WOLFSSL_SP_ADD_D */
 
-#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
+#ifdef WOLFSSL_SP_SUB_D
 /* Sub a one digit number from the multi-precision number.
  *
  * @param  [in]   a  SP integer be subtracted from.
@@ -3199,8 +3221,7 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC ||
-        * !NO_DSA */
+#endif /* WOLFSSL_SP_SUB_D */
 
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(WOLFSSL_SP_SMALL) && (defined(WOLFSSL_SP_MATH_ALL) || \
@@ -3346,10 +3367,20 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
 #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
         * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
 
-#if !defined(WOLFSSL_SP_SMALL) && ((defined(WOLFSSL_SP_MATH_ALL) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(WOLFSSL_HAVE_SP_DH) || (defined(HAVE_ECC) && (defined(FP_ECC) || \
-    defined(HAVE_COMP_KEY))))
+/* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+#define WOLFSSL_SP_DIV_D
+#endif
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_HAVE_SP_DH) || \
+    (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \
+    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+#define WOLFSSL_SP_MOD_D
+#endif
+
+#if (defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)) && \
+    !defined(WOLFSSL_SP_SMALL)
 /* Divide by 3: r = a / 3 and rem = a % 3
  *
  * @param  [in]   a    SP integer to be divided.
@@ -3461,14 +3492,9 @@ static void _sp_div_10(sp_int* a, sp_int* r, sp_int_digit* rem)
         }
     }
 }
-#endif /* !WOLFSSL_SP_SMALL && ((WOLFSSL_SP_MATH_ALL && 
-        * !WOLFSSL_RSA_VERIFY_ONLY) || WOLFSSL_HAVE_SP_DH ||
-        * (HAVE_ECC && FP_ECC)) */
+#endif /* (WOLFSSL_SP_DIV_D || WOLFSSL_SP_MOD_D) && !WOLFSSL_SP_SMALL */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(WOLFSSL_HAVE_SP_DH) || \
-    (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \
-    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+#if defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)
 /* Divide by small number: r = a / d and rem = a % d
  *
  * @param  [in]   a    SP integer to be divided.
@@ -3514,8 +3540,7 @@ static void _sp_div_small(sp_int* a, sp_int_digit d, sp_int* r,
 }
 #endif
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+#ifdef WOLFSSL_SP_DIV_D
 /* Divide a multi-precision number by a digit size number and calculate
  * remainder.
  *   r = a / d; rem = a % d
@@ -3582,12 +3607,9 @@ int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem)
 
     return err;
 }
-#endif
+#endif /* WOLFSSL_SP_DIV_D */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(WOLFSSL_HAVE_SP_DH) || \
-    (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \
-    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+#ifdef WOLFSSL_SP_MOD_D
 /* Calculate a modulo the digit d into r: r = a mod d
  *
  * @param  [in]   a  SP integer to reduce.
@@ -3662,8 +3684,7 @@ int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r)
 
     return err;
 }
-#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERFIY_ONLY) || \
-        *  WOLFSSL_HAVE_SP_DH || (HAVE_ECC && (FP_ECC || HAVE_COMP_KEY)) */
+#endif /* WOLFSSL_SP_MOD_D */
 
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
 /* Divides a by 2 mod m and stores in r: r = (a / 2) mod m
@@ -7762,9 +7783,7 @@ int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
 }
 #endif
 
-#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#ifdef WOLFSSL_SP_INVMOD
 /* Calculates the multiplicative inverse in the field.
  *
  * @param  [in]   a  SP integer to find inverse of.
@@ -7901,10 +7920,9 @@ int sp_invmod(sp_int* a, sp_int* m, sp_int* r)
     FREE_SP_INT_ARRAY(t, NULL);
     return err;
 }
-#endif /* HAVE_ECC || !NO_DSA || OPENSSL_EXTRA || \
-        * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
+#endif /* WOLFSSL_SP_INVMOD */
 
-#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
+#ifdef WOLFSSL_SP_INVMOD_MONT_CT
 
 #define CT_INV_MOD_PRE_CNT      8
 
@@ -8008,7 +8026,7 @@ int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp)
     return err;
 }
 
-#endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
+#endif /* WOLFSSL_SP_INVMOD_MONT_CT */
 
 
 /**************************
@@ -12407,7 +12425,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
 }
 #endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
 
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#ifdef WOLFSSL_SP_READ_RADIX_10
 /* Convert decimal number as string in big-endian format to a multi-precision
  * number.
  *
@@ -12464,10 +12482,10 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
 
     return err;
 }
-#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */
+#endif /* WOLFSSL_SP_READ_RADIX_10 */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(HAVE_ECC) || !defined(NO_DSA)
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || !defined(NO_DSA)
 /* Convert a number as string in big-endian format to a big number.
  * Only supports base-16 (hexadecimal) and base-10 (decimal).
  *
@@ -12499,7 +12517,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
         if (radix == 16) {
             err = _sp_read_radix_16(a, in);
         }
-    #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+    #ifdef WOLFSSL_SP_READ_RADIX_10
         else if (radix == 10) {
             err = _sp_read_radix_10(a, in);
         }
@@ -12907,9 +12925,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
 }
 #endif /* WOLFSSL_KEY_GEN && (!NO_DH || !NO_DSA) && !WC_NO_RNG */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) || \
-    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+#ifdef WOLFSSL_SP_PRIME_GEN
 /* Miller-Rabin test of "a" to the base of "b" as described in
  * HAC pp. 139 Algorithm 4.24
  *
@@ -13302,7 +13318,7 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng)
     }
     return err;
 }
-#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
+#endif /* WOLFSSL_SP_PRIME_GEN */
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
 
@@ -13415,7 +13431,7 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
 
 #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
 
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
 
 /* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r.
  *

wolfcrypt/test/test.c

@@ -15894,6 +15894,7 @@ exit_rsa:
 
     (void)res;
     (void)bytes;
+    (void)idx;
     (void)in;
     (void)out;
     (void)plain;
@@ -33480,6 +33481,8 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
     mp_digit rem;
     mp_digit rem2;
 
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     for (i = 0; i < 10; i++) {
         for (j = 1; j < 10; j++) {
             if (randNum(a, j, rng, NULL) != 0)
@@ -33501,6 +33504,7 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
         return -12626;
     if (mp_cmp(r, a) != MP_EQ)
         return -12627;
+#endif
 
 #if defined(WOLFSSL_SP_MATH_ALL)
     if (mp_div_d(a, 10, r, &rem) != 0)
@@ -33527,10 +33531,16 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
         return -12637;
     if (rem != rem2)
         return -12638;
-#else
-    (void)rem2;
 #endif
 
+    (void)a;
+    (void)r;
+    (void)rng;
+    (void)i;
+    (void)j;
+    (void)rem;
+    (void)rem2;
+
     return 0;
 }
 #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
@@ -33602,7 +33612,8 @@ static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
 }
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
+#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
+                                                              defined(HAVE_ECC))
 static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 {
     int ret;
@@ -33698,6 +33709,7 @@ static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
         if (mp_cmp(a, r1) != MP_EQ)
             return -12682;
     }
+#ifndef WOLFSSL_SP_MATH
     for (i = 0; i < DIGIT_BIT+1; i++) {
         if (mp_mul_2d(a, i, r1) != MP_OKAY)
             return -12683;
@@ -33705,6 +33717,7 @@ static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
         if (mp_cmp(a, r1) != MP_EQ)
             return -12684;
     }
+#endif
 
     return 0;
 }
@@ -33740,21 +33753,6 @@ static int mp_test_add_sub_d(mp_int* a, mp_int* r1)
     if (r1->used != 0)
         return -12697;
 
-#ifdef WOLFSSL_SP_MATH
-    if (mp_set(r1, 1) != MP_OKAY)
-        return -12698;
-    if (mp_mul_2d(r1, SP_INT_MAX_BITS - 1, r1) != MP_OKAY)
-        return -12699;
-    if (mp_sub_d(r1, 1, r1) != MP_OKAY)
-        return -12700;
-    if (mp_mul_2d(r1, 1, r1) != MP_OKAY)
-        return -12701;
-    if (mp_add_d(r1, 1, r1) != MP_OKAY)
-        return -12702;
-    if (mp_add_d(r1, 1, r1) == MP_OKAY)
-        return -12703;
-#endif
-
     return 0;
 }
 
@@ -34303,8 +34301,8 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return -12821;
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
-    (defined(HAVE_ECC) && defined(FP_ECC))
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_div_d(NULL, 0, NULL, NULL);
     if (ret != MP_VAL)
         return -12822;
@@ -34353,7 +34351,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return -12834;
 #endif
 
-#ifdef HAVE_ECC
+#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_div_2_mod_ct(NULL, NULL, NULL);
     if (ret != MP_VAL)
         return -12835;
@@ -34412,7 +34410,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return -12851;
 #endif
 
-#ifdef HAVE_ECC
+#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
     if (ret != MP_VAL)
         return -12852;
@@ -34436,7 +34434,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return -12858;
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
     ret = mp_lcm(NULL, NULL, NULL);
     if (ret != MP_VAL)
         return -12859;
@@ -35022,6 +35020,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
     int ret;
     int i, j, k;
 
+#ifndef WOLFSSL_SP_MATH
     for (i = 0; i < 10; i++) {
         for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
             ret = randNum(a, j, rng, NULL);
@@ -35038,6 +35037,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
             }
         }
     }
+#endif
 
     for (i = 0; i < 10; i++) {
         for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
@@ -35075,6 +35075,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
 }
 #endif
 
+#ifndef WOLFSSL_SP_MATH
 static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
                        WC_RNG* rng)
 {
@@ -35192,6 +35193,7 @@ static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
 
     return 0;
 }
+#endif
 
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
     !defined(WC_NO_RNG)
@@ -35201,20 +35203,28 @@ static int mp_test_prime(mp_int* a, WC_RNG* rng)
     int res;
 
     ret = mp_rand_prime(a, 1, rng, NULL);
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+#if defined(WOLFSSL_SP_MATH_ALL)
     if (ret != 0)
+        return -13060;
 #else
     if (ret != MP_VAL)
-#endif
         return -13060;
+#endif
+#ifndef WOLFSSL_SP_MATH
     ret = mp_rand_prime(a, -5, rng, NULL);
     if (ret != 0)
         return -13061;
+#endif
     ret = mp_prime_is_prime(a, 1, &res);
     if (ret != MP_OKAY)
         return -13062;
+#ifndef WOLFSSL_SP_MATH
     if (res != MP_YES)
         return -13063;
+#else
+    if (res != MP_NO)
+        return -13063;
+#endif
 
     ret = mp_prime_is_prime(a, 0, &res);
     if (ret != MP_VAL)
@@ -35290,8 +35300,7 @@ static int mp_test_prime(mp_int* a, WC_RNG* rng)
 }
 #endif
 
-#if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
-    !defined(NO_RSA))
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
 static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
                            WC_RNG* rng)
 {
@@ -35490,7 +35499,7 @@ static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
     if (!mp_iszero(r1))
         return -13148;
 
-#ifdef WOLFSSL_SP_MATH
+#ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_set(a, 1);
     if (ret != MP_OKAY)
         return -13149;
@@ -35535,7 +35544,7 @@ static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
         return -13160;
 #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
 #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
-#endif /* WOLFSSL_SP_MATH */
+#endif /* WOLFSSL_SP_MATH_ALL */
 
     return 0;
 }
@@ -35586,8 +35595,7 @@ static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
         return -13177;
 #endif
 
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-#ifdef HAVE_ECC
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
     mp_set(a, 0);
     mp_set(m, 3);
     ret = mp_invmod_mont_ct(a, m, r, 1);
@@ -35614,7 +35622,6 @@ static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     ret = mp_invmod_mont_ct(a, m, r, 1);
     if (ret != MP_OKAY)
         return -13182;
-#endif
 #endif
 
     return 0;
@@ -35704,6 +35711,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     if (!mp_iszero(r))
         return -13209;
 
+#ifndef WOLFSSL_SP_MATH
     mp_set(b, 0x01);
     mp_mul_2d(b, DIGIT_BIT, b);
     mp_add_d(b, 1, b);
@@ -35719,6 +35727,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
         return -13212;
     if (!mp_iszero(r))
         return -13213;
+#endif
 
     mp_set(b, 0x2);
     mp_set(e, 0x3);
@@ -35730,7 +35739,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     if (ret != MP_OKAY)
         return -13215;
 
-#ifdef WOLFSSL_SP_MATH
+#ifdef WOLFSSL_SP_MATH_ALL
     mp_set(b, 0x2);
     mp_set(e, 0x3);
     mp_set(m, 0x01);
@@ -35829,7 +35838,10 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
     WC_RNG rng;
     int    ret;
 #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
-    int    i, j, k;
+    int    i, j;
+#ifndef WOLFSSL_SP_MATH
+    int    k;
+#endif
     mp_digit d;
 #endif
     mp_int a, b, r1, r2, p;
@@ -35889,6 +35901,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
                 return -13309;
          #endif
 
+     #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
          #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
                                               !defined(WOLFSSL_SP_INT_NEGATIVE))
             ret = mp_addmod(&a, &b, &p, &r1);
@@ -35914,6 +35927,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
             if (mp_cmp(&r1, &r2) != 0)
                 return -13316;
          #endif
+    #endif
 
             /* Ensure add digit produce same result as sub digit. */
             ret = mp_add_d(&a, d, &r1);
@@ -35933,6 +35947,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
                 return -13320;
             ret = 0;
 
+        #ifndef WOLFSSL_SP_MATH
             /* Shift up and down number all bits in a digit. */
             for (k = 0; k < DIGIT_BIT; k++) {
                 mp_mul_2d(&a, k, &r1);
@@ -35945,6 +35960,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
                 if (mp_cmp(&a, &r1) != 0)
                     return -13323;
             }
+        #endif
         }
     }
 
@@ -35990,7 +36006,8 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
     if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0)
         return ret;
 #endif
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
+#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
+                                                              defined(HAVE_ECC))
     if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0)
         return ret;
 #endif
@@ -36015,15 +36032,16 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void)
     if ((ret = mp_test_set_is_bit(&a)) != 0)
         return ret;
 #endif
+#ifdef WOLFSSL_SP_MATH_ALL
     if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0)
         return ret;
+#endif
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
     !defined(WC_NO_RNG)
     if ((ret = mp_test_prime(&a, &rng)) != 0)
         return ret;
 #endif
-#if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
-    !defined(NO_RSA))
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
     if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0)
         return ret;
 #endif

wolfssl/internal.h

@@ -861,6 +861,13 @@
     #endif
 #endif
 
+#if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \
+    (defined(NO_DH) || !defined(HAVE_ANON)) && \
+    defined(NO_RSA) && !defined(HAVE_ECC) && \
+    !defined(HAVE_ED25519) && !defined(HAVE_ED448)
+   #error "No cipher suites avaialble with this build"
+#endif
+
 #ifdef WOLFSSL_MULTICAST
     #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
         #define BUILD_WDM_WITH_NULL_SHA256

wolfssl/wolfcrypt/settings.h

@@ -2322,7 +2322,7 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* support for disabling PEM to DER */
-#if !defined(WOLFSSL_NO_PEM)
+#if !defined(WOLFSSL_NO_PEM) && !defined(NO_CODING)
     #undef  WOLFSSL_PEM_TO_DER
     #define WOLFSSL_PEM_TO_DER
 #endif

wolfssl/wolfcrypt/sp_int.h

@@ -802,7 +802,10 @@ MP_API int sp_cmp_d(sp_int* a, sp_int_digit d);
 MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r);
 MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r);
 MP_API int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r);
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem);
+#endif
 #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \
     defined(HAVE_COMP_KEY))
 MP_API int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r);
@@ -883,8 +886,12 @@ MP_API int sp_radix_size(mp_int* a, int radix, int* size);
 MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
 MP_API int sp_prime_is_prime(mp_int* a, int t, int* result);
 MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng);
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
 MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r);
+#endif
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
 MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r);
+#endif
 
 WOLFSSL_API word32 CheckRunTimeFastMath(void);