From 25281219258720ffd336047c03f79a2723f36155 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 6 Dec 2019 20:40:23 +1000
Subject: [PATCH] Fix RSA public key only builds

Client side only and no client auth
---
 src/internal.c                  | 10 ++++++++--
 src/ssl.c                       |  3 +++
 tests/api.c                     |  7 +++++--
 wolfcrypt/benchmark/benchmark.c |  9 ++++++---
 wolfcrypt/test/test.c           | 14 ++++++++++----
 5 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e230283c7..eb014769b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3533,7 +3533,8 @@ static word32 MacSize(WOLFSSL* ssl)
 
 #ifndef NO_RSA
 #ifndef WOLFSSL_NO_TLS12
-#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_WOLFSSL_SERVER) || (!defined(NO_WOLFSSL_CLIENT) && \
+                                               !defined(WOLFSSL_NO_CLIENT_AUTH))
 static int TypeHash(int hashAlgo)
 {
     switch (hashAlgo) {
@@ -3597,6 +3598,7 @@ int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf)
 }
 #endif
 
+#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
             word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
             DerBuffer* keyBufInfo)
@@ -3680,6 +3682,7 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 
     return ret;
 }
+#endif
 
 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
               int hashAlgo, RsaKey* key, buffer* keyBufInfo)
@@ -3887,6 +3890,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
 
 #ifndef WOLFSSL_NO_TLS12
 
+#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
     RsaKey* key, DerBuffer* keyBufInfo)
 {
@@ -3946,6 +3950,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
 
     return ret;
 }
+#endif /* !NO_WOLFSSL_SERVER) || !WOLFSSL_NO_CLIENT_AUTH */
 
 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
     RsaKey* key, buffer* keyBufInfo)
@@ -7383,7 +7388,8 @@ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
 
 
 #ifndef WOLFSSL_NO_TLS12
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_SERVER) || \
+                                               !defined(WOLFSSL_NO_CLIENT_AUTH))
 static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
                            word32 length, byte type, WOLFSSL* ssl)
 {
diff --git a/src/ssl.c b/src/ssl.c
index 090561b1f..073270a9a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5208,6 +5208,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
 {
     int ret = 0;
 
+    (void)heap;
+    (void)devId;
+
     if (ctx == NULL && ssl == NULL)
         return BAD_FUNC_ARG;
     if (!der || !keySz || !idx || !resetSuites || !rsaKey || !eccKey || !ed25519Key)
diff --git a/tests/api.c b/tests/api.c
index 91b2e9346..5cd75259b 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -252,7 +252,8 @@
     #include <wolfssl/wolfcrypt/asn.h>
 #endif
 
-#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) || !defined(NO_RSA)
+#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) || (!defined(NO_RSA) && \
+                  !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_SIG_WRAPPER)
     static int  devId = INVALID_DEVID;
 #endif
 #ifndef NO_DSA
@@ -12344,6 +12345,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex (void)
         return ret;
     }
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
     /* Decrypt */
     printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
     #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
@@ -12356,7 +12358,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex (void)
                 plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
                 WC_MGF1SHA1, NULL, 0);
     }
-   if (ret >= 0) {
+    if (ret >= 0) {
         if (!XMEMCMP(plain, inStr, plainSz)) {
             ret = 0;
         } else {
@@ -12385,6 +12387,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex (void)
             }
         }
     }
+#endif
 
     FREE_VAR(in, NULL);
     FREE_VAR(plain, NULL);
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 4fc53aa47..5ff4d0ef8 100755
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -555,7 +555,8 @@ static const char* bench_result_words1[][4] = {
     defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
     defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET)  || \
     defined(HAVE_ED25519)
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \
+                                                                 !defined(NO_DH)
 
 static const char* bench_desc_words[][9] = {
     /* 0           1          2         3        4        5         6            7            8 */
@@ -676,7 +677,8 @@ static const char* bench_desc_words[][9] = {
 #endif
 
 #if defined(BENCH_ASYM)
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \
+                                                                 !defined(NO_DH)
 static const char* bench_result_words2[][5] = {
     { "ops took", "sec"     , "avg" , "ops/sec", NULL },            /* 0 English  */
 #ifndef NO_MULTIBYTE_PRINT
@@ -1206,7 +1208,8 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count,
 }
 
 #ifdef BENCH_ASYM
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \
+                                                                 !defined(NO_DH)
 static void bench_stats_asym_finish(const char* algo, int strength,
     const char* desc, int doAsync, int count, double start, int ret)
 {
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 0ebce4278..360276c63 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -9735,7 +9735,7 @@ int decodedCertCache_test(void)
 #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
           defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
 
-#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 static int rsa_flatten_test(RsaKey* key)
 {
     int    ret;
@@ -11574,14 +11574,18 @@ int rsa_test(void)
 #if defined(HAVE_NTRU)
     RsaKey caKey;
 #endif
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+#ifndef NO_ASN
     word32 idx = 0;
+#endif
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)
     const char* inStr = "Everyone gets Friday off.";
     word32      inLen = (word32)XSTRLEN((char*)inStr);
-    byte*  res;
     const word32 outSz   = RSA_TEST_BYTES;
     const word32 plainSz = RSA_TEST_BYTES;
 #endif
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+    byte*  res;
+#endif
 #ifndef NO_SIG_WRAPPER
     int modLen;
 #endif
@@ -11594,7 +11598,7 @@ int rsa_test(void)
     DecodedCert cert;
 #endif
 
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)
     DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT);
     DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
@@ -11890,6 +11894,7 @@ int rsa_test(void)
     }
     TEST_SLEEP();
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
     idx = (word32)ret;
     do {
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11909,6 +11914,7 @@ int rsa_test(void)
     }
     TEST_SLEEP();
     #endif /* NO_SHA */
+#endif
 
     #ifndef NO_SHA256
     XMEMSET(plain, 0, plainSz);