Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.

configure.ac

@@ -1032,7 +1032,7 @@ AC_ARG_ENABLE([asn],
 if test "$ENABLED_ASN" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
-    if test "$ENABLED_DH" = "no"
+    if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" == "no"
     then
         # DH needs bigint
         AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
@@ -1056,18 +1056,21 @@ then
     AC_MSG_ERROR([please disable dsa if disabling asn.])
 fi
 
-if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no"
+if test "x$ENABLED_CRYPTONLY" = "xyes"
 then
+    if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no"
+    then
         AC_MSG_ERROR([please disable ecc if disabling asn.])
-fi
+    fi
 
-if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
+    if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
-then
+    then
         AC_MSG_ERROR([please enable psk if disabling asn.])
+    fi
 fi
 
 # DH needs bigint
-if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no"
+if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
 then
     ENABLED_FASTMATH=no
     ENABLED_SLOWMATH=no
@@ -2182,7 +2185,7 @@ then
     # turn off fastmth if leanpsk on or asn off (w/o dh)
     if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
     then
-        if test "$ENABLED_DH" = "no"
+        if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
         then
             ENABLED_FASTMATH=no
         else

wolfcrypt/benchmark/benchmark.c

@@ -1671,7 +1671,9 @@ void bench_eccKeyAgree(void)
     double start, total, each, milliEach;
     int    i, ret;
     byte   shared[32];
+#ifndef NO_ASN
     byte   sig[64+16];  /* der encoding too */
+#endif
     byte   digest[32];
     word32 x = 0;
 
@@ -1712,6 +1714,7 @@ void bench_eccKeyAgree(void)
         digest[i] = (byte)i;
 
 
+#ifndef NO_ASN
     start = current_time(1);
 
     for(i = 0; i < agreeTimes; i++) {
@@ -1739,6 +1742,7 @@ void bench_eccKeyAgree(void)
             return; 
         }
     }
+#endif
 
     total = current_time(0) - start;
     each  = total / agreeTimes;  /* per second  */

wolfcrypt/src/ecc.c

@@ -1832,6 +1832,7 @@ int wc_ecc_init(ecc_key* key)
 }
 
 
+#ifndef NO_ASN
 /**
  Sign a message digest
  in        The message digest to sign
@@ -1865,6 +1866,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 
     return err;
 }
+#endif /* !NO_ASN */
 
 /**
   Sign a message digest
@@ -2226,6 +2228,7 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
 
 
 
+#ifndef NO_ASN
 /* verify
  *
  * w  = s^-1 mod n
@@ -2276,6 +2279,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
     return err;
 }
+#endif /* !NO_ASN */
 
 /**
    Verify an ECC signature
@@ -3112,6 +3116,7 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
     return ret;
 }
 
+#ifndef NO_ASN
 /**
    Convert ECC R,S to signature
    r       R component of signature
@@ -3151,6 +3156,7 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen)
 
     return err;
 }
+#endif /* !NO_ASN */
 
 /**
    Import raw ECC key

wolfcrypt/test/test.c

@@ -6172,11 +6172,14 @@ int ecc_test(void)
     WC_RNG  rng;
     byte    sharedA[1024];
     byte    sharedB[1024];
+#ifndef NO_ASN
     byte    sig[1024];
+    int     verify;
+#endif
     byte    digest[20];
     byte    exportBuf[1024];
     word32  x, y;
-    int     i, verify, ret;
+    int     i, ret;
     ecc_key userA, userB, pubKey;
 
     ret = wc_InitRng(&rng);
@@ -6266,6 +6269,7 @@ int ecc_test(void)
     for (i = 0; i < (int)sizeof(digest); i++)
         digest[i] = (byte)i;
 
+#ifndef NO_ASN
     x = sizeof(sig);
     ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
 
@@ -6280,6 +6284,7 @@ int ecc_test(void)
 
     if (verify != 1)
         return -1016;
+#endif
 
     x = sizeof(exportBuf);
     ret = wc_ecc_export_private_only(&userA, exportBuf, &x);