diff --git a/src/internal.c b/src/internal.c index 8f479c2b0..72edd0eab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5013,7 +5013,8 @@ int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf) } #endif -#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo) @@ -5317,7 +5318,8 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, #ifndef WOLFSSL_NO_TLS12 -#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, RsaKey* key, DerBuffer* keyBufInfo) { @@ -5382,6 +5384,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, } #endif /* !NO_WOLFSSL_SERVER) || !WOLFSSL_NO_CLIENT_AUTH */ +#ifndef WOLFSSL_RSA_VERIFY_ONLY int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, RsaKey* key, buffer* keyBufInfo) { @@ -5441,6 +5444,7 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, return ret; } +#endif #endif /* !WOLFSSL_NO_TLS12 */ @@ -33912,7 +33916,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) { switch(ssl->specs.kea) { - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) case rsa_kea: { ret = RsaEnc(ssl, @@ -33928,7 +33932,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */ #ifndef NO_DH case diffie_hellman_kea: { @@ -34759,7 +34763,8 @@ int SendCertificateVerify(WOLFSSL* ssl) ); } #endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */ - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) if (ssl->hsType == DYNAMIC_TYPE_RSA) { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -34773,7 +34778,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ssl->buffers.key ); } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ /* Check for error */ if (ret != 0) { @@ -36837,7 +36842,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Sign hash to create signature */ switch (ssl->options.sigAlgo) { - #ifndef NO_RSA + #if !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) #ifdef WC_RSA_PSS case rsa_pss_sa_algo: #endif @@ -36856,7 +36863,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); break; } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY + && !WOLFSSL_RSA_VERIFY_ONLY */ #ifdef HAVE_ECC #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) case sm2_sa_algo: @@ -36950,7 +36958,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Sign hash to create signature */ switch (ssl->options.sigAlgo) { - #ifndef NO_RSA + #if !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) #ifdef WC_RSA_PSS case rsa_pss_sa_algo: #endif @@ -36973,7 +36983,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); break; } - #endif /* NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY + && !WOLFSSL_RSA_VERIFY_ONLY */ default: break; } /* switch (ssl->options.sigAlgo) */ @@ -41653,7 +41664,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], case TLS_ASYNC_DO: { switch (ssl->specs.kea) { - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) case rsa_kea: { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -41689,7 +41700,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ret = 0; break; } /* rsa_kea */ - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */ #ifndef NO_PSK case psk_kea: { diff --git a/src/tls13.c b/src/tls13.c index 149ed574f..6c1fd84d1 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9549,7 +9549,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) args->length = (word16)args->sigLen; } #endif /* HAVE_DILITHIUM */ - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) if (ssl->hsType == DYNAMIC_TYPE_RSA) { args->toSign = rsaSigBuf->buffer; args->toSignSz = (word32)rsaSigBuf->length; @@ -9570,7 +9571,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) XMEMCPY(args->sigData, sigOut, args->sigLen); } } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ /* Check for error */ if (ret != 0) { @@ -9603,7 +9604,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) ); } #endif /* HAVE_ECC */ - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) if (ssl->hsAltType == DYNAMIC_TYPE_RSA) { args->toSign = rsaSigBuf->buffer; args->toSignSz = (word32)rsaSigBuf->length; @@ -9625,7 +9627,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) XMEMCPY(args->altSigData, sigOut, args->altSigLen); } } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ #if defined(HAVE_FALCON) if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) { ret = wc_falcon_sign_msg(args->altSigData, diff --git a/tests/api/test_rsa.c b/tests/api/test_rsa.c index 0337aa795..895ca78a7 100644 --- a/tests/api/test_rsa.c +++ b/tests/api/test_rsa.c @@ -771,7 +771,8 @@ int test_wc_RsaKeyToPublicDer(void) int test_wc_RsaPublicEncryptDecrypt(void) { EXPECT_DECLS; -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) RsaKey key; WC_RNG rng; const char inStr[] = TEST_STRING; @@ -840,14 +841,16 @@ int test_wc_RsaPublicEncryptDecrypt_ex(void) WC_RNG rng; const char inStr[] = TEST_STRING; const word32 inLen = (word32)TEST_STRING_SZ; - const word32 plainSz = (word32)TEST_STRING_SZ; - byte* res = NULL; int idx = 0; int bits = TEST_RSA_BITS; const word32 cipherSz = TEST_RSA_BYTES; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + const word32 plainSz = (word32)TEST_STRING_SZ; + byte* res = NULL; - WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); +#endif + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 40ca470bc..09879d6fe 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -3656,7 +3656,7 @@ static void* benchmarks_do(void* args) #if !defined(NO_RSA) && !defined(WC_NO_RNG) #ifndef HAVE_RENESAS_SYNC - #if defined(WOLFSSL_KEY_GEN) + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) { #ifndef NO_SW_BENCH if (((word32)bench_asym_algs == 0xFFFFFFFFU) || @@ -3686,7 +3686,7 @@ static void* benchmarks_do(void* args) #endif } - #ifdef WOLFSSL_KEY_GEN + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) if (bench_asym_algs & BENCH_RSA_SZ) { #ifndef NO_SW_BENCH bench_rsa_key(0, bench_size); @@ -8763,7 +8763,7 @@ void bench_srtpkdf(void) #ifndef NO_RSA -#if defined(WOLFSSL_KEY_GEN) +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) { WC_DECLARE_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING, @@ -8871,7 +8871,7 @@ void bench_rsaKeyGen_size(int useDeviceID, word32 keySz) { bench_rsaKeyGen_helper(useDeviceID, keySz); } -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN && !WOLFSSL_RSA_PUBLIC_ONLY */ #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) @@ -9341,7 +9341,7 @@ exit: } -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) /* bench any size of RSA key */ void bench_rsa_key(int useDeviceID, word32 rsaKeySz) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 7014e6ded..759c795ff 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -4469,7 +4469,7 @@ int wc_RsaExportKey(RsaKey* key, #endif -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) /* Check that |p-q| > 2^((size/2)-100) */ static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size, int* valid) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 8bd98d813..5b15e4c5d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19187,7 +19187,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif /* !NO_RSA */ #if !defined(NO_RSA) || !defined(NO_DSA) - #ifdef WOLFSSL_KEY_GEN + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der"; static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem"; #endif @@ -21927,7 +21927,7 @@ exit_rsa: } #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -22861,7 +22861,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif /* WOLFSSL_CERT_EXT */ -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) ret = rsa_keygen_test(&rng); if (ret != 0) goto exit_rsa;