diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 392a93f7479..6cfb368f1e3 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3115,8 +3115,7 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig, #endif /* WOLFSSL_CRYPTOCELL */ #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \ - !defined(NO_RSA_BOUNDS_CHECK) +#if !defined(NO_RSA_BOUNDS_CHECK) /* Check that 1 < in < n-1. (Requirement of 800-56B.) */ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, int checkSmallCt) @@ -3158,8 +3157,7 @@ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, return ret; } -#endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && - * !NO_RSA_BOUNDS_CHECK */ +#endif /* !NO_RSA_BOUNDS_CHECK */ #endif /* WOLF_CRYPTO_CB_ONLY_RSA */ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, @@ -3228,6 +3226,17 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, } #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && \ * !NO_RSA_BOUNDS_CHECK */ +#if !defined(NO_RSA_BOUNDS_CHECK) + if (type == RSA_PUBLIC_DECRYPT && + key->state == RSA_STATE_DECRYPT_EXPTMOD) { + + ret = RsaFunctionCheckIn(in, inLen, key, checkSmallCt); + if (ret != 0) { + RESTORE_VECTOR_REGISTERS(); + return ret; + } + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 0890ffb8492..a12af79b0ff 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5579,7 +5579,7 @@ int sp_abs(const sp_int* a, sp_int* r) #endif /* WOLFSSL_SP_INT_NEGATIVE */ #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + !defined(NO_RSA) /* Compare absolute value of two multi-precision numbers. * * @param [in] a SP integer. @@ -5662,9 +5662,7 @@ int sp_cmp_mag(const sp_int* a, const sp_int* b) #endif #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) || !defined(NO_DH) || \ - (!defined(NO_RSA) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \ - defined(WOLFSSL_KEY_GEN))) + defined(OPENSSL_EXTRA) || !defined(NO_DH) || !defined(NO_RSA) /* Compare two multi-precision numbers. * * Assumes a and b are not NULL. @@ -5706,9 +5704,8 @@ static int _sp_cmp(const sp_int* a, const sp_int* b) } #endif -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH) || \ - defined(WOLFSSL_SP_MATH_ALL) +#if !defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC) || \ + !defined(NO_DH) || defined(WOLFSSL_SP_MATH_ALL) /* Compare two multi-precision numbers. * * Pointers are compared such that NULL is less than not NULL. @@ -6197,9 +6194,8 @@ int sp_set_int(sp_int* a, unsigned long n) } #endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */ -#if defined(WOLFSSL_SP_MATH_ALL) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_ECC) /* Compare a one digit number with a multi-precision number. * * When a is NULL, MP_LT is returned. diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fdb526afa39..a75a5b00cd5 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2942,8 +2942,7 @@ extern void uITRON4_free(void *p) ; /* Determine when mp_add_d is required. */ #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(OPENSSL_EXTRA) + !defined(NO_RSA) || defined(OPENSSL_EXTRA) #define WOLFSSL_SP_ADD_D #endif