Remove user-crypto functionality and Intel IPP support

.gitignore

@@ -286,23 +286,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
 
-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/
 

Makefile.am

@@ -168,7 +168,6 @@ include Docker/include.am
 
 include src/include.am
 include support/include.am
-include wolfcrypt/user-crypto/include.am
 include wolfcrypt/benchmark/include.am
 include wolfcrypt/src/include.am
 include wolfcrypt/test/include.am

cmake/functions.cmake

@@ -217,8 +217,6 @@ function(generate_build_flags)
         set(BUILD_CRL_MONITOR "yes" PARENT_SCOPE)
     endif()
     set(BUILD_QUIC ${WOLFSSL_QUIC} PARENT_SCOPE)
-    set(BUILD_USER_RSA ${WOLFSSL_USER_RSA} PARENT_SCOPE)
-    set(BUILD_USER_CRYPTO ${WOLFSSL_USER_CRYPTO} PARENT_SCOPE)
     set(BUILD_WNR ${WOLFSSL_WNR} PARENT_SCOPE)
     if(WOLFSSL_SRP OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SRP "yes" PARENT_SCOPE)
@@ -287,7 +285,6 @@ function(generate_build_flags)
     if(WOLFSSL_SP_MATH OR WOLFSSL_SP_MATH_ALL OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SP_INT "yes" PARENT_SCOPE)
     endif()
-    set(BUILD_FAST_RSA ${WOLFSSL_FAST_RSA} PARENT_SCOPE)
     set(BUILD_MCAPI ${WOLFSSL_MCAPI} PARENT_SCOPE)
     set(BUILD_ASYNCCRYPT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
     set(BUILD_WOLFEVENT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
@@ -493,14 +490,10 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/async.c)
          endif()
 
-         if(NOT BUILD_USER_RSA AND BUILD_RSA)
-              if(BUILD_FAST_RSA)
-                   list(APPEND LIB_SOURCES wolfcrypt/user-crypto/src/rsa.c)
-              else()
-                   if(NOT BUILD_FIPS_V2)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-                   endif()
-              endif()
+         if(BUILD_RSA)
+               if(NOT BUILD_FIPS_V2)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+               endif()
          endif()
 
          if(BUILD_SP)

configure.ac

@@ -5420,65 +5420,6 @@ then
     esac
 fi
 
-
-# USER CRYPTO
-ENABLED_USER_CRYPTO="no"
-ENABLED_USER_RSA="no"
-AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
-trycryptodir=""
-AC_ARG_WITH([user-crypto],
-    [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
-    [
-        CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
-        LIBS="$LIBS -lusercrypto"
-
-        if test "x$withval" != "xno" ; then
-            trycryptodir=$withval
-        fi
-        if test "x$withval" = "xyes" ; then
-            trycryptodir="/usr/local"
-        fi
-
-        LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
-        CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
-
-        #Look for RSA Init function in usercrypto lib
-        AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
-
-       if test "x$user_rsa_linked" = "xyes" ; then
-            AC_MSG_NOTICE([User user_rsa.h being used])
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
-            ENABLED_USER_RSA=yes
-            ENABLED_USER_CRYPTO=yes
-       fi
-
-
-        #Display check and find result of link attempts
-        AC_MSG_CHECKING([for USER_CRYPTO])
-        if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
-            AC_MSG_RESULT([no])
-            AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
-                    Specify its path using --with-user-crypto=/dir/])
-        else
-            AC_MSG_RESULT([yes])
-            # Check if .la is available if not then rely on exported path
-            if test -e $trycryptodir/lib/libusercrypto.la
-            then
-                LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"
-            else
-                LIB_ADD="-lusercrypto $LIB_ADD"
-            fi
-            AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
-        fi
-    ]
-)
-
-if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
-then
-    AC_MSG_ERROR([cannot enable user crypto and fips, user crypto possibility of using code in fips boundary.])
-fi
-
 # Whitewood netRandom client library
 ENABLED_WNR="no"
 trywnrdir=""
@@ -7795,171 +7736,6 @@ fi
 # End - Single Precision option handling                                       #
 ################################################################################
 
-# Fast RSA using Intel IPP
-ippdir="${srcdir}/IPP"
-ipplib="lib" # if autoconf guesses 32bit system changes lib directory
-fastRSA_found=no
-abs_path=`pwd`
-
-# set up variables used
-IPPLIBS=
-IPPHEADERS=
-IPPLINK=
-
-AC_ARG_ENABLE([fast-rsa],
-    [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
-    [ ENABLED_FAST_RSA=$enableval ],
-    [ ENABLED_FAST_RSA=no ],
-    )
-
-# Fast RSA does not support RSA-PSS
-if test "$ENABLED_RSAPSS" = "yes"; then
-    ENABLED_FAST_RSA=no
-fi
-
-if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
-
-    if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-        ipplib="lib_32" # 32 bit OS detected
-    fi
-
-#   Use static IPP Libraries
-if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
-    case $host_os in
-    *darwin*)
-        ipplib="$ipplib/mac_static"
-        AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
-                Dynamic IPP libraries supported on Mac])
-        break;;
-
-    *linux*)
-        ipplib="$ipplib/linux_static"
-        break;;
-    *)
-        ENABLED_FAST_RSA=no
-    esac
-
-    if test -e $srcdir/IPP/$ipplib/libippcore.a && test -e $srcdir/IPP/$ipplib/libippcp.a
-    then
-        :
-    else
-        ENABLED_FAST_RSA=no
-    fi
-    AC_CHECK_HEADERS([IPP/include/ipp.h IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
-    LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
-    if test "$ENABLED_FAST_RSA" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-else
-
-#   Check for and use bundled IPP libraries
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AC_MSG_NOTICE([Using local IPP crypto library])
-
-    AC_CHECK_HEADER([$abs_path/IPP/include/ippcp.h],
-    [
-        # build and default locations on linux and mac
-        STORE_LDFLAGS=${LDFLAGS}
-        STORE_CPPFLAGS=${CPPFLAGS}
-
-        # using LDFLAGS instead of AM_ temporarily to test link to library
-        LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
-        CPPFLAGS="-I$ippdir/include"
-        AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
-        name="$ippdir/$ipplib/libippcp"
-        case $host_os in
-        *darwin*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.dylib
-            then
-                IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
-                IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
-            else
-                fastRSA_found=no
-            fi
-            break;;
-
-        *linux*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.so.9.0
-            then
-                if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-                    IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                else
-                    IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                fi
-            else
-                fastRSA_found=no
-            fi
-            break;;
-        *)
-            fastRSA_found=no
-        esac
-
-        if test "$fastRSA_found" = "yes"; then
-            # was successful so add tested LDFLAGS to AM_ flags
-            AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
-            AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
-            IPPHEADERS="${srcdir}/IPP/include/*.h"
-        fi
-
-        # restore LDFLAGS to user set
-        LDFLAGS=${STORE_LDFLAGS}
-        CPPFLAGS=${STORE_CPPFLAGS}
-    ], [fastRSA_found=no])
-fi
-
-# Don't cache the result so it can be checked
-AS_UNSET([ac_cv_header_ippcp_h])
-AS_UNSET([ac_cv_header_ipp_h])
-AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
-
-#   Check link and see if user has pre-existing IPP Libraries if not using local
-if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
-    AC_MSG_NOTICE([Checking if IPP crypto library installed])
-    AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
-        [
-            fastRSA_found=yes
-            AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
-        ], [ fastRSA_found=no])
-    ], [fastRSA_found=no])
-
-    # Error out on not finding libraries
-    if test "$fastRSA_found" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-fi
-fi # end of if for shared library
-else # if user rsa is set than do not use fast rsa option
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
-    fi
-fi # end of if for user rsa crypto or fips
-
-#   End result of checking for IPP Libraries
-AC_MSG_CHECKING([for fast RSA])
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
-    # add in user crypto header that uses Intel IPP
-    AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
-    if test "$enable_shared" = "yes"; then
-        LIBS="$LIBS -lippcore -lippcp"
-        LIB_ADD="-lippcp -lippcore $LIB_ADD"
-    else
-        LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
-    fi
-    AC_MSG_RESULT([yes])
-else
-    AC_MSG_RESULT([no])
-fi
-
-AC_SUBST([IPPLIBS])
-AC_SUBST([IPPHEADERS])
-AC_SUBST([IPPLINK])
-
-
 # static memory use
 AC_ARG_ENABLE([staticmemory],
     [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
@@ -9123,9 +8899,6 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_FASTMATH" = "yes"; then
         AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
     fi
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([--enable-fastrsa is incompatible with --enable-linuxkm.])
-    fi
     if test "$ENABLED_LIBZ_RSA" = "yes"; then
         AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
     fi
@@ -9243,8 +9016,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST
 AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
-AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
-AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
@@ -9290,7 +9061,6 @@ AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENAB
 AM_COND_IF([BUILD_SP], [INCLUDE_SP_INT="yes"])
 AM_COND_IF([BUILD_SP_INT], [INCLUDE_SP_INT="yes"])
 AC_SUBST([INCLUDE_SP_INT])
-AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
 AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
 AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
 AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
@@ -9780,8 +9550,6 @@ echo "   * Examples:                   $ENABLED_EXAMPLES"
 echo "   * Crypt tests:                $ENABLED_CRYPT_TESTS"
 echo "   * Stack sizes in tests:       $ENABLED_STACKSIZE"
 echo "   * Heap stats in tests:        $ENABLED_TRACKMEMORY"
-echo "   * User Crypto:                $ENABLED_USER_CRYPTO"
-echo "   * Fast RSA:                   $ENABLED_FAST_RSA"
 echo "   * Asynchronous Crypto:        $ENABLED_ASYNCCRYPT"
 echo "   * Asynchronous Crypto (sim):  $ENABLED_ASYNCCRYPT_SW"
 echo "   * Cavium Nitrox:              $ENABLED_CAVIUM"

scripts/makedistsmall.sh

@@ -62,7 +62,6 @@ rm -rf ./swig
 rm -rf ./tests
 rm -rf ./testsuite
 rm -rf ./tirtos
-rm -rf ./wolfcrypt/user-crypto
 rm -rf ./wrapper
 rm -f -- *.rc *.supp *.ac *.am *.conf *.sh *.cproject *.project *.pl
 rm -f Vagrantfile SCRIPTS-LIST quit input resource.h

src/include.am

@@ -37,20 +37,6 @@ src_libwolfssl@LIBSUFFIX@_la_LIBADD = $(LIBM) $(LIB_ADD) $(LIB_STATIC_ADD)
 src_libwolfssl@LIBSUFFIX@_la_CFLAGS = -DBUILDING_WOLFSSL $(AM_CFLAGS) -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(EXTRA_CFLAGS)\""
 src_libwolfssl@LIBSUFFIX@_la_CPPFLAGS = -DBUILDING_WOLFSSL $(AM_CPPFLAGS)
 
-# install the packaged IPP libraries
-if BUILD_FAST_RSA
-
-# Link needed IPP libraries
-noinst_SCRIPTS+=IPP_links
-IPP_links:
-	@$(IPPLINK)
-
-ippdir = $(libdir)
-ipp_DATA = $(IPPLIBS)
-
-include_HEADERS+=$(IPPHEADERS)
-endif # BUILD_FAST_RSA
-
 if BUILD_FIPS
 
 if BUILD_FIPS_V2
@@ -370,17 +356,11 @@ if BUILD_ASYNCCRYPT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/async.c
 endif
 
-if !BUILD_USER_RSA
 if BUILD_RSA
-if BUILD_FAST_RSA
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
-else
 if !BUILD_FIPS_CURRENT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rsa.c
 endif !BUILD_FIPS_CURRENT
 endif
-endif
-endif
 
 if BUILD_RC2
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rc2.c

src/pk.c

@@ -50,8 +50,7 @@
 #endif
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
-    (!defined(HAVE_USER_RSA) || defined(HAVE_ECC) || \
-     (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
+    (defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
 /* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
  * Implementation in ssl.c.
  */
@@ -220,8 +219,8 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
 #endif /* !NO_FILESYSTEM */
 #endif
 
-#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) \
-    && !defined(HAVE_USER_RSA)) || !defined(WOLFCRYPT_ONLY))
+#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
+    || !defined(WOLFCRYPT_ONLY))
 /* Convert DER data to PEM in an allocated buffer.
  *
  * @param [in]  der    Buffer containing DER data.
@@ -298,8 +297,7 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
-#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-     !defined(HAVE_USER_RSA)) || \
+#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
      (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
      (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))
 #if !defined(NO_FILESYSTEM)
@@ -337,7 +335,7 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
 
 #if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
-    ((!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC))
+    (!defined(NO_RSA) || defined(HAVE_ECC))
 static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
     const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
     void* heap, byte** out, int* outSz)
@@ -532,8 +530,7 @@ static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field,
 #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM &&
         * (!NO_DSA || !NO_RSA || HAVE_ECC) */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA)
 /* snprintf() must be available */
 
 /* Maximum number of extra indent spaces on each line. */
@@ -737,7 +734,7 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
     return ret;
 }
 
-#endif /* XSNPRINTF && !NO_BIO && !NO_RSA && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO && !NO_RSA */
 
 #if !defined(NO_RSA) || (!defined(NO_DH) && !defined(NO_CERTS) && \
     defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || defined(HAVE_ECC)
@@ -922,8 +919,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
     #endif
 
         if (rsa->internal != NULL) {
-        #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-            !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+        #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
             /* Check if RNG is owned before freeing it. */
             if (rsa->ownRng) {
                 WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng;
@@ -1022,8 +1018,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             rsaKeyInited = 1;
         }
     }
-    #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-        !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+    #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
     if (!err) {
         WC_RNG* rng;
 
@@ -1052,8 +1047,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             /* Won't fail as key and rng are not NULL. */
         }
     }
-    #endif /* !HAVE_FIPS && !HAVE_USER_RSA && !HAVE_FAST_RSA &&
-            * WC_RSA_BLINDING */
+    #endif /* !HAVE_FIPS && WC_RSA_BLINDING */
     if (!err) {
         /* Set wolfCrypt RSA key into RSA key. */
         rsa->internal = key;
@@ -1105,7 +1099,7 @@ int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 
 /* Allocate a new RSA key and make it a copy.
  *
@@ -1161,12 +1155,10 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
 
 /* wolfSSL_RSAPrivateKey_dup not supported */
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
-#ifndef HAVE_USER_RSA
 static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     void* heap);
-#endif
 
 /*
  * RSA to/from bin APIs
@@ -1270,8 +1262,6 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out,
     return rsa;
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA)
 /* Converts an internal RSA structure to DER format for the private key.
  *
  * If "pp" is null then buffer size only is returned.
@@ -1345,8 +1335,6 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 
     return ret;
 }
-#endif /* defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1359,8 +1347,7 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO)
 
 /* Read DER data from a BIO.
  *
@@ -1464,8 +1451,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
     XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return key;
 }
-#endif /* defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) && !NO_BIO */
+#endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */
 
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
 
@@ -1475,7 +1461,6 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
 
 #ifdef OPENSSL_EXTRA
 
-#ifndef HAVE_USER_RSA
 /* Create a DER encoding of key.
  *
  * Not OpenSSL API.
@@ -1612,7 +1597,6 @@ static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1772,7 +1756,7 @@ static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in,
 #ifdef OPENSSL_EXTRA
 
 #ifndef NO_BIO
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 /* Writes PEM encoding of an RSA public key to a BIO.
  *
  * @param [in] bio  BIO object to write to.
@@ -1812,10 +1796,10 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 #endif /* !NO_BIO */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 #ifndef NO_FILESYSTEM
 
 /* Writes PEM encoding of an RSA public key to a file pointer.
@@ -1886,7 +1870,7 @@ int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa)
     return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE);
 }
 #endif /* !NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifndef NO_BIO
 /* Create an RSA public key by reading the PEM encoded data from the BIO.
@@ -1983,7 +1967,7 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
 
 #endif /* NO_FILESYSTEM */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
+#if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
 
 /* Writes PEM encoding of an RSA private key to newly allocated buffer.
@@ -2142,7 +2126,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
     return ret;
 }
 #endif /* NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */
 
 #ifndef NO_BIO
 /* Create an RSA private key by reading the PEM encoded data from the BIO.
@@ -2290,7 +2274,7 @@ int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent)
 }
 #endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO)
 /* snprintf() must be available */
 
 /* Maximum size of a header line. */
@@ -2398,7 +2382,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     return ret;
 }
-#endif /* XSNPRINTF && !NO_BIO && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -2407,7 +2391,6 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
  */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set RSA key data (external) from wolfCrypt RSA key (internal).
  *
  * @param [in, out] rsa  RSA key.
@@ -2500,12 +2483,10 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
 
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef OPENSSL_EXTRA
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set wolfCrypt RSA key data (internal) from RSA key (external).
  *
  * @param [in, out] rsa  RSA key.
@@ -2601,8 +2582,6 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* HAVE_USER_RSA */
-
 /* Set the RSA method into object.
  *
  * @param [in, out] rsa   RSA key.
@@ -2679,8 +2658,6 @@ int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#ifndef HAVE_USER_RSA
-
 /* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters.
  *
  * Only for those that are not NULL parameters.
@@ -2922,8 +2899,6 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
-
 /* Get the flags of the RSA key.
  *
  * @param [in] rsa  RSA key.
@@ -3088,7 +3063,6 @@ int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa)
  * RSA generate APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Get a random number generator associated with the RSA key.
  *
  * If not able, then get the global if possible.
@@ -3131,7 +3105,6 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng)
 
     return rng;
 }
-#endif
 
 /* Use the wolfCrypt RSA APIs to generate a new RSA key.
  *
@@ -3652,8 +3625,6 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
 #if defined(OPENSSL_EXTRA)
 
-#if !defined(HAVE_USER_RSA)
-
 /* Encode the message hash.
  *
  * Used by signing and verification.
@@ -4082,8 +4053,6 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
  * RSA public/private encrypt/decrypt APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
-
 /* Encrypt with the RSA public key.
  *
  * Return compliant with OpenSSL.
@@ -4481,7 +4450,6 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 
 /*
  * RSA misc operation APIs
@@ -4581,7 +4549,6 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
 
 #ifndef NO_WOLFSSL_STUB
 /* Enable blinding for RSA key operations.

src/ssl.c

@@ -24176,7 +24176,7 @@ static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
     }
 
     switch (key->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
         case EVP_PKEY_RSA:
             if ((sz = wolfSSL_RSA_To_Der(key->rsa, &buf, 1, heap))
                     < 0) {
@@ -24184,7 +24184,7 @@ static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
                 break;
             }
             break;
-#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
         defined(WOLFSSL_CERT_GEN))
         case EVP_PKEY_DSA:
@@ -26839,7 +26839,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
     }
 
     switch (pkey->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     case EVP_PKEY_RSA:
         WOLFSSL_MSG("populating RSA key");
         if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS)
@@ -27494,8 +27494,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
 }
 
 
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
 /* Adds the rsa private key to the user ctx.
 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
 int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
@@ -27533,7 +27532,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
     XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
-#endif /* NO_RSA && !HAVE_FAST_RSA */
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 
 
 #ifndef NO_BIO

tests/api.c

@@ -234,10 +234,6 @@
 
     #define FOURK_BUF 4096
     #define GEN_BUF  294
-
-    #ifndef USER_CRYPTO_ERROR
-        #define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */
-    #endif
 #endif
 
 #ifndef NO_SIG_WRAPPER
@@ -18685,11 +18681,7 @@ static int test_wc_InitRsaKey(void)
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
 
     /* Test bad args. */
-#ifndef HAVE_USER_RSA
     ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18726,7 +18718,7 @@ static int test_wc_RsaPrivateKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
         BAD_FUNC_ARG);
@@ -18734,15 +18726,6 @@ static int test_wc_RsaPrivateKeyDecode(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
         BAD_FUNC_ARG);
-#else
-    /* Test bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
 
     XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -18789,7 +18772,7 @@ static int test_wc_RsaPublicKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
         BAD_FUNC_ARG);
@@ -18797,15 +18780,6 @@ static int test_wc_RsaPublicKeyDecode(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
         BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
 
@@ -18854,7 +18828,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
        BAD_FUNC_ARG);
@@ -18862,15 +18836,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
        BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
        BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       USER_CRYPTO_ERROR);
-#endif
+
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18879,7 +18845,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 } /* END test_wc_RsaPublicKeyDecodeRaw */
 
 
-#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
      * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
      * trying until it gets a probable prime. */
@@ -18929,7 +18895,6 @@ static int test_wc_MakeRsaKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
 
-#ifndef HAVE_USER_RSA
     /* Test bad args. */
     ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
@@ -18938,17 +18903,6 @@ static int test_wc_MakeRsaKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
     /* e & 1 == 0 */
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        USER_CRYPTO_ERROR);
-    /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), USER_CRYPTO_ERROR);
-    /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), USER_CRYPTO_ERROR);
-#endif /* HAVE_USER_RSA */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -19351,7 +19305,7 @@ static int test_wc_RsaKeyToDer(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass good/bad args. */
     ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
     /* Get just the output length */
@@ -19363,19 +19317,6 @@ static int test_wc_RsaKeyToDer(void)
         /* Put back to Private Key */
         genKey.type = 1;
     #endif
-#else
-    /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    /* Get just the output length */
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
-    /* Try Public Key. */
-    genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    #ifdef WOLFSSL_CHECK_MEM_ZERO
-        /* Put back to Private Key */
-        genKey.type = 1;
-    #endif
-#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
@@ -19402,9 +19343,7 @@ static int test_wc_RsaKeyToPublicDer(void)
     int    bits = 2048;
     word32 derLen = 294;
 #endif
-#ifndef HAVE_USER_RSA
     int    ret;
-#endif
 
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(&key, 0, sizeof(key));
@@ -19422,16 +19361,10 @@ static int test_wc_RsaKeyToPublicDer(void)
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
 
-#ifndef HAVE_USER_RSA
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
     ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
     ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaKeyToPublicDer(&key, der, -1), USER_CRYPTO_ERROR);
-#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19507,8 +19440,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
-        && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
-        && !defined(NO_SHA256)
+        && !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
     RsaKey  key;
     WC_RNG  rng;
     const char inStr[] = TEST_STRING;
@@ -19605,7 +19537,7 @@ static int test_wc_RsaSSL_SignVerify(void)
     /* Sign. */
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
     idx = (int)outSz;
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
         BAD_FUNC_ARG);
@@ -19615,21 +19547,10 @@ static int test_wc_RsaSSL_SignVerify(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
         BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        USER_CRYPTO_ERROR);
-#endif
 
     /* Verify. */
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
         BAD_FUNC_ARG);
@@ -19639,17 +19560,6 @@ static int test_wc_RsaSSL_SignVerify(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
         BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        USER_CRYPTO_ERROR);
-#endif
 
     WC_FREE_VAR(in, NULL);
     WC_FREE_VAR(out, NULL);
@@ -19689,11 +19599,7 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
 
     /* Pass in bad arg. */
-#ifndef HAVE_USER_RSA
     ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), 0);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -19730,7 +19636,7 @@ static int test_wc_RsaFlattenPublicKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
         BAD_FUNC_ARG);
@@ -19742,19 +19648,6 @@ static int test_wc_RsaFlattenPublicKey(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
         BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -29135,11 +29028,7 @@ static int test_wc_SignatureGetSize_rsa(void)
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
     ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
     sig_type = WC_SIGNATURE_TYPE_RSA;
-    #ifndef HAVE_USER_RSA
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
-    #else
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
-    #endif
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
     key_len = (word32)0;
     ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
 
@@ -32840,16 +32729,16 @@ static int test_wolfSSL_certs(void)
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
     #endif
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -32866,7 +32755,7 @@ static int test_wolfSSL_certs(void)
         WOLFSSL_FILETYPE_PEM));
     ExpectIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* with loading in a new cert the check on private key should now fail */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33127,16 +33016,16 @@ static int test_wolfSSL_private_keys(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
     /* Have to load a cert before you can check the private key against that
      * certificates public key! */
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
     #endif
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33149,7 +33038,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33157,7 +33046,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33167,7 +33056,7 @@ static int test_wolfSSL_private_keys(void)
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -33175,7 +33064,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -33229,7 +33118,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33262,7 +33151,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33273,7 +33162,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33295,7 +33184,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33306,7 +33195,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33666,8 +33555,7 @@ static int test_wolfSSL_PEM_PrivateKey(void)
     /* key is DES encrypted */
     #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
         !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \
-        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && \
-        !defined(HAVE_USER_RSA) && !defined(NO_RSA)
+        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
         XFILE f = XBADFILE;
         wc_pem_password_cb* passwd_cb = NULL;
@@ -33780,7 +33668,7 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     XFILE fp = XBADFILE;
 
@@ -33809,7 +33697,7 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
     XFILE f = NULL;
@@ -33868,7 +33756,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     BIO* bio = NULL;
 
@@ -33943,7 +33831,7 @@ static int test_wolfSSL_PEM_bio_RSAPrivateKey(void)
     ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     ExpectNull(rsa_dup = RSAPublicKey_dup(NULL));
     /* Test duplicating empty key. */
     ExpectNotNull(rsa_dup = RSA_new());
@@ -34924,8 +34812,7 @@ static int test_wolfSSL_EVP_MD_hmac_signing(void)
 static int test_wolfSSL_EVP_MD_rsa_signing(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(USE_CERT_BUFFERS_2048)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
     WOLFSSL_EVP_PKEY* privKey = NULL;
     WOLFSSL_EVP_PKEY* pubKey = NULL;
     WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL;
@@ -35142,7 +35029,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
         WOLFSSL_FILETYPE_PEM));
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -35179,7 +35065,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
         pkey = NULL;
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
     if (EXPECT_SUCCESS()) {
@@ -46072,8 +45957,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
 #endif
 
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
         RSA* rsa = NULL;
         /* Tests bad parameters */
@@ -46113,7 +45997,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
 #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
         RSA_free(rsa);
     }
-#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
     SSL_CTX_free(ctx);
     ctx = NULL;
     BIO_free(bio);
@@ -47751,7 +47635,6 @@ static int test_wolfSSL_CTX_ctrl(void)
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -47785,7 +47668,6 @@ static int test_wolfSSL_CTX_ctrl(void)
         EVP_PKEY_free(pkey);
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     /* Tests should fail with passed in NULL pointer */
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
@@ -51425,8 +51307,7 @@ static int test_wc_ecc_get_curve_id_from_params(void)
 static int test_wolfSSL_EVP_PKEY_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     WOLFSSL_RSA* rsa = NULL;
     WOLFSSL_EVP_PKEY* pkey = NULL;
     WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
@@ -51534,7 +51415,7 @@ static int test_wolfSSL_EVP_PKEY_encrypt(void)
 }
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
         #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
@@ -51562,7 +51443,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     WOLFSSL_RSA* rsa = NULL;
 #endif
@@ -51612,7 +51493,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     switch (keyType) {
         case EVP_PKEY_RSA:
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
         {
             ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
@@ -51649,7 +51530,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
@@ -51670,7 +51551,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(
@@ -51686,7 +51567,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
         WOLFSSL_FAILURE);
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
@@ -51755,7 +51636,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS);
 #endif
@@ -56541,7 +56422,7 @@ static int test_wolfSSL_X509_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
+   !defined(NO_RSA) && defined(XSNPRINTF)
     X509 *x509 = NULL;
     BIO *bio = NULL;
 #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
@@ -56648,8 +56529,7 @@ static int test_wolfSSL_BIO_get_len(void)
 static int test_wolfSSL_RSA(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(WOLFSSL_KEY_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
     const BIGNUM *n;
     const BIGNUM *e;
@@ -56814,8 +56694,7 @@ static int test_wolfSSL_RSA(void)
 static int test_wolfSSL_RSA_DER(void)
 {
     EXPECT_DECLS;
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
     RSA *rsa = NULL;
     int i;
     const unsigned char *buff = NULL;
@@ -56903,8 +56782,8 @@ static int test_wolfSSL_RSA_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-   !defined(HAVE_FAST_RSA) && !defined(NO_BIO) && defined(XFPRINTF)
+   !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
+   !defined(NO_BIO) && defined(XFPRINTF)
     BIO *bio = NULL;
     WOLFSSL_RSA* rsa = NULL;
 
@@ -57031,7 +56910,7 @@ static int test_wolfSSL_RSA_sign_sha3(void)
 static int test_wolfSSL_RSA_get0_key(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     const BIGNUM* n = NULL;
     const BIGNUM* e = NULL;
@@ -57083,7 +56962,7 @@ static int test_wolfSSL_RSA_get0_key(void)
 static int test_wolfSSL_RSA_meth(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     RSA_METHOD *rsa_meth = NULL;
 
@@ -57151,8 +57030,7 @@ static int test_wolfSSL_RSA_meth(void)
 static int test_wolfSSL_RSA_verify(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
-    !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
 #ifndef NO_BIO
     XFILE fp = XBADFILE;
     RSA *pKey = NULL;
@@ -57232,7 +57110,7 @@ static int test_wolfSSL_RSA_verify(void)
 static int test_wolfSSL_RSA_sign(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57289,7 +57167,7 @@ static int test_wolfSSL_RSA_sign(void)
 static int test_wolfSSL_RSA_sign_ex(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57377,7 +57255,7 @@ static int test_wolfSSL_RSA_sign_ex(void)
 static int test_wolfSSL_RSA_public_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57552,7 +57430,7 @@ static int test_wolfSSL_RSA_public_decrypt(void)
 static int test_wolfSSL_RSA_private_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57712,7 +57590,7 @@ static int test_wolfSSL_RSA_private_encrypt(void)
 static int test_wolfSSL_RSA_public_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     const unsigned char msg[2048/8] = { 0 };
     unsigned char encMsg[2048/8];
@@ -57741,7 +57619,7 @@ static int test_wolfSSL_RSA_public_encrypt(void)
 static int test_wolfSSL_RSA_private_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     unsigned char msg[2048/8];
     const unsigned char encMsg[2048/8] = { 0 };
@@ -57906,8 +57784,7 @@ static int test_wolfSSL_RSA_To_Der(void)
 {
     EXPECT_DECLS;
 #ifdef WOLFSSL_TEST_STATIC_BUILD
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;
@@ -57990,7 +57867,7 @@ static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+    defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
 
     ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
@@ -58005,7 +57882,7 @@ static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
+    (defined(WOLFSSL_PEM_TO_DER) || \
     defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM)
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
@@ -58051,8 +57928,7 @@ static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
-    defined(WOLFSSL_DER_TO_PEM))
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;

wolfcrypt/src/asn.c

@@ -2875,7 +2875,7 @@ const char* GetSigName(int oid) {
 #if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \
    (!defined(NO_RSA) && \
         (defined(WOLFSSL_CERT_GEN) || \
-        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))))
+        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)))))
 /* Set the DER/BER encoding of the ASN.1 INTEGER header.
  *
  * When output is NULL, calculate the header length only.
@@ -2924,7 +2924,7 @@ int SetASNInt(int len, byte firstByte, byte* output)
 #if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
     !defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
     (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
-    defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
+    defined(OPENSSL_EXTRA)) && !defined(NO_RSA))
 /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
  * The number is assumed to be positive.
  *
@@ -2960,41 +2960,6 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
     return idx;
 }
 #endif
-
-#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA))
-/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from
- * an RSA key.
- * The number is assumed to be positive.
- *
- * n       Multi-precision integer to encode.
- * output  Buffer to write into.
- * returns BUFFER_E when the data is too long for the buffer.
- *         MP_TO_E when encoding the integer fails.
- *         Otherwise, the number of bytes added to the buffer.
- */
-static int SetASNIntRSA(void* n, byte* output)
-{
-    int idx = 0;
-    int leadingBit;
-    int length;
-
-    leadingBit = wc_Rsa_leading_bit(n);
-    length = wc_Rsa_unsigned_bin_size(n);
-    idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
-    if ((idx + length) > MAX_RSA_INT_SZ)
-        return BUFFER_E;
-
-    if (output) {
-        int err = wc_Rsa_to_unsigned_bin(n, output + idx, length);
-        if (err != MP_OKAY)
-            return MP_TO_E;
-    }
-    idx += length;
-
-    return idx;
-}
-#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
 #endif /* !WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -3316,7 +3281,7 @@ static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx,
 #endif /* (ECC || !NO_DSA) && !WOLFSSL_ASN_TEMPLATE */
 
 #ifndef WOLFSSL_ASN_TEMPLATE
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA)
+#if !defined(NO_RSA) || !defined(NO_DSA)
 static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx)
 {
     word32 idx = *inOutIdx;
@@ -3445,7 +3410,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
 
 /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
  * KeyGen) */
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+#if (!defined(NO_RSA) && \
      (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
       defined(OPENSSL_EXTRA))) || \
     (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
@@ -6336,7 +6301,6 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 }
 #endif /* WC_RSA_PSS */
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_ASN_TEMPLATE) || (!defined(NO_CERTS) && \
     (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)))
@@ -6674,8 +6638,6 @@ int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
 {
     return _RsaPrivateKeyDecode(input, inOutIdx, NULL, keySz, inSz);
 }
-
-#endif /* HAVE_USER_RSA */
 #endif /* NO_RSA */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -7221,12 +7183,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
 
             if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b,
                     pubKeySz)) == 0) {
-                /* limit for user RSA crypto because of RsaKey
-                 * dereference. */
-            #if defined(HAVE_USER_RSA)
-                WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
-                ret = 1; /* return first RSA cert as match */
-            #else
                 /* both keys extracted successfully now check n and e
                  * values are the same. This is dereferencing RsaKey */
                 if (mp_cmp(&(a->n), &(b->n)) != MP_EQ ||
@@ -7236,7 +7192,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 }
                 else
                     ret = 1;
-            #endif
             }
             else {
                 WOLFSSL_ERROR_VERBOSE(ret);
@@ -9231,7 +9186,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
 #ifndef NO_RSA
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
  * The information will be used to call TSIP TLS-linked API for    *
@@ -9583,7 +9537,6 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
 
     return ret;
 }
-#endif /* HAVE_USER_RSA */
 #endif /* !NO_RSA */
 
 #ifndef NO_DH
@@ -25136,7 +25089,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
 
 #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
     defined(WOLFSSL_KCAPI_RSA) || \
-    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))
+    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))
 /* USER RSA ifdef portions used instead of refactor in consideration for
    possible fips build */
 /* Encode a public RSA key to output.
@@ -25171,19 +25124,13 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, NULL);
-#else
     nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (nSz < 0)
         return nSz;
 
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, NULL);
-#else
     eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (eSz < 0)
         return eSz;
     seqSz = SetSequence((word32)(nSz + eSz), seq);
@@ -25224,18 +25171,10 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
     XMEMCPY(output + idx, seq, seqSz);
     idx += seqSz;
     /* n */
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, output + idx);
-#else
     nSz = SetASNIntMP(&key->n, nSz, output + idx);
-#endif
     idx += (word32)nSz;
     /* e */
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, output + idx);
-#else
     eSz = SetASNIntMP(&key->e, eSz, output + idx);
-#endif
     idx += (word32)eSz;
 
     return (int)idx;
@@ -25263,13 +25202,8 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ].noOut = 1;
     #endif
         /* Set public key mp_ints. */
-    #ifdef HAVE_USER_RSA
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], key->n);
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], key->e);
-    #else
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], &key->n);
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], &key->e);
-    #endif
         /* Calculate size of RSA public key. */
         ret = SizeASN_Items(rsaPublicKeyASN + o, dataASN + o,
                             (int)rsaPublicKeyASN_Length - o, &sz);
@@ -25338,11 +25272,11 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
 }
 
 #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA ||
-            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN) && !HAVE_USER_RSA))) */
+            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */
 
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \
-     !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+     !defined(NO_RSA)
 
 /* Encode private RSA key in DER format.
  *
@@ -25481,7 +25415,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 #endif
 }
 
-#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */
+#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 
 
 #ifdef WOLFSSL_CERT_GEN
@@ -38640,8 +38574,7 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
 #endif /* !NO_ASN */
 
 /* Functions that parse, but are not using ASN.1 */
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
+#if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
 /* import RSA public key elements (n, e) into RsaKey structure (key) */
 /* this function does not use any ASN.1 parsing */
 int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
@@ -38692,7 +38625,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
 
     return 0;
 }
-#endif /* !NO_RSA && !HAVE_USER_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
+#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
 
 
 #ifdef WOLFSSL_SEP

wolfcrypt/src/evp.c

@@ -2273,7 +2273,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     if (ctx == NULL) return NULL;
     XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
     ctx->pkey = pkey;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     ctx->padding = RSA_PKCS1_PADDING;
     ctx->md = NULL;
 #endif
@@ -2774,7 +2774,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
@@ -2877,7 +2877,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
@@ -2958,7 +2958,7 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return ret;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
         case EVP_PKEY_RSA:
             ctx->op = EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
@@ -3006,7 +3006,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
     (void)tbslen;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         unsigned int usiglen = (unsigned int)*siglen;
         if (!sig) {
@@ -3120,7 +3120,7 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
         case EVP_PKEY_RSA:
             ctx->op = EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
@@ -3162,7 +3162,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs,
             (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
@@ -3358,8 +3358,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
     }
 
     switch (pkey->type) {
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
         case EVP_PKEY_RSA:
             pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
                 NULL, NULL);
@@ -3892,7 +3891,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
         return ret;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd;
@@ -3988,7 +3987,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     (void)siglen;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -4461,7 +4460,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     else {
         /* Sign the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+    #if !defined(NO_RSA)
         case EVP_PKEY_RSA: {
             unsigned int sigSz = (unsigned int)*siglen;
             int nid;
@@ -4564,7 +4563,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     else {
         /* Verify the signature with the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+    #if !defined(NO_RSA)
         case EVP_PKEY_RSA: {
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -8510,7 +8509,7 @@ static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
 }
 
 #ifndef NO_RSA
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
 {
     int ret = 0;
@@ -8668,12 +8667,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
         }
     }
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
     if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
         return WOLFSSL_FAILURE;
     }
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifdef WC_RSA_BLINDING
     if (key->ownRng == 0) {

wolfcrypt/src/wc_port.c

@@ -36,12 +36,6 @@
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
-/* IPP header files for library initialization */
-#ifdef HAVE_FAST_RSA
-    #include <ipp.h>
-    #include <ippcp.h>
-#endif
-
 #ifdef FREESCALE_LTC_TFM
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
@@ -234,20 +228,6 @@ int wolfCrypt_Init(void)
         }
     #endif
 
-    /* if defined have fast RSA then initialize Intel IPP */
-    #ifdef HAVE_FAST_RSA
-        WOLFSSL_MSG("Attempting to use optimized IPP Library");
-        if ((ret = ippInit()) != ippStsNoErr) {
-            /* possible to get a CPU feature support status on optimized IPP
-              library but still use default library and see competitive speeds */
-            WOLFSSL_MSG("Warning when trying to set up optimization");
-            WOLFSSL_MSG(ippGetStatusString(ret));
-            WOLFSSL_MSG("Using default fast IPP library");
-            ret = 0;
-            (void)ret; /* suppress not read warning */
-        }
-    #endif
-
     #if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
         ret = ksdk_port_init();
         if (ret != 0) {

wolfcrypt/test/test.c

@@ -16405,87 +16405,45 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != RSA_BUFFER_E)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = sizeof(e);
     nSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != RSA_BUFFER_E)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
 }
 #endif /* NO_ASN */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
 static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 {
@@ -16560,7 +16518,7 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 
     return 0;
 }
-#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
+#endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef NO_SIG_WRAPPER
 static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
@@ -16622,12 +16580,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
+#if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
     /* blinding / rng handled with hardware acceleration */
     if (ret != 0)
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@@ -16845,7 +16798,7 @@ static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte
 }
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
 static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 {
     wc_test_ret_t ret;
@@ -18537,8 +18490,7 @@ exit_rsa:
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
 #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-     (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS) || \
       (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
       && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
 static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
@@ -18942,7 +18894,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     XMEMSET(keypub, 0, sizeof *keypub);
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
     ret = rsa_decode_test(key);
     if (ret != 0)
         ERROR_OUT(ret, exit_rsa);
@@ -19206,19 +19158,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
-    #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-        (!defined(HAVE_FIPS) || \
+    #if (!defined(HAVE_FIPS) || \
          (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
          && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
         return ret;
 
-    #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
+    #endif /* !HAVE_FIPS */
     #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_export_key_test(key);
     if (ret != 0)
@@ -23225,7 +23176,7 @@ static void show(const char *title, const char *p, unsigned int s) {
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;
@@ -23453,8 +23404,7 @@ openssl_pkey0_test_done:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    !defined(NO_SHA)
+#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
     EVP_PKEY_CTX* dec = NULL;
     EVP_PKEY_CTX* enc = NULL;
     EVP_PKEY* pubKey  = NULL;
@@ -23649,7 +23599,7 @@ openssl_pkey1_test_done:
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 {
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;

wolfcrypt/user-crypto/Makefile.am

@@ -1,9 +0,0 @@
-AM_CFLAGS=-I m4
-
-#add in wolfssl directory
-AM_CPPFLAGS+=-I$(abs_srcdir)/../../ -I$(srcdir)/include/
-lib_LTLIBRARIES = lib/libusercrypto.la
-lib_libusercrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
-lib_libusercrypto_la_LDFLAGS = $(AM_LDFLAGS)
-lib_libusercrypto_la_SOURCES = src/rsa.c
-include_HEADERS = include/user_rsa.h

wolfcrypt/user-crypto/README.txt

@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-
-##BUILDING ON 64BIT MAC OSX
-Tested and developed on MAC OSX linking to IPP v9.0
-
-for me exporting the IPP library was needed. As an example it was
-export DYLD_LIBRARY_PATH="/opt/intel/ipp/lib"
-
-first go to the root wolfssl dir and run ./autogen.sh && ./configure it with desired settings then make. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-Then go to the wolfssl/user-crypto directory and run ./autogen.sh && ./configure then make make install this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-An example build would be
-./configure --with-user-crypto CPPFLAGS=-I/opt/intel/ipp/include --enable-lighty
-
-
-##BUILDING IN 32BIT UBUNTU
-Tested on UBUNTU 32 bit linking to IPP v9.0
-
-for me exporting the IPP library. As an example it was
-export LD_LIBRARY_PATH="/opt/intel/ipp/lib/ia32_lin/:$LD_LIBRARY_PATH"
-
-first go to the root wolfssl dir and configure it with desired settings and make install. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-For me on Ubuntu the IPP libraries had been installed into /opt/intel/ipp/lib/ia32_lin/ so the ./configure LDFLAGS=-L/opt/intel/ipp/lib/ia32_lin was needed to be looking at that directory.
-Run make && make install from the directory wolfssl_root/wolfssl/user-crypto/ this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-
-./configure --with-user-crypto=root_wolfssl/wolfssl/user-crypto CPPFLAGS=-I/opt/intel/ipp/include (plus any desired additional flags)
-
-
-##THINGS TO CHECK FOR IF NOT ABLE TO LINK WITH USERCRYPTO LIB
-Check that the path has been exported for the IPP library. If usercrypto is unable to use the  function to init an RSA key then the link to it will fail in configure. Check for this by $DYLD_LIBRARY_PATH on mac or $LD_LIBRARY_PATH on ubuntu. If the directory for the Intel IPP libraries are not displayed than use "export DYLD_LIBRARY_PATH=path_to_ipp_libraries:$DYLD_LIBRARY_PATH".
-
-
-##CREATING OWN RSA CRYPTO PLUGIN
-
-It is required to have a header file named user_rsa.h. This is what is looked for by wolfssl/wolfcrypt/rsa.h and should contain the user defined rsa key struct.
-
-It is required to have a library called usercrypto. This is linked to when configuring wolfSSL with the option --with-user-crypto
-
-It is required when compiled with RSA cert generation to have key struct elements named n and e containing the corresponding big numbers. And the three helper functions to work with the big numbers. These functions are called by wolfcrypt/src/asn.c when working with certificates.
-To view the needed functions look at wolfssl/wolfcrypt/rsa.h they will be extern functions surrounded by HAVE_USER_RSA define.
-Cert Generation for other sign and verify such as ECC are not yet supported.
-
-When building with openssl compatibility layer extra developent needs to be done, having the two functions SetRsaExernal and SetRsaInternal
-
-wolfSSL does not take responsibility for the strength of security of third party cryptography libraries plugged in by the user.

wolfcrypt/user-crypto/autogen.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-# Create configure and makefile stuff...
-#
-
-# Git hooks should come before autoreconf.
-if test -d .git; then
-  if ! test -d .git/hooks; then
-    mkdir .git/hooks
-  fi
-  ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
-  ln -s -f ../../pre-push.sh .git/hooks/pre-push
-fi
-
-# If this is a source checkout then call autoreconf with error as well
-if test -d .git; then
-  WARNINGS="all,error"
-else
-  WARNINGS="all"
-fi
-
-autoreconf --install --force --verbose
-

wolfcrypt/user-crypto/configure.ac

@@ -1,44 +0,0 @@
-#                                               -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-
-AC_PREREQ([2.63])
-AC_INIT([usercypto], [0.1], [])
-AC_CONFIG_SRCDIR([src/rsa.c])
-
-AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
-
-LT_PREREQ([2.2])
-LT_INIT([disable-static])
-LT_LANG([C++])
-LT_LANG([C])
-
-# Checks for programs.
-AC_PROG_CC
-AC_CONFIG_MACRO_DIR([m4])
-
-# Checks for libraries.
-AM_LDFLAGS=$LDFLAGS
-LDFLAGS="$LDFLAGS -L/opt/intel/ipp/lib -lippcp -lippcore"
-
-# Path to find wolfssl/options and other includes
-AM_CPPFLAGS=$CPPFLAGS
-CPPFLAGS="$CPPFLAGS -I../../ -I/opt/intel/ipp/include"
-AC_CHECK_LIB([ippcore], [ippGetStatusString], [], [AC_MSG_ERROR([ippcore library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-AC_CHECK_LIB([ippcp], [ippsRSA_InitPublicKey], [], [AC_MSG_ERROR([ippcp library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-
-# check headers
-AC_CHECK_HEADER([ippcp.h], [], [AC_MSG_ERROR([ippcp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-AC_CHECK_HEADER([ipp.h], [], [AC_MSG_ERROR([ipp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-
-LDFLAGS=$AM_LDFLAGS
-CPPFLAGS=$AM_CPPFLAGS
-
-AM_LDFLAGS="-L/opt/intel/ipp/lib -lippcp -lippcore"
-AM_CPPFLAGS="-I/opt/intel/ipp/include"
-
-AC_SUBST([AM_CPPFLAGS])
-AC_SUBST([AM_LDFLAGS])
-AC_C_INLINE
-
-AC_CONFIG_FILES([Makefile])
-AC_OUTPUT

wolfcrypt/user-crypto/include.am

@@ -1,13 +0,0 @@
-
-if BUILD_FAST_RSA
-include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h
-endif
-
-# user crypto plug in example
-EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
-EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
-EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
-EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
-EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
-EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
-EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am

wolfcrypt/user-crypto/include/user_rsa.h

@@ -1,137 +0,0 @@
-/* user_rsa.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-#ifndef USER_WOLF_CRYPT_RSA_H
-#define USER_WOLF_CRYPT_RSA_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RSA
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-/* intels crypto */
-#include <ipp.h>
-#include <ippcp.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* needed for WOLFSSL_RSA type but use macro guard against redefine */
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TYPES_DEFINED) \
-        && !defined(WOLFSSL_RSA_TYPE_DEFINED)
-    struct WOLFSSL_RSA;
-    typedef struct WOLFSSL_RSA WOLFSSL_RSA;
-    #define WOLFSSL_RSA_TYPE_DEFINED
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1,
-};
-
-/* RSA */
-struct RsaKey {
-    IppsBigNumState* n;
-    IppsBigNumState* e;
-    IppsBigNumState* dipp;
-    IppsBigNumState* pipp;
-    IppsBigNumState* qipp;
-    IppsBigNumState* dPipp;
-    IppsBigNumState* dQipp;
-    IppsBigNumState* uipp;
-    int nSz, eSz, dSz;
-    IppsRSAPublicKeyState*  pPub;
-    IppsRSAPrivateKeyState* pPrv;
-    word32 prvSz; /* size of private key */
-    word32 sz;    /* size of signature */
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-};
-
-#ifndef WC_RSAKEY_TYPE_DEFINED
-    typedef struct RsaKey RsaKey;
-    #define WC_RSAKEY_TYPE_DEFINED
-#endif
-
-WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void*);
-WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
-WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                     word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
-                                            RsaKey* key);
-WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
-                                      word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                                word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
-                                        RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
-                                  word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaEncryptSize(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
-WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
-                                        const byte* e, word32 eSz, RsaKey* key);
-WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
-#ifdef WOLFSSL_KEY_GEN
-    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
-#endif
-WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
-                                                                       word32*);
-WOLFSSL_API int  wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
-
-
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-        /* abstracted BN operations with RSA key */
-    WOLFSSL_API int wc_Rsa_leading_bit(void* BN);
-    WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN);
-
-        /* return MP_OKAY on success */
-    WOLFSSL_API int wc_Rsa_to_unsigned_bin(void* BN, byte* in, int inLen);
-#endif
-
-#ifdef OPENSSL_EXTRA /* abstracted functions to deal with rsa key */
-    WOLFSSL_API int SetRsaExternal(WOLFSSL_RSA* rsa);
-    WOLFSSL_API int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_RSA */
-#endif /* USER_WOLF_CRYPT_RSA_H */

wolfcrypt/user-crypto/src/rsa.c

@@ -1,2797 +0,0 @@
-/* rsa.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H /* configure options when using autoconf */
-    #include <config.h>
-#endif
-
-#include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_RSA
-
-#define USER_CRYPTO_ERROR -101
-
-#ifdef OPENSSL_EXTRA
-    #include <wolfssl/openssl/rsa.h> /* include for openssl compatibility */
-    #include <wolfssl/openssl/bn.h>
-#endif
-#include "user_rsa.h"
-
-#ifdef DEBUG_WOLFSSL /* debug done without variadic to allow older compilers */
-    #include <stdio.h>
-    #define USER_DEBUG(x) printf x
-#else
-    #define USER_DEBUG(x) WC_DO_NOTHING
-#endif
-
-#define ASN_INTEGER    0x02
-#define ASN_BIT_STRING 0x03
-#define ASN_TAG_NULL   0x05
-#define ASN_OBJECT_ID  0x06
-
-
-/* Make sure compiler doesn't skip -- used from wolfSSL */
-static inline void ForceZero(const void* mem, word32 len)
-{
-    volatile byte* z = (volatile byte*)mem;
-
-    while (len--) *z++ = 0;
-}
-
-enum {
-    RSA_PUBLIC_ENCRYPT  = 0,
-    RSA_PUBLIC_DECRYPT  = 1,
-    RSA_PRIVATE_ENCRYPT = 2,
-    RSA_PRIVATE_DECRYPT = 3,
-
-    RSA_BLOCK_TYPE_1 = 1,
-    RSA_BLOCK_TYPE_2 = 2,
-
-    RSA_MIN_SIZE = 512,
-    RSA_MAX_SIZE = 4096, /* max allowed in IPP library */
-
-    RSA_MIN_PAD_SZ   = 11      /* separator + 0 + pad value + 8 pads */
-};
-
-
-int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
-{
-
-    USER_DEBUG(("Entering wc_InitRsaKey\n"));
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set full struct as 0 */
-    ForceZero(key, sizeof(RsaKey));
-
-    USER_DEBUG(("\tExit wc_InitRsaKey\n"));
-
-    (void)devId;
-    (void)heap;
-    return 0;
-}
-
-int wc_InitRsaKey(RsaKey* key, void* heap)
-{
-    return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
-}
-
-
-/* three functions needed for cert and key gen */
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-/* return 1 if there is a leading bit*/
-int wc_Rsa_leading_bit(void* bn)
-{
-    int ret = 0;
-    int dataSz;
-    Ipp32u* data;
-    Ipp32u  q;
-    int qSz = sizeof(Ipp32u);
-
-    if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert from size in binary to Ipp32u */
-    dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0);
-    data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL) {
-        USER_DEBUG(("Rsa leading bit memory error\n"));
-        return 0;
-    }
-
-    /* extract value from BN */
-    if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa leading bit error\n"));
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return 0;
-    }
-
-    /* use method like what's used in wolfssl tfm.c  */
-    q = data[dataSz - 1];
-
-    ret = 0;
-    while (qSz > 0) {
-        if (q != 0)
-            ret = (q & 0x80) != 0;
-        q >>= 8;
-        qSz--;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ret;
-}
-
-
-/* get the size in bytes of BN */
-int wc_Rsa_unsigned_bin_size(void* bn)
-{
-    int ret = 0;
-    if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa unsigned bin size error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */
-}
-
-#ifndef MP_OKAY
-#define MP_OKAY 0
-#endif
-
-/* extract the bn value to a unsigned byte array and return MP_OKAY on success */
-int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen)
-{
-    if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa to unsigned bin error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return MP_OKAY;
-}
-#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-
-#ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */
-static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in)
-{
-    IppStatus ret;
-    byte* data;
-    int sz;
-
-    USER_DEBUG(("Entering SetIndividualExternal\n"));
-
-    if (bn == NULL || in == NULL) {
-        USER_DEBUG(("inputs NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (*bn == NULL) {
-        *bn = wolfSSL_BN_new();
-        if (*bn == NULL) {
-            USER_DEBUG(("SetIndividualExternal alloc failed\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* get size of array needed and extract oct array of data */
-    ret = ippsGetSize_BN(in, &sz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(data, sz, in);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store the data into a wolfSSL Big Number */
-    *bn = wolfSSL_BN_bin2bn(data, sz, *bn);
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi)
-{
-    int length, ctxSz, sz;
-    IppStatus ret;
-    Ipp8u* data;
-
-    USER_DEBUG(("Entering SetIndividualInternal\n"));
-
-    if (bn == NULL || bn->internal == NULL) {
-        USER_DEBUG(("bn NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    length = wolfSSL_BN_num_bytes(bn);
-
-    /* if not IPP BN then create one */
-    if (*mpi == NULL) {
-        ret = ippsBigNumGetSize(length, &ctxSz);
-        if (ret != ippStsNoErr)
-            return USER_CRYPTO_ERROR;
-
-        *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-        if (*mpi == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsBigNumInit(length, *mpi);
-        if (ret != ippStsNoErr) {
-            XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-
-    }
-
-    /* get the size of array needed and check IPP BigNum */
-    if (ippsGetSize_BN(*mpi, &sz) != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    if (sz < length) {
-        USER_DEBUG(("big num size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* extract the wolfSSL BigNum and store it into IPP BigNum */
-    if (wolfSSL_BN_bn2bin(bn, data) < 0) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("error in getting bin from wolfssl bn\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsSetOctString_BN(data, length, *mpi);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* WolfSSL -> OpenSSL */
-int SetRsaExternal(WOLFSSL_RSA* rsa)
-{
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaExternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualExternal(&rsa->n, key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualExternal(&rsa->e, key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->type == RSA_PRIVATE) {
-        if (SetIndividualExternal(&rsa->d, key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->p, key->pipp) != 0) {
-            USER_DEBUG(("rsa p key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->q, key->qipp) != 0) {
-            USER_DEBUG(("rsa q key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmp1, key->dPipp) != 0) {
-            USER_DEBUG(("rsa dP key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmq1, key->dQipp) != 0) {
-            USER_DEBUG(("rsa dQ key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->iqmp, key->uipp) != 0) {
-            USER_DEBUG(("rsa u key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    rsa->exSet = 1;
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-
-
-/* Openssl -> WolfSSL */
-int SetRsaInternal(WOLFSSL_RSA* rsa)
-{
-    int ctxSz, pSz, qSz;
-    IppStatus ret;
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaInternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualInternal(rsa->n, &key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualInternal(rsa->e, &key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* public key */
-    key->type = RSA_PUBLIC;
-
-    if (rsa->d != NULL) {
-        if (SetIndividualInternal(rsa->d, &key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* private key */
-        key->type = RSA_PRIVATE;
-    }
-
-    if (rsa->p != NULL &&
-        SetIndividualInternal(rsa->p, &key->pipp) != 0) {
-        USER_DEBUG(("rsa p key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->q != NULL &&
-        SetIndividualInternal(rsa->q, &key->qipp) != 0) {
-        USER_DEBUG(("rsa q key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmp1 != NULL &&
-        SetIndividualInternal(rsa->dmp1, &key->dPipp) != 0) {
-        USER_DEBUG(("rsa dP key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmq1 != NULL &&
-        SetIndividualInternal(rsa->dmq1, &key->dQipp) != 0) {
-        USER_DEBUG(("rsa dQ key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->iqmp != NULL &&
-        SetIndividualInternal(rsa->iqmp, &key->uipp) != 0) {
-        USER_DEBUG(("rsa u key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    rsa->inSet = 1;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->pipp != NULL && key->qipp != NULL && key->dipp != NULL &&
-            key->dPipp != NULL && key->dQipp != NULL && key->uipp != NULL) {
-        /* get bn sizes needed for private key set up */
-        ret = ippsGetSize_BN(key->pipp, &pSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsGetSize_BN(key->qipp, &qSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* store sizes needed for creating tmp private keys */
-        ret = ippsGetSize_BN(key->dipp, &key->dSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* convert to size in bits */
-        key->dSz = key->dSz * 8;
-        pSz = pSz * 8;
-        qSz = qSz * 8;
-
-        /* set up private key state */
-        ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        key->prvSz = ctxSz;
-        key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (key->pPrv == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                        ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-                key->dQipp, key->uipp, key->pPrv);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-#endif /* OPENSSLEXTRA */
-
-
-/* Padding scheme function used in wolfSSL for signing needed for matching
-   existing API signing scheme
-    input : the msg to be signed
-    inputLen : length of input msg
-    pkcsBlock : the outputted padded msg
-    pkcsBlockLen : length of outputted padded msg buffer
-    padValue : the padded value after first 00 , is either 01 or 02
-    rng : random number generator structure
- */
-static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
-                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
-{
-    if (inputLen == 0 || pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    pkcsBlock[0] = 0x0;       /* set first byte to zero and advance */
-    pkcsBlock++; pkcsBlockLen--;
-    pkcsBlock[0] = padValue;  /* insert padValue */
-
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        if (pkcsBlockLen < inputLen + 2) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* pad with 0xff bytes */
-        XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
-    }
-    else {
-        /* pad with non-zero random bytes */
-        word32 padLen, i;
-        int    ret;
-
-        if (pkcsBlockLen < inputLen + 1) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        padLen = pkcsBlockLen - inputLen - 1;
-        ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
-
-        if (ret != 0)
-            return ret;
-
-        /* remove zeros */
-        for (i = 1; i < padLen; i++)
-            if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
-    }
-
-    pkcsBlock[pkcsBlockLen-inputLen-1] = 0;     /* separator */
-    XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
-
-    return 0;
-}
-
-
-/* UnPad plaintext, set start to *output, return length of plaintext,
- * < 0 on error */
-static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
-                       byte **output, byte padValue)
-{
-    word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
-           invalid = 0,
-           i = 1,
-           outputLen;
-
-    if (pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (pkcsBlock[0] != 0x0) /* skip past zero */
-        invalid = 1;
-    pkcsBlock++; pkcsBlockLen--;
-
-    /* Require block type padValue */
-    invalid = (pkcsBlock[0] != padValue) || invalid;
-
-    /* verify the padding until we find the separator */
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
-    }
-    else {
-        while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
-    }
-
-    if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    outputLen = pkcsBlockLen - i;
-    invalid = (outputLen > maxOutputLen) || invalid;
-
-    if (invalid) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *output = (byte *)(pkcsBlock + i);
-    return outputLen;
-}
-
-
-/* Set up memory and structure for a Big Number
- * returns ippStsNoErr on success
- */
-static IppStatus init_bn(IppsBigNumState** in, int sz)
-{
-    int ctxSz;
-    IppStatus ret;
-
-    ret = ippsBigNumGetSize(sz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*in == NULL) {
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsBigNumInit(sz, *in);
-    if (ret != ippStsNoErr) {
-        XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *in = NULL;
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-/* Set up memory and structure for a Montgomery struct
- * returns ippStsNoErr on success
- */
-static IppStatus init_mont(IppsMontState** mont, int* ctxSz,
-                                                         IppsBigNumState* modul)
-{
-    int       mSz;
-    Ipp32u*   m;
-    IppStatus ret;
-
-    ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    /* convert bits to Ipp32u array size and round up
-       32 is number of bits in type */
-    mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0);
-    m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (m == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsExtGet_BN(NULL, NULL, m, modul);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    /* 2. Allocate working buffer using malloc */
-    *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mont == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-    ret = ippsMontInit(IppsSlidingWindows, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    /* 3. Call the function MontSet to set big number module */
-    ret = ippsMontSet(m, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ippStsNoErr;
-}
-
-
-
-int wc_FreeRsaKey(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    USER_DEBUG(("Entering wc_FreeRsaKey\n"));
-
-    if (key->pPub != NULL) {
-        XFREE(key->pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPub = NULL;
-    }
-
-    if (key->pPrv != NULL) {
-        /* write over sensitive information */
-        ForceZero(key->pPrv, key->prvSz);
-        XFREE(key->pPrv, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPrv = NULL;
-    }
-
-    if (key->n != NULL) {
-        XFREE(key->n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->n = NULL;
-    }
-
-    if (key->e != NULL) {
-        XFREE(key->e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->e = NULL;
-    }
-
-    if (key->dipp != NULL) {
-        XFREE(key->dipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dipp = NULL;
-    }
-
-    if (key->pipp != NULL) {
-        XFREE(key->pipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pipp = NULL;
-    }
-
-    if (key->qipp != NULL) {
-        XFREE(key->qipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->qipp = NULL;
-    }
-
-    if (key->dPipp != NULL) {
-        XFREE(key->dPipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dPipp = NULL;
-    }
-
-    if (key->dQipp != NULL) {
-        XFREE(key->dQipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dQipp = NULL;
-    }
-
-    if (key->uipp != NULL) {
-        XFREE(key->uipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->uipp = NULL;
-    }
-
-    USER_DEBUG(("\tExit wc_FreeRsaKey\n"));
-    (void)key;
-
-    return 0;
-}
-
-
-/* Some parsing functions from wolfSSL code needed to match wolfSSL API used */
-static int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int     length = 0;
-    word32  idx = *inOutIdx;
-    byte    b;
-
-    *len = 0;    /* default length */
-
-    if ((idx + 1) > maxIdx) {   /* for first read */
-        USER_DEBUG(("GetLength bad index on input\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    b = input[idx++];
-    if (b >= 0x80) {
-        word32 bytes = b & 0x7F;
-
-        if ((idx + bytes) > maxIdx) {   /* for reading bytes */
-            USER_DEBUG(("GetLength bad long length\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        while (bytes--) {
-            b = input[idx++];
-            length = (length << 8) | b;
-        }
-    }
-    else
-        length = b;
-
-    if ((idx + length) > maxIdx) {   /* for user of length */
-        USER_DEBUG(("GetLength value exceeds buffer length\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *inOutIdx = idx;
-    if (length > 0)
-        *len = length;
-
-    return length;
-}
-
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
-                        word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-    byte   b;
-    int    length;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    b = input[idx++];
-    if (b != tag)
-        return USER_CRYPTO_ERROR;
-
-    if (GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-    return length;
-}
-
-static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
-                     word32 maxIdx)
-{
-    int    ret;
-
-    ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
-    if (ret < 0)
-        return ret;
-
-    if (*len > 0) {
-        /* remove leading zero, unless there is only one 0x00 byte */
-        if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
-            (*inOutIdx)++;
-            (*len)--;
-
-            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
-                return USER_CRYPTO_ERROR;
-        }
-    }
-
-    return 0;
-}
-
-static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
-                  word32 maxIdx)
-{
-    IppStatus ret;
-    word32 idx = *inOutIdx;
-    int    length;
-    int    ctxSz;
-
-    if (GetASNInt(input, &idx, &length, maxIdx) < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsBigNumGetSize(length, &ctxSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mpi == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsBigNumInit(length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)input + idx, length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *inOutIdx = idx + length;
-    return 0;
-}
-
-
-static int GetSequence(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int    length = -1;
-    word32 idx    = *inOutIdx;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != (0x10 | 0x20) ||
-            GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-
-    return length;
-}
-
-
-static int GetMyVersion(const byte* input, word32* inOutIdx,
-                               int* version, word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-
-    if ((idx + 3) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x02)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x01)
-        return USER_CRYPTO_ERROR;
-
-    *version  = input[idx++];
-    *inOutIdx = idx;
-
-    return *version;
-}
-
-
-int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                        word32 inSz)
-{
-    int    version, length;
-    int  ctxSz, pSz, qSz;
-    IppStatus ret;
-
-    if (input == NULL || inOutIdx == NULL || key == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPrivateKeyDecode\n"));
-
-    /* read in key information */
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-
-    if (GetInt(&key->n,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->e,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->pipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->qipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dPipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dQipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->uipp,  input, inOutIdx, inSz) < 0 )
-        return USER_CRYPTO_ERROR;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsGetSize_BN(key->pipp, &pSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->qipp, &qSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store sizes needed for creating tmp private keys */
-    ret = ippsGetSize_BN(key->dipp, &key->dSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert to size in bits */
-    key->dSz = key->dSz * 8;
-    pSz = pSz * 8;
-    qSz = qSz * 8;
-
-    /* set up private key state */
-    ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->prvSz = ctxSz;
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("\tExit wc_RsaPrivateKeyDecode\n"));
-
-    return 0;
-}
-
-
-int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz)
-{
-    IppStatus ret = 0;
-    int length;
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    byte b;
-#endif
-
-    if (input == NULL || inOutIdx == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode_ex\n"));
-
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    if ((*inOutIdx + 1) > inSz)
-        return USER_CRYPTO_ERROR;
-
-    b = input[*inOutIdx];
-    if (b != ASN_INTEGER) {
-        /* not from decoded cert, will have algo id, skip past */
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        b = input[(*inOutIdx)++];
-        if (b != ASN_OBJECT_ID)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        *inOutIdx += length;   /* skip past */
-
-        /* could have NULL tag and 0 terminator, but may not */
-        b = input[(*inOutIdx)++];
-
-        if (b == ASN_TAG_NULL) {
-            b = input[(*inOutIdx)++];
-            if (b != 0)
-                return USER_CRYPTO_ERROR;
-        }
-        else {
-            /* go back, didn't have it */
-            (*inOutIdx)--;
-        }
-
-        /* should have bit tag length and seq next */
-        b = input[(*inOutIdx)++];
-        if (b != ASN_BIT_STRING)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) <= 0)
-            return USER_CRYPTO_ERROR;
-
-        /* could have 0 */
-        b = input[(*inOutIdx)++];
-        if (b != 0)
-            (*inOutIdx)--;
-
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-    }
-#endif /* OPENSSL_EXTRA || RSA_DECODE_EXTRA */
-
-    /* Get modulus */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (nSz)
-        *nSz = length;
-    if (n)
-        *n = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    /* Get exponent */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (eSz)
-        *eSz = length;
-    if (e)
-        *e = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    USER_DEBUG(("\tExit wc_RsaPublicKeyDecode_ex\n"));
-
-    return ret;
-}
-
-/* read in a public RSA key */
-int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                       word32 inSz)
-{
-    IppStatus ret;
-    const byte *n = NULL, *e = NULL;
-    word32 nSz = 0, eSz = 0;
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n"));
-
-    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, inSz, &n, &nSz, &e, &eSz);
-    if (ret == 0) {
-        ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
-    }
-
-    USER_DEBUG(("\tExit RsaPublicKeyDecode\n"));
-
-    return ret;
-}
-
-/* import RSA public key elements (n, e) into RsaKey structure (key) */
-int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
-                             word32 eSz, RsaKey* key)
-{
-    IppStatus ret;
-    int ctxSz;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecodeRaw\n"));
-
-    if (n == NULL || e == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up IPP key states -- read in n */
-    ret = init_bn(&key->n, nSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)n, nSz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* read in e */
-    ret = init_bn(&key->e, eSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)e, eSz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* store size and convert to binary */
-    key->sz = nSz;
-    nSz = nSz * 8;
-    eSz = eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(nSz, eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(nSz, eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n,key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->nSz = nSz;
-    key->eSz = eSz;
-    key->type = RSA_PUBLIC;
-
-    return 0;
-}
-
-
-/* encrypt using PKCS v15 */
-int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key, WC_RNG* rng)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-
-    if (key == NULL || in == NULL || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPub == NULL || outLen < key->sz)
-        return USER_CRYPTO_ERROR;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePublicKey(&scratchSz, key->pPub);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSAEncrypt_PKCSv15((Ipp8u*)in, inLen, NULL, (Ipp8u*)out,
-            key->pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("encrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    (void)rng;
-    return key->sz;
-}
-
-
-/* decrypt using PLCS v15 */
-int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-    int    outSz;
-
-    if (in == NULL || out == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPrv == NULL || inLen != key->sz)
-        return USER_CRYPTO_ERROR;
-
-    outSz = outLen;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* perform decryption using IPP */
-    ret = ippsRSADecrypt_PKCSv15((Ipp8u*)in, (Ipp8u*)out, &outSz, key->pPrv,
-            scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return outSz;
-}
-
-
-/* out is a pointer that is set to the location in byte array "in" where input
- data has been decrypted */
-int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-    int outSz;
-    byte* tmp;
-
-    USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n"));
-
-    /* allocate a buffer for max decrypted text */
-    tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL)
-        return USER_CRYPTO_ERROR;
-
-    outSz = wc_RsaPrivateDecrypt(in, inLen, tmp, key->sz, key);
-    if (outSz >= 0) {
-        XMEMCPY(in, tmp, outSz);
-        *out = in;
-    }
-    else {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n"));
-
-    return outSz;
-}
-
-
-/* Used to clean up memory when exiting, clean up memory used */
-static int FreeHelper(IppsBigNumState* pTxt, IppsBigNumState* cTxt,
-        Ipp8u* scratchBuffer, void* pPub)
-{
-    if (pTxt != NULL)
-        XFREE(pTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (cTxt != NULL)
-        XFREE(cTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer != NULL)
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub != NULL)
-        XFREE(pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* for Rsa Verify
-    in : byte array to be verified
-    inLen : length of input array
-    out : pointer to location of in byte array that has been verified
- */
-int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-
-    int ctxSz;
-    int scratchSz;
-    Ipp8u* scratchBuffer = NULL;
-    IppStatus ret;
-    IppsRSAPrivateKeyState* pPub = NULL;
-    IppsBigNumState* pTxt = NULL;
-    IppsBigNumState* cTxt = NULL;
-
-    USER_DEBUG(("Entering wc_RsaSSL_VerifyInline\n"));
-
-    if (key == NULL || key->n == NULL || key->e == NULL) {
-        USER_DEBUG(("n or e element was null\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (in == NULL || inLen == 0 || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up a private key state using public key values */
-    ret = ippsRSA_GetSizePrivateKeyType1(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType1(key->nSz, key->eSz, pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType1(key->n, key->e, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* load plain and cipher into big num states */
-    ret = init_bn(&pTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set up cipher to hold signature */
-    ret = init_bn(&cTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, cTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* decrypt using public key information */
-    ret = ippsRSA_Decrypt(cTxt, pTxt, pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* extract big num struct to octet string */
-    ret = ippsGetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-
-    /* unpad the decrypted information and return size of array */
-    return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
-}
-
-
-/* sets up and call VerifyInline to verify a signature */
-int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    int plainLen;
-    byte*  tmp;
-    byte*  pad = 0;
-
-    if (out == NULL || in == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    XMEMCPY(tmp, in, inLen);
-
-    /* verify signature and test if output buffer is large enough */
-    plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key);
-    if (plainLen < 0) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return plainLen;
-    }
-
-    if (plainLen > (int)outLen)
-        plainLen = USER_CRYPTO_ERROR;
-    else
-        XMEMCPY(out, pad, plainLen);
-
-    ForceZero(tmp, inLen);
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return plainLen;
-}
-
-
-/* Check if a > b , if so c = a mod b
-   return ippStsNoErr on success */
-static IppStatus reduce(IppsBigNumState* a, IppsBigNumState* b,
-        IppsBigNumState* c)
-{
-    IppStatus ret;
-
-    if ((ret = ippsMod_BN(a, b, c)) != ippStsNoErr)
-        return ret;
-
-    return ippStsNoErr;
-}
-
-
-static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b,
-        IppsMontState* mont, IppsBigNumState* out, IppsBigNumState* one)
-{
-    IppStatus ret;
-
-    ret = ippsMontForm(a, mont, a);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontForm error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* a = a^b mod mont */
-    ret = ippsMontExp(a, b, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontExp error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* convert back from montgomery */
-    ret = ippsMontMul(out, one, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontMul error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-static void Free_BN(IppsBigNumState* bn)
-{
-    int sz, ctxSz;
-    IppStatus ret;
-
-    if (bn != NULL) {
-        ret = ippStsNoErr;
-        ret |= ippsGetSize_BN(bn, &sz);
-        ret |= ippsBigNumGetSize(sz, &ctxSz);
-        if (ret == ippStsNoErr) {
-            ForceZero(bn, ctxSz);
-        }
-        else {
-            USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n"));
-        }
-        XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    }
-}
-
-
-/* free up memory used during CRT sign operation */
-static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp,
-        IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa,
-        IppsBigNumState* tmpb)
-{
-    Free_BN(one);
-    Free_BN(tmp);
-    Free_BN(tmpP);
-    Free_BN(tmpQ);
-    Free_BN(tmpa);
-    Free_BN(tmpb);
-}
-
-
-/* for Rsa Sign */
-int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, WC_RNG* rng)
-{
-    int sz, pSz, qSz;
-    IppStatus ret;
-    word32 outSz;
-
-    IppsMontState* pMont = NULL;
-    IppsMontState* qMont = NULL;
-
-    IppsBigNumState* one  = NULL;
-    IppsBigNumState* tmp  = NULL;
-    IppsBigNumState* tmpP = NULL;
-    IppsBigNumState* tmpQ = NULL;
-    IppsBigNumState* tmpa = NULL;
-    IppsBigNumState* tmpb = NULL;
-
-    IppsBigNumSGN sa, sb;
-
-    Ipp8u o[1];
-    o[0] = 1;
-
-    USER_DEBUG(("Entering wc_RsaSSL_Sign\n"));
-
-    if (in == NULL || out == NULL || key == NULL || rng == NULL) {
-        USER_DEBUG(("Bad argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    sz = key->sz;
-
-
-    /* sanity check on key being used */
-    if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL ||
-            key->dPipp == NULL || key->dQipp == NULL) {
-        USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz > (int)outLen) {
-        USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz < RSA_MIN_PAD_SZ) {
-        USER_DEBUG(("Key size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
-        USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Set up needed pkcs v15 padding */
-    if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) {
-        USER_DEBUG(("RSA Padding error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = input to sign */
-    ret = init_bn(&tmp, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                                                      ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpP = tmp mod p */
-    ret = init_bn(&tmpP, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpQ = tmp mod q */
-    ret = init_bn(&tmpQ, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa */
-    ret = init_bn(&tmpa, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb */
-    ret = init_bn(&tmpb, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* one : used for conversion from Montgomery to classical */
-    ret = init_bn(&one, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(o, 1, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Set up Montgomery state
-      */
-    ret = init_mont(&pMont, &pSz, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (pMont != NULL) {
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = init_mont(&qMont, &qSz, key->qipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (qMont != NULL) {
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        ForceZero(pMont, pSz);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Check and reduce input
-      This is needed for calls to MontExp since required value of a < modulus
-      */
-    ret = reduce(tmp, key->pipp, tmpP);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = reduce(tmp, key->qipp, tmpQ);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa = (tmp mod p)^dP mod p */
-    ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb = (tmp mod q)^dQ mod q */
-    ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = (tmpa - tmpb) * qInv (mod p) */
-    ret = ippsSub_BN(tmpa, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsMul_BN(tmp, key->uipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* mod performed the same was as wolfSSL fp_mod -- tmpa is just scratch */
-   ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp);
-   if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-   }
-
-    /* Check sign of values and perform conditional add */
-    ret = ippsExtGet_BN(&sa, NULL, NULL, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    if (sa != sb) {
-        ret = ippsAdd_BN(tmp, key->pipp, tmp);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret)));
-            ForceZero(pMont, pSz);
-            ForceZero(qMont, qSz);
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* tmp = tmpb + q * tmp */
-    ret = ippsMul_BN(tmp, key->qipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-
-    ret = ippsAdd_BN(tmp, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Extract the output */
-    ret = ippsGetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    outSz = sz;
-
-    /* clear memory and free */
-    ForceZero(pMont, pSz);
-    ForceZero(qMont, qSz);
-    XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-
-    return outSz;
-}
-
-
-int wc_RsaEncryptSize(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    return key->sz;
-}
-
-
-/* flatten RsaKey structure into individual elements (e, n) */
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
-                           word32* nSz)
-{
-    int sz, bytSz;
-    IppStatus ret;
-
-    USER_DEBUG(("Entering wc_RsaFlattenPublicKey\n"));
-
-    if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
-       return USER_CRYPTO_ERROR;
-
-    bytSz = sizeof(byte) * 8;
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1 : 0);
-
-    if (*eSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(e, sz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *eSz = (word32)sz;
-
-    /* flatten n */
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1: 0);
-
-    if (*nSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(n, sz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *nSz = (word32)sz;
-
-    return 0;
-}
-
-
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams);
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams)
-{
-    int nBytes;
-
-    if (pData == NULL) {
-        USER_DEBUG(("error with wolfSSL_rng argument\n"));
-        return ippStsErr;
-    }
-
-    nBytes = (nBits/8) + ((nBits % 8)? 1: 0);
-    if (wc_RNG_GenerateBlock((WC_RNG*)pEbsParams, (byte*)pData, nBytes) != 0) {
-        USER_DEBUG(("error in generating random wolfSSL block\n"));
-        return ippStsErr;
-    }
-
-    return ippStsNoErr;
-}
-
-
-#ifdef WOLFSSL_KEY_GEN
-/* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
-{
-    IppStatus ret;
-    int scratchSz;
-    int i; /* for tries on calling make key */
-    int ctxSz;
-
-    IppsBigNumState* pSrcPublicExp = NULL;
-    Ipp8u* scratchBuffer = NULL;
-    Ipp8u  eAry[8];
-    int trys = 8; /* Miller-Rabin test parameter */
-    IppsPrimeState* pPrime = NULL;
-
-    int qBitSz; /* size of q factor */
-    int bytSz; /* size of key in bytes */
-    int leng;
-
-    USER_DEBUG(("Entering wc_MakeRsaKey\n"));
-
-    /* get byte size and individual private key size -- round up */
-    qBitSz = (size / 2) + ((size % 2)? 1: 0);
-    bytSz  = (size / 8) + ((size % 8)? 1: 0);
-
-    if (key == NULL || rng == NULL) {
-        USER_DEBUG(("Error, NULL argument passed in\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (e < 3 || (e&1) == 0)
-        return USER_CRYPTO_ERROR;
-
-    if (size > RSA_MAX_SIZE || size < RSA_MIN_SIZE)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-    key->sz   = bytSz;
-
-    /* initialize prime number */
-    ret = ippsPrimeGetSize(size, &ctxSz); /* size in bits */
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeGetSize error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPrime == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsPrimeInit(size, pPrime);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeInit error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* define RSA privete key type 2 */
-    /* length in bits of p and q factors */
-    ret = ippsRSA_GetSizePrivateKeyType2(qBitSz, qBitSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->prvSz = ctxSz; /* used when freeing private key */
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* length in bits of p and q factors */
-    ret = ippsRSA_InitPrivateKeyType2(qBitSz, qBitSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* allocate scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetBufferSizePrivateKey error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up initial value of pScrPublicExp */
-    leng = (int)sizeof(long); /* # of Ipp32u in long */
-
-    /* place the value of e into the array eAry then load into BN */
-    for (i = 0; i < leng; i++) {
-        eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF;
-    }
-    ret = init_bn(&pSrcPublicExp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing key->n */
-    ret = init_bn(&key->n, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing public exponent key->e */
-    ret = init_bn(&key->e, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* private exponent key->dipp */
-    ret = init_bn(&key->dipp, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* call IPP to generate keys, if insufficient entropy error call again */
-    ret = ippStsInsufficientEntropy;
-    while (ret == ippStsInsufficientEntropy) {
-        ret = ippsRSA_GenerateKeys(pSrcPublicExp, key->n, key->e,
-                key->dipp, key->pPrv, scratchBuffer, trys, pPrime,
-                wolfSSL_rng, rng);
-        if (ret == ippStsNoErr) {
-            break;
-        }
-
-        /* catch all errors other than entropy error */
-        if (ret != ippStsInsufficientEntropy) {
-            USER_DEBUG(("ippsRSA_GeneratKeys error of %s\n",
-                    ippGetStatusString(ret)));
-            ret = USER_CRYPTO_ERROR;
-            goto makeKeyEnd;
-        }
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsExtGet_BN(NULL, &key->eSz, NULL, key->e);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsExtGet_BN(NULL, &key->nSz, NULL, key->n);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s nSz = %d eSz = %d\n",
-                ippGetStatusString(ret), key->nSz, key->eSz));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get private key information for key struct */
-    leng = size/16; /* size of q, p, u, dP, dQ */
-    ret = init_bn(&key->pipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up q BN for key */
-    ret = init_bn(&key->qipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dP BN for key */
-    ret = init_bn(&key->dPipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dQ BN for key */
-    ret = init_bn(&key->dQipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up u BN for key */
-    ret = init_bn(&key->uipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get values from created key */
-    ret = ippsRSA_GetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetPrivateKeyType2 error %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-    ret = 0; /* success case */
-
-makeKeyEnd:
-    /* clean up memory used */
-    XFREE(pSrcPublicExp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pPrime, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    if (ret != 0) { /* with fail case free RSA components created */
-        wc_FreeRsaKey(key);
-    }
-
-    return ret;
-}
-
-#endif
-
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-
-/********** duplicate code needed -- future refactor */
-#define MAX_VERSION_SZ 5
-#define MAX_SEQ_SZ 5
-#define ASN_CONTEXT_SPECIFIC 0x80
-#define ASN_CONSTRUCTED 0x20
-#define ASN_LONG_LENGTH 0x80
-#define ASN_SEQUENCE 0x10
-#define RSA_INTS 8
-#define FALSE 0
-#define TRUE 1
-
-#define MAX_LENGTH_SZ 4
-#define RSAk 645
-#define keyType 2
-#define MAX_RSA_INT_SZ 517
-#define MAX_RSA_E_SZ 16
-#define MAX_ALGO_SZ 20
-
-static word32 BytePrecision(word32 value)
-{
-    word32 i;
-    for (i = sizeof(value); i; --i)
-        if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
-            break;
-
-    return i;
-}
-
-
-static int SetMyVersion(word32 version, byte* output, int header)
-{
-    int i = 0;
-
-    if (output == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (header) {
-        output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
-        output[i++] = ASN_BIT_STRING;
-    }
-    output[i++] = ASN_INTEGER;
-    output[i++] = 0x01;
-    output[i++] = (byte)version;
-
-    return i;
-}
-
-
-static word32 SetLength(word32 length, byte* output)
-{
-    word32 i = 0, j;
-
-    if (length < 0x80)
-        output[i++] = (byte)length;
-    else {
-        output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
-
-        for (j = BytePrecision(length); j; --j) {
-            output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
-            i++;
-        }
-    }
-
-    return i;
-}
-
-
-static word32 SetSequence(word32 len, byte* output)
-{
-    output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
-    return SetLength(len, output + 1) + 1;
-}
-
-
-static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
-{
-    /* adding TAG_NULL and 0 to end */
-
-    /* RSA keyType */
-    #ifndef NO_RSA
-        static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-                                            0x01, 0x01, 0x01, 0x05, 0x00};
-    #endif /* NO_RSA */
-
-    int    algoSz = 0;
-    int    tagSz  = 2;   /* tag null and terminator */
-    word32 idSz, seqSz;
-    const  byte* algoName = 0;
-    byte ID_Length[MAX_LENGTH_SZ];
-    byte seqArray[MAX_SEQ_SZ + 1];  /* add object_id to end */
-
-    if (type == keyType) {    /* keyType */
-        switch (algoOID) {
-        #ifndef NO_RSA
-            case RSAk:
-                algoSz = sizeof(RSA_AlgoID);
-                algoName = RSA_AlgoID;
-                break;
-        #endif /* NO_RSA */
-        default:
-            /* unknown key algo */
-            return 0;
-        }
-    }
-    else {
-        /* unknown algo type */
-        return 0;
-    }
-
-    idSz  = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */
-    seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray);
-                 /* +1 for object id, curveID of curveSz follows for ecc */
-    seqArray[seqSz++] = ASN_OBJECT_ID;
-
-    XMEMCPY(output, seqArray, seqSz);
-    XMEMCPY(output + seqSz, ID_Length, idSz);
-    XMEMCPY(output + seqSz + idSz, algoName, algoSz);
-
-    return seqSz + idSz + algoSz;
-
-}
-
-
-/* Write a public RSA key to output */
-static int SetRsaPublicKey(byte* output, RsaKey* key,
-                           int outLen, int with_header)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte* n = NULL;
-    byte* e = NULL;
-#else
-    byte n[MAX_RSA_INT_SZ];
-    byte e[MAX_RSA_E_SZ];
-#endif
-    byte seq[MAX_SEQ_SZ];
-    byte len[MAX_LENGTH_SZ + 1];  /* trailing 0 */
-    int  nSz;
-    int  eSz;
-    int  seqSz;
-    int  lenSz;
-    int  idx;
-    int  rawLen;
-    int  leadingBit;
-    int  err;
-
-    if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ)
-        return USER_CRYPTO_ERROR;
-
-    /* n */
-#ifdef WOLFSSL_SMALL_STACK
-    n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (n == NULL)
-        return USER_CRYPTO_ERROR;
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->n);
-    rawLen = wc_Rsa_unsigned_bin_size(key->n);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    n[0] = ASN_INTEGER;
-    nSz  = SetLength(rawLen, n + 1) + 1;  /* int tag */
-
-    if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
-        if (leadingBit)
-            n[nSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)n + nSz, rawLen - leadingBit, key->n);
-        if (err == ippStsNoErr)
-            nSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* e */
-#ifdef WOLFSSL_SMALL_STACK
-    e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (e == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->e);
-    rawLen = wc_Rsa_unsigned_bin_size(key->e);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    e[0] = ASN_INTEGER;
-    eSz  = SetLength(rawLen, e + 1) + 1;  /* int tag */
-
-    if ( (eSz + rawLen) < MAX_RSA_E_SZ) {
-        if (leadingBit)
-            e[eSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)e + eSz, rawLen - leadingBit, key->e);
-        if (err == ippStsNoErr)
-            eSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    seqSz  = SetSequence(nSz + eSz, seq);
-
-    /* check output size */
-    if ( (seqSz + nSz + eSz) > outLen) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* headers */
-    if (with_header) {
-        int  algoSz;
-#ifdef WOLFSSL_SMALL_STACK
-        byte* algo;
-
-        algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        if (algo == NULL) {
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-#else
-        byte algo[MAX_ALGO_SZ];
-#endif
-        algoSz = SetAlgoID(RSAk, algo, keyType, 0);
-        lenSz  = SetLength(seqSz + nSz + eSz + 1, len);
-        len[lenSz++] = 0;   /* trailing 0 */
-
-        /* write, 1 is for ASN_BIT_STRING */
-        idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output);
-
-        /* check output size */
-        if ( (idx + algoSz + 1 + lenSz + seqSz + nSz + eSz) > outLen) {
-            #ifdef WOLFSSL_SMALL_STACK
-                XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            #endif
-
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* algo */
-        XMEMCPY(output + idx, algo, algoSz);
-        idx += algoSz;
-        /* bit string */
-        output[idx++] = ASN_BIT_STRING;
-        /* length */
-        XMEMCPY(output + idx, len, lenSz);
-        idx += lenSz;
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-    }
-    else
-        idx = 0;
-
-    /* seq */
-    XMEMCPY(output + idx, seq, seqSz);
-    idx += seqSz;
-    /* n */
-    XMEMCPY(output + idx, n, nSz);
-    idx += nSz;
-    /* e */
-    XMEMCPY(output + idx, e, eSz);
-    idx += eSz;
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-
-    return idx;
-}
-
-
-static IppsBigNumState* GetRsaInt(RsaKey* key, int idx)
-{
-    if (idx == 0)
-        return key->n;
-    if (idx == 1)
-        return key->e;
-    if (idx == 2)
-        return key->dipp;
-    if (idx == 3)
-        return key->pipp;
-    if (idx == 4)
-        return key->qipp;
-    if (idx == 5)
-        return key->dPipp;
-    if (idx == 6)
-        return key->dQipp;
-    if (idx == 7)
-        return key->uipp;
-
-    return NULL;
-}
-
-
-/* Release Tmp RSA resources */
-static WC_INLINE void FreeTmpRsas(byte** tmps, void* heap)
-{
-    int i;
-
-    (void)heap;
-
-    for (i = 0; i < RSA_INTS; i++)
-        XFREE(tmps[i], heap, DYNAMIC_TYPE_USER_CRYPTO);
-}
-
-
-/* Convert RsaKey key to DER format, write to output (inLen), return bytes
-   written */
-int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
-{
-    word32 seqSz, verSz, rawLen, intTotalLen = 0;
-    word32 sizes[RSA_INTS];
-    int    i, j, outLen, ret = 0, lbit;
-
-    byte  seq[MAX_SEQ_SZ];
-    byte  ver[MAX_VERSION_SZ];
-    byte* tmps[RSA_INTS];
-
-    USER_DEBUG(("Entering RsaKeyToDer\n"));
-
-    if (!key)
-        return USER_CRYPTO_ERROR;
-
-    if (key->type != RSA_PRIVATE)
-        return USER_CRYPTO_ERROR;
-
-    for (i = 0; i < RSA_INTS; i++)
-        tmps[i] = NULL;
-
-    /* write all big ints from key to DER tmps */
-    for (i = 0; i < RSA_INTS; i++) {
-        Ipp32u isZero;
-        IppsBigNumState* keyInt = GetRsaInt(key, i);
-
-        ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */
-        rawLen = wc_Rsa_unsigned_bin_size(keyInt);
-        if ((int)rawLen < 0) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* leading zero */
-        if (!isZero || wc_Rsa_leading_bit(keyInt))
-            lbit = 1;
-        else
-            lbit = 0;
-
-        rawLen += lbit;
-
-        tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (tmps[i] == NULL) {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-
-        tmps[i][0] = ASN_INTEGER;
-        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
-
-        if (sizes[i] <= MAX_SEQ_SZ) {
-            int err;
-
-            /* leading zero */
-            if (lbit)
-                tmps[i][sizes[i]-1] = 0x00;
-
-            /* extract data*/
-            err = ippsGetOctString_BN((Ipp8u*)(tmps[i] + sizes[i]),
-                    rawLen - lbit, keyInt);
-            if (err == ippStsOk) {
-                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
-                intTotalLen += sizes[i];
-                ret = 0;
-            }
-            else {
-                ret = USER_CRYPTO_ERROR;
-                USER_DEBUG(("ippsGetOctString_BN error %s\n",
-                                                      ippGetStatusString(err)));
-                break;
-            }
-        }
-        else {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-    }
-
-    if (ret != 0) {
-        FreeTmpRsas(tmps, key->heap);
-        return ret;
-    }
-
-    /* make headers */
-    verSz = SetMyVersion(0, ver, FALSE);
-    seqSz = SetSequence(verSz + intTotalLen, seq);
-
-    outLen = seqSz + verSz + intTotalLen;
-    if (output) {
-        if (outLen > (int)inLen) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* write to output */
-        XMEMCPY(output, seq, seqSz);
-        j = seqSz;
-        XMEMCPY(output + j, ver, verSz);
-        j += verSz;
-
-        for (i = 0; i < RSA_INTS; i++) {
-            XMEMCPY(output + j, tmps[i], sizes[i]);
-            j += sizes[i];
-        }
-    }
-    FreeTmpRsas(tmps, key->heap);
-
-    return outLen;
-}
-
-
-/* Convert Rsa Public key to DER format, write to output (inLen), return bytes
-   written
-*/
-int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
-{
-    return SetRsaPublicKey(output, key, inLen, 1);
-}
-
-/* Returns public DER version of the RSA key. If with_header is 0 then only a
- * seq + n + e is returned in ASN.1 DER format */
-int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
-    int with_header)
-{
-    return SetRsaPublicKey(output, key, inLen, with_header);
-}
-
-#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-#ifdef WC_RSA_BLINDING
-
-int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
-{
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    (void)rng;
-
-    return 0;
-}
-
-#endif /* WC_RSA_BLINDING */
-
-#endif /* NO_RSA */
-

wolfssl/internal.h

@@ -6415,10 +6415,8 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 /* Set*Internal and Set*External functions */
 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
-#ifndef HAVE_USER_RSA
 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
 WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
 
 typedef enum elem_set {
     ELEMENT_P   = 0x01,
@@ -6645,7 +6643,7 @@ WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
 #endif
 #endif
 
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
 WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
     int publicKey, void* heap);
 #endif

wolfssl/wolfcrypt/asn_public.h

@@ -704,7 +704,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
 #endif
 
 #ifndef NO_RSA
-    #if !defined(HAVE_USER_RSA)
     WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
         word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
     /* For FIPS v1/v2 and selftest this is in rsa.h */
@@ -717,7 +716,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
          (! ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR == 0)))))
     WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
     #endif
-    #endif /* !HAVE_USER_RSA */
     WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
     WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
         int with_header);

wolfssl/wolfcrypt/rsa.h

@@ -58,11 +58,6 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     #define NO_RSA_BOUNDS_CHECK
 #endif
 
-/* allow for user to plug in own crypto */
-#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
-    #include "user_rsa.h"
-#else
-
 #include <wolfssl/wolfcrypt/wolfmath.h>
 #include <wolfssl/wolfcrypt/random.h>
 
@@ -450,8 +445,6 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou
 
 WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
 
-#endif /* HAVE_USER_RSA */
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/settings.h

@@ -3177,7 +3177,6 @@ extern void uITRON4_free(void *p) ;
  *   RSA public only, CAVP selftest, fast RSA, user RSA, QAT or CryptoCell */
 #if (defined(WOLFSSL_RSA_KEY_CHECK) || (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0))) && \
     !defined(WOLFSSL_NO_RSA_KEY_CHECK) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-    !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \
     !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_CRYPTOCELL) && \
     !defined(HAVE_SELFTEST)