From 6b241ca6965aa9075281bd881e691e2ecc3d7540 Mon Sep 17 00:00:00 2001
From: Martijn de Milliano <mjdemilliano@gmail.com>
Date: Mon, 24 Nov 2025 12:23:47 +0100
Subject: [PATCH 1/3] Move some cdef declarations for RSA to separate section

The definitions for the following functions are not always available
when wolfSSL is configured to only contain a minimum of functionality:
- wc_GetPkcs8TraditionalOffset (only with ASN, which is required for
      RSA)
- wc_PemToDer (only when KEYGEN is enabled)
- wc_DerToPemEx (only when KEYGEN is enabled)

This change allows for building the Python wrapper when ASN and RSA
are both disabled.
---
 scripts/build_ffi.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py
index 4209197..54e26cc 100644
--- a/scripts/build_ffi.py
+++ b/scripts/build_ffi.py
@@ -546,8 +546,6 @@ def build_ffi(local_wolfssl, features):
         int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32);
         int wc_RNG_GenerateByte(WC_RNG*, byte*);
         int wc_FreeRng(WC_RNG*);
-
-        int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
     """
 
     if not features["FIPS"] or features["FIPS_VERSION"] > 2:
@@ -743,6 +741,8 @@ def build_ffi(local_wolfssl, features):
         int wc_InitRsaKey(RsaKey* key, void*);
         int wc_FreeRsaKey(RsaKey* key);
 
+        int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
+
         int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32);
         int wc_RsaPublicKeyDecode(const byte*, word32*, RsaKey*, word32);
         int wc_RsaEncryptSize(RsaKey*);
@@ -957,13 +957,17 @@ def build_ffi(local_wolfssl, features):
         } DerBuffer;
         typedef struct { ...; } EncryptedInfo;
 
+        word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
+                                  int hashOID);
+        """
+
+    if features["KEYGEN"]:
+        cdef += """
         int wc_PemToDer(const unsigned char* buff, long longSz, int type,
                         DerBuffer** pDer, void* heap, EncryptedInfo* info,
                         int* keyFormat);
         int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
                           byte *cipher_info, int type);
-        word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
-                                  int hashOID);
         """
 
     if features["WC_RNG_SEED_CB"]:

From 4f37e78d2b35c05d7a2458b51163abf82a3dc433 Mon Sep 17 00:00:00 2001
From: Martijn de Milliano <mjdemilliano@gmail.com>
Date: Mon, 8 Dec 2025 22:30:48 +0100
Subject: [PATCH 2/3] Include wc_GetPkcs8TraditionalOffset also when RSA
 feature is selected

It's part of the ASN feature but since it's also used by the RSA
binding this function must also be part of the library when only
the RSA feature is selected.
---
 scripts/build_ffi.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py
index 54e26cc..6e3b43f 100644
--- a/scripts/build_ffi.py
+++ b/scripts/build_ffi.py
@@ -741,8 +741,6 @@ def build_ffi(local_wolfssl, features):
         int wc_InitRsaKey(RsaKey* key, void*);
         int wc_FreeRsaKey(RsaKey* key);
 
-        int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
-
         int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32);
         int wc_RsaPublicKeyDecode(const byte*, word32*, RsaKey*, word32);
         int wc_RsaEncryptSize(RsaKey*);
@@ -961,6 +959,12 @@ def build_ffi(local_wolfssl, features):
                                   int hashOID);
         """
 
+    if features["ASN"] or features["RSA"]:
+        # This ASN function is used by the RSA binding as well.
+        cdef += """
+        int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
+        """
+
     if features["KEYGEN"]:
         cdef += """
         int wc_PemToDer(const unsigned char* buff, long longSz, int type,

From f9f73550bdfc036be135aee21e6cdb0503f2db2f Mon Sep 17 00:00:00 2001
From: Martijn de Milliano <mjdemilliano@gmail.com>
Date: Mon, 8 Dec 2025 23:07:12 +0100
Subject: [PATCH 3/3] Make wc_PemToDer|wc_DerToPemEx depend only on ASN not
 KEYGEN

These functions are actually not tied to the KEYGEN feature.
---
 scripts/build_ffi.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py
index 6e3b43f..cba2481 100644
--- a/scripts/build_ffi.py
+++ b/scripts/build_ffi.py
@@ -957,6 +957,11 @@ def build_ffi(local_wolfssl, features):
 
         word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
                                   int hashOID);
+        int wc_PemToDer(const unsigned char* buff, long longSz, int type,
+                        DerBuffer** pDer, void* heap, EncryptedInfo* info,
+                        int* keyFormat);
+        int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
+                        byte *cipher_info, int type);
         """
 
     if features["ASN"] or features["RSA"]:
@@ -965,15 +970,6 @@ def build_ffi(local_wolfssl, features):
         int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
         """
 
-    if features["KEYGEN"]:
-        cdef += """
-        int wc_PemToDer(const unsigned char* buff, long longSz, int type,
-                        DerBuffer** pDer, void* heap, EncryptedInfo* info,
-                        int* keyFormat);
-        int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
-                          byte *cipher_info, int type);
-        """
-
     if features["WC_RNG_SEED_CB"]:
         cdef += """
         typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz);