wolfSSL · JacobBarthelmeh · May 4, 2026 · May 4, 2026
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
@@ -120,6 +120,7 @@ jobs:
             CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE
             -DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO
             -DWOLFSSL_DTLS_ONLY'' ',
+          '--enable-opensslextra --disable-filesystem CPPFLAGS="-DNO_BIO"',
         ]
     name: make check linux
     if: github.repository_owner == 'wolfssl'

diff --git a/src/pk.c b/src/pk.c
@@ -211,7 +211,8 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
 #endif
 
 #if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
-    || !defined(WOLFCRYPT_ONLY))
+    || !defined(WOLFCRYPT_ONLY)) \
+    && (!defined(NO_BIO) || !defined(NO_FILESYSTEM))
 /* Convert DER data to PEM in an allocated buffer.
  *
  * @param [in]  der    Buffer containing DER data.

diff --git a/src/pk_ec.c b/src/pk_ec.c
@@ -426,7 +426,6 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef OPENSSL_EXTRA
-#ifndef NO_BIO
 
 /* Creates an EC group from the DER encoding.
  *
@@ -506,6 +505,7 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
     return ret;
 }
 
+#ifndef NO_BIO
 /* Creates a new EC group from the PEM encoding in the BIO.
  *
  * @param [in]  bio    BIO to read PEM encoding from.
@@ -545,6 +545,7 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     FreeDer(&der);
     return ret;
 }
+#endif /* !NO_BIO */
 
 WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
         const unsigned char **in, long len)
@@ -592,7 +593,6 @@ int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
 
     return len;
 }
-#endif /* !NO_BIO */
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
 /* Copy an EC group.

diff --git a/src/pk_rsa.c b/src/pk_rsa.c
@@ -986,7 +986,6 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
-#if !defined(NO_BIO) || !defined(NO_FILESYSTEM)
 /* Load DER encoded data into WOLFSSL_RSA object.
  *
  * Creates a new WOLFSSL_RSA object if one is not passed in.
@@ -1026,7 +1025,6 @@ static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in,
     }
     return ret;
 }
-#endif
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 

diff --git a/tests/api/test_ossl_ec.c b/tests/api/test_ossl_ec.c
@@ -1001,6 +1001,7 @@ int test_EC_i2d(void)
     ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
     ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
 
+#ifndef NO_BIO
     {
         EC_KEY *pubkey = NULL;
         BIO* bio = NULL;
@@ -1012,6 +1013,7 @@ int test_EC_i2d(void)
         BIO_free(bio);
         EC_KEY_free(pubkey);
     }
+#endif
 
     ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
     ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);

diff --git a/tests/api/test_tls.c b/tests/api/test_tls.c
@@ -389,7 +389,8 @@ int test_tls_certreq_order(void)
 }
 
 #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH)
+    !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH) && \
+    !defined(NO_FILESYSTEM)
 /* Called when writing. */
 static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
@@ -425,7 +426,8 @@ int test_tls12_bad_cv_sig_alg(void)
 {
     EXPECT_DECLS;
 #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH)
+    !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH) && \
+    !defined(NO_FILESYSTEM)
     byte clientMsgs[] = {
         /* Client Hello */
         0x16, 0x03, 0x03, 0x00, 0xe7,

diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c
@@ -3569,7 +3569,7 @@ int test_tls13_ch2_different_cs(void)
 }
 
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \
-    defined(HAVE_ECC)
+    defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
 /* Called when writing. */
 static int MESend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
@@ -3606,7 +3606,7 @@ int test_tls13_sg_missing(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \
-    defined(HAVE_ECC)
+    defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
     byte clientHello[] = {
@@ -3677,7 +3677,7 @@ int test_tls13_ks_missing(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \
-    defined(HAVE_ECC)
+    defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
     byte clientHello[] = {
@@ -4007,7 +4007,8 @@ int test_key_share_mismatch(void)
 
 
 #if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \
-    defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER)
+    defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_FILESYSTEM)
 /* Called when writing. */
 static int Tls13PTASend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
@@ -4135,7 +4136,8 @@ int test_tls13_plaintext_alert(void)
     EXPECT_DECLS;
 
 #if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \
-    defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER)
+    defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_FILESYSTEM)
     byte clientMsgs[] = {
         /* Client Hello */
         0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01,