Gate with HAVE_FIPS

Author: aidangarske

scripts/utils-wolfssl.sh

@@ -27,7 +27,7 @@ WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
 WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
 WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
 WOLFSSL_FIPS_CONFIG_OPTS=${WOLFSSL_CONFIG_OPTS:-'--enable-opensslcoexist '}
-WOLFSSL_FIPS_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include -DWOLFSSL_ENCRYPTED_KEYS -DWOLFSSL_OLD_OID_SUM"}
+WOLFSSL_FIPS_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include -DWOLFSSL_OLD_OID_SUM"}
 WOLFSSL_CONFIG_OPTS=${WOLFSSL_CONFIG_OPTS:-'--enable-all-crypto --with-eccminsz=192 --with-max-ecc-bits=1024 --enable-opensslcoexist --enable-sha'}
 WOLFSSL_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DRSA_MIN_SIZE=1024 -DWOLFSSL_OLD_OID_SUM "}
 

src/wp_internal.c

@@ -572,7 +572,7 @@ int wp_cipher_from_params(const OSSL_PARAM params[], int* cipher,
     return ok;
 }
 
-#ifndef WOLFSSL_ENCRYPTED_KEYS
+#if !defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(HAVE_FIPS)
 /*
  * wolfProvider version of EncryptedInfo.
  */
@@ -695,7 +695,7 @@ static int wp_BufferKeyEncrypt(wp_EncryptedInfo* info, byte* der, word32 derSz,
 
     return ret;
 }
-#endif /* WOLFSSL_ENCRYPTED_KEYS */
+#endif /* !defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(HAVE_FIPS) */
 
 /**
  * Encrypt the PKCS #8 key.

src/wp_rsa_kmgmt.c

@@ -2164,7 +2164,7 @@ static int wp_rsa_decode_pki(wp_Rsa* rsa, unsigned char* data, word32 len)
     word32 idx = 0;
 
     if (ok) {
-    #ifdef HAVE_PKCS8
+    #if defined(HAVE_PKCS8) && defined(HAVE_FIPS)
         /* skip PKCS8 header */
         (void)wc_GetPkcs8TraditionalOffset((byte*)data, &idx, len);
     #endif