From 02d70ba7fac0d460c6cdf503a04893a9eaf8c653 Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Tue, 17 Dec 2024 17:25:11 -0600
Subject: [PATCH] require OPENSSL_EXTRA, and allow NO_FILESYSTEM.

---
 src/ssl.c                    | 3 ++-
 wolfssl/ssl.h                | 2 ++
 wolfssl/wolfcrypt/settings.h | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index df9c5631d2..f242b4d706 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1038,7 +1038,6 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         Suites* suites, const char* list);
 #endif
 
-
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #endif
@@ -6037,6 +6036,7 @@ static int crypto_policy_parse(void)
     return WOLFSSL_SUCCESS;
 }
 
+#ifndef NO_FILESYSTEM
 /* Enables wolfSSL system wide crypto-policy, using the given policy
  * file arg. If NULL is passed, then the default system crypto-policy
  * file that was set at configure time will be used instead.
@@ -6126,6 +6126,7 @@ int wolfSSL_crypto_policy_enable(const char * policy_file)
 
     return crypto_policy_parse();
 }
+#endif /* ! NO_FILESYSTEM */
 
 /* Same behavior as wolfSSL_crypto_policy_enable, but loads
  * via memory buf instead of file.
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index d6b725ddf4..3269e3aa7f 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -3194,7 +3194,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
 
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#ifndef NO_FILESYSTEM
 WOLFSSL_API int    wolfSSL_crypto_policy_enable(const char * policy);
+#endif /* ! NO_FILESYSTEM */
 WOLFSSL_API int    wolfSSL_crypto_policy_enable_buffer(const char * buf);
 WOLFSSL_API void   wolfSSL_crypto_policy_disable(void);
 WOLFSSL_API int    wolfSSL_crypto_policy_is_enabled(void);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 58a932000e..ac77e6d305 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -4256,6 +4256,10 @@ extern void uITRON4_free(void *p) ;
     #if !defined(WOLFSSL_CRYPTO_POLICY_FILE)
         #error "WOLFSSL_SYS_CRYPTO_POLICY requires a crypto policy file"
     #endif /* ! WOLFSSL_CRYPTO_POLICY_FILE */
+
+    #if !defined(OPENSSL_EXTRA)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires OPENSSL_EXTRA"
+    #endif /* ! OPENSSL_EXTRA */
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 /* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set,