From 994f218fcb96e5be5fe640f89d60ad088e989045 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 19 Dec 2024 14:29:39 -0600 Subject: [PATCH] src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO. --- configure.ac | 5 ++--- src/ssl.c | 5 +++-- wolfssl/internal.h | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 574e2fcce7..f29ea270d4 100644 --- a/configure.ac +++ b/configure.ac @@ -949,7 +949,6 @@ then test "$enable_ocsp" = "" && enable_ocsp=no test "$enable_tlsx" = "" && enable_tlsx=no test "$enable_sni" = "" && enable_sni=no - test "$enable_sni" = "" && enable_sni=no test "$enable_crl_monitor" = "" && enable_crl_monitor=no test "$enable_alpn" = "" && enable_alpn=no test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no @@ -5518,7 +5517,7 @@ AS_CASE([$FIPS_VERSION], # for armasm on arm-v7 or earlier (see armasm setup above). AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") && - (test "$ENABLED_ARMASM" = "no" || test "$ENABLED_ARMASM_CRYPTO" = "no")], + ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")], [ENABLED_AESGCM_STREAM="yes"]) AS_IF([test "x$ENABLED_AESOFB" = "xno" && @@ -5537,7 +5536,7 @@ AS_CASE([$FIPS_VERSION], AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") && - (test "$ENABLED_ARMASM" = "no" || test "$ENABLED_ARMASM_CRYPTO" = "no")], + ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")], [ENABLED_AESXTS_STREAM="yes"]) AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") || diff --git a/src/ssl.c b/src/ssl.c index bc6d3b5009..6e3f279d0e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21480,7 +21480,8 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, } #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if !defined(WOLFSSL_USER_IO) /* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 @@ -21648,7 +21649,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) } return ssl->suitesStack; } -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3f3c036a38..4cedf122f8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5765,7 +5765,8 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA const Suites* clSuites; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher * suites */ #endif