Merge pull request #9260 from douzzer/20251001-wc_DhGeneratePublic-ungate

20251001-wc_DhGeneratePublic-ungate

.wolfssl_known_macro_extras

@@ -420,6 +420,7 @@ NO_STDIO_FGETS_REMAP
 NO_TKERNEL_MEM_POOL
 NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
 NO_VERIFY_OID
+NO_WC_DHGENERATEPUBLIC
 NO_WC_SSIZE_TYPE
 NO_WOLFSSL_ALLOC_ALIGN
 NO_WOLFSSL_AUTOSAR_CRYIF
@@ -782,7 +783,6 @@ WOLFSSL_NO_CT_MAX_MIN
 WOLFSSL_NO_DECODE_EXTRA
 WOLFSSL_NO_DER_TO_PEM
 WOLFSSL_NO_DH186
-WOLFSSL_NO_DH_GEN_PUB
 WOLFSSL_NO_DTLS_SIZE_CHECK
 WOLFSSL_NO_ETM_ALERT
 WOLFSSL_NO_FENCE

wolfcrypt/src/dh.c

@@ -1373,7 +1373,6 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
     return ret;
 }
 
-#if defined(WOLFSSL_DH_GEN_PUB)
 /**
  * Given a DhKey with set params and a priv key, generate the corresponding
  * public key. If fips, does pub key validation.
@@ -1403,7 +1402,6 @@ int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
 
     return ret;
 }
-#endif /* WOLFSSL_DH_GEN_PUB */
 
 static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
     byte* priv, word32* privSz, byte* pub, word32* pubSz)

wolfcrypt/test/test.c

@@ -23614,7 +23614,15 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
-#if defined(WOLFSSL_DH_GEN_PUB) && defined(WOLFSSL_DH_EXTRA)
+    /* wc_DhGeneratePublic_fips() was added in 5.2.3, but some customers are
+     * building with configure scripts that set version to 5.2.1, but with 5.2.3
+     * wolfCrypt sources.
+     */
+#if !(defined(HAVE_SELFTEST) || \
+      (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,2,3)) || \
+      FIPS_VERSION3_EQ(6,0,0) || \
+      defined(NO_WC_DHGENERATEPUBLIC))
+
     /* additional test for wc_DhGeneratePublic:
      *   1. reset key2.
      *   2. using priv from dh key 1, generate pub2 with
@@ -23646,7 +23654,7 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
     if (pubSz != pubSz2 || XMEMCMP(pub, pub2, pubSz)) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
-#endif /* WOLFSSL_DH_GEN_PUB && WOLFSSL_DH_EXTRA */
+#endif /* !(HAVE_SELFTEST || FIPS <5.2.3 || FIPS == 6.0.0 || NO_WC_DHGENERATEPUBLIC */
 
 #if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
     !defined(HAVE_INTEL_QA)

wolfssl/wolfcrypt/dh.h

@@ -171,17 +171,8 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
         const byte* q, word32 qSz);
 WOLFSSL_API int wc_DhCopyNamedKey(int name,
         byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
-
-#ifndef WOLFSSL_NO_DH_GEN_PUB
-    #if defined(WOLFSSL_DH_EXTRA) && !defined(WOLFSSL_DH_GEN_PUB)
-        #define WOLFSSL_DH_GEN_PUB
-    #endif
-    #ifdef WOLFSSL_DH_GEN_PUB
-        WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
-                                            word32 privSz, byte* pub,
-                                            word32* pubSz);
-    #endif /* WOLFSSL_DH_GEN_PUB */
-#endif /* !WOLFSSL_NO_DH_GEN_PUB */
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
+        word32 privSz, byte* pub, word32* pubSz);
 
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,