From df7e105fb71d3b3fb019a80e85c05ae9b2ef0096 Mon Sep 17 00:00:00 2001
From: Josh Holtrop <josh@wolfssl.com>
Date: Fri, 25 Jul 2025 15:44:12 -0400
Subject: [PATCH] Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset

---
 doc/dox_comments/header_files/pkcs7.h |  4 ++++
 tests/api.c                           | 24 +++++++++++++-----------
 wolfcrypt/src/pkcs7.c                 | 12 ++++++------
 wolfcrypt/test/test.c                 | 14 +++++++++-----
 wolfssl/wolfcrypt/settings.h          |  3 ---
 5 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h
index 01e161649..31498ef9c 100644
--- a/doc/dox_comments/header_files/pkcs7.h
+++ b/doc/dox_comments/header_files/pkcs7.h
@@ -532,6 +532,8 @@ int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
     number generator for encryption
     \return DRBG_FAILED Returned if there is an error generating numbers with
     the random number generator used for encryption
+    \return NOT_COMPILED_IN may be returned if using an ECC key and wolfssl was
+    built without HAVE_X963_KDF support
 
     \param pkcs7 pointer to the PKCS7 structure to encode
     \param output pointer to the buffer in which to store the encoded
@@ -617,6 +619,8 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
     verification
     \return MP_MEM may be returned if there is an error during signature
     verification
+    \return NOT_COMPILED_IN may be returned if the EnvelopedData is encrypted
+    using an ECC key and wolfssl was built without HAVE_X963_KDF support
 
     \param pkcs7 pointer to the PKCS7 structure containing the private key with
     which to decode the enveloped data package
diff --git a/tests/api.c b/tests/api.c
index 9812c296a..4223847f7 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -17714,8 +17714,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
             rsaPrivKeySz = (word32)sizeof(rsaClientKey);
         #endif
     #endif
-    #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
-        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+    #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+            !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
         byte*   eccCert     = NULL;
         byte*   eccPrivKey  = NULL;
         word32  eccCertSz;
@@ -17793,8 +17793,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 #endif /* NO_RSA */
 
 /* ECC */
-#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
-    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
 
     #ifdef USE_CERT_BUFFERS_256
         ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
@@ -17862,7 +17862,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     #endif /* NO_AES && HAVE_AES_CBC */
 
 #endif /* NO_RSA */
-#if defined(HAVE_ECC)
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
     #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
             {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
@@ -18036,7 +18036,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
 #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
-    defined(HAVE_AES_KEYWRAP)
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     /* only a failure for KARI test cases */
     if (pkcs7 != NULL) {
         tempWrd32 = pkcs7->singleCertSz;
@@ -18137,7 +18137,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* NO_RSA */
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
     XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* HAVE_ECC */
@@ -18186,7 +18186,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 } /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
 
 
-#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
+#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
+    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
 static int wasAESKeyWrapCbCalled = 0;
 static int wasAESKeyUnwrapCbCalled = 0;
 
@@ -18215,7 +18216,8 @@ static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
 static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
+#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
+    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
     static const char input[] = "Test input for AES key wrapping";
     PKCS7 * pkcs7 = NULL;
     byte * eccCert = NULL;
@@ -18318,8 +18320,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_PKCS7)
-#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \
-     !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
     /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
      * Reserve a bit more than that in case it might grow. */
     byte rid[256];
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 424942b75..686d06856 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -7372,16 +7372,16 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
             return BAD_FUNC_ARG;
     };
 
+#ifdef HAVE_X963_KDF
     ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo,
                       kari->sharedInfoSz, kari->kek, kari->kekSz);
-    if (ret != 0) {
-        XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
-        return ret;
-    }
+#else
+    (void)kdfType;
+    ret = NOT_COMPILED_IN;
+#endif
 
     XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
-
-    return 0;
+    return ret;
 }
 
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index c2f79acc6..b86ac6f56 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -52135,7 +52135,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     };
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
-    defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP)
+    defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
@@ -52244,7 +52245,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 #endif
 
         /* key agreement key encryption technique*/
-#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP)
+#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     #if !defined(NO_AES) && defined(HAVE_AES_CBC)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7ENVELOPEDVECTOR(
@@ -52755,7 +52756,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     };
     byte senderNonce[PKCS7_NONCE_SZ + 2];
 #ifdef HAVE_ECC
-    #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
+    #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
     WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
@@ -52771,7 +52773,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
-    defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
+    defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
@@ -52886,7 +52889,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 
         /* key agreement key encryption technique*/
 #ifdef HAVE_ECC
-    #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
+    #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7AUTHENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 8fb193836..50aa25df4 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ;
     #if defined(NO_AES) && defined(NO_DES3)
         #error PKCS7 needs either AES or 3DES enabled, please enable one
     #endif
-    #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
-        #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
-    #endif
 #endif
 
 #ifndef NO_PKCS12