From f43b3cec29f5ae8289e6c8a9caa7b961e44fe2bd Mon Sep 17 00:00:00 2001
From: Massimiliano Pala <m.pala@cablelabs.com>
Date: Wed, 16 Aug 2023 17:16:21 -0600
Subject: [PATCH] Fixed OQS include for non-OQS enabled compilation. Fixed name
 of variable for OpenSSL 3.x HSM's PEM write function.

---
 src/drivers/openssl/openssl_hsm_pkey.c | 14 ++++++++++----
 src/libpki/openssl/pki_oid_defs.h      |  6 ++++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/drivers/openssl/openssl_hsm_pkey.c b/src/drivers/openssl/openssl_hsm_pkey.c
index a37a8e5..0dc884e 100644
--- a/src/drivers/openssl/openssl_hsm_pkey.c
+++ b/src/drivers/openssl/openssl_hsm_pkey.c
@@ -875,7 +875,9 @@ PKI_X509_KEYPAIR *HSM_OPENSSL_X509_KEYPAIR_new(PKI_KEYPARAMS * kp,
     // Memory Cleanup
     if (value) EVP_PKEY_free(value);
     if (ret) PKI_X509_KEYPAIR_free(ret);
+#ifdef ENABLE_OQS
     if (ctx) EVP_PKEY_CTX_free(ctx);
+#endif
 
     // Error
     return NULL;
@@ -897,9 +899,13 @@ void HSM_OPENSSL_X509_KEYPAIR_free ( PKI_X509_KEYPAIR *pkey ) {
 // we have to provide our own function until OpenSSL solve
 // this issue
 
-int OPENSSL_HSM_write_bio_PrivateKey (BIO *bp, EVP_PKEY *x, 
-        const EVP_CIPHER *enc, unsigned char *out_buffer, int klen, 
-        pem_password_cb *cb, void *u) {
+int OPENSSL_HSM_write_bio_PrivateKey (BIO               * bp, 
+                                      EVP_PKEY          * x, 
+                                      const EVP_CIPHER  * enc, 
+                                      unsigned char     * out_buffer,
+                                      int                 klen, 
+                                      pem_password_cb   * cb,
+                                      void              * u) {
 
     int ret = PKI_ERR;
 
@@ -914,7 +920,7 @@ int OPENSSL_HSM_write_bio_PrivateKey (BIO *bp, EVP_PKEY *x,
         case EVP_PKEY_EC: {
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
             ret = PEM_write_bio_ECPrivateKey(bp, 
-                EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) kstr, klen, cb, u);
+                EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) out_buffer, klen, cb, u);
 # elif OPENSSL_VERSION_NUMBER < 0x1010000fL
             ret = PEM_write_bio_ECPrivateKey(bp, 
                 x->pkey.ec, enc, (unsigned char *) out_buffer, klen, cb, u);
diff --git a/src/libpki/openssl/pki_oid_defs.h b/src/libpki/openssl/pki_oid_defs.h
index e611642..e5ca45f 100644
--- a/src/libpki/openssl/pki_oid_defs.h
+++ b/src/libpki/openssl/pki_oid_defs.h
@@ -6,8 +6,10 @@
 * Released under OpenCA LICENSE
 */
 
-#ifndef OQS_H
-#include <oqs/oqs.h>
+#ifdef ENABLE_OQS
+# ifndef OQS_H
+#  include <oqs/oqs.h>
+# endif
 #endif
 
 #ifndef _LIBPKI_OID_DEFS_H