configure.ac: in FIPS lean-aesgcm setup, don't lock features that are outside

the FIPS boundary, just set up appropriate defaults.

wolfssl/wolfcrypt/wolfmath.h: if legacy math back ends aren't defined, and
   NO_BIG_INT isn't defined, then always include sp_int.h, for backward compat.

configure.ac

@@ -5678,28 +5678,22 @@ AS_CASE([$FIPS_VERSION],
 # optimizations section
 
 # protocol section
-        AS_IF([test "$ENABLED_CRYPTONLY" != "yes" &&
+        AS_IF([test "$ENABLED_CRYPTONLY" != "yes" && test "$enable_cryptonly" != "no"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_cryptonly" != "no")],
             [ENABLED_CRYPTONLY="yes"; enable_cryptonly="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"])
 
-        AS_IF([test "$ENABLED_TLS" != "no" &&
+        AS_IF([test "$ENABLED_TLS" != "no" && test "$enable_tls" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_tls" != "yes")],
             [ENABLED_TLS="no"; enable_tls="no"; AM_CFLAGS="$AM_CFLAGS -DNO_TLS"])
 
-        AS_IF([test "$ENABLED_TLSV12" != "no" &&
+        AS_IF([test "$ENABLED_TLSV12" != "no" && test "$enable_tlsv12" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_tlsv12" != "yes")],
             [ENABLED_TLSV12="no"; enable_tlsv12="no"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12"])
 
-        AS_IF([test "$ENABLED_ASN" != "no" &&
+        AS_IF([test "$ENABLED_ASN" != "no" && test "$enable_asn" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_asn" != "yes")],
             [ENABLED_ASN="no"; enable_asn="no"; AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"])
 
-        AS_IF([test "$ENABLED_SEND_HRR_COOKIE" != "no" &&
+        AS_IF([test "$ENABLED_SEND_HRR_COOKIE" != "no" && test "$enable_hrrcookie" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_hrrcookie" != "yes")],
             [ENABLED_SEND_HRR_COOKIE="no"; enable_hrrcookie="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SEND_HRR_COOKIE"])
 
-        AS_IF([test "$ENABLED_WOLFSSH" != "no" &&
+        AS_IF([test "$ENABLED_WOLFSSH" != "no" && test "$enable_ssh" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ssh" != "yes")],
             [ENABLED_WOLFSSH="no"; enable_ssh="no"])
 
         AS_IF([test "$ENABLED_HKDF" != "no" &&
@@ -5718,8 +5712,7 @@ AS_CASE([$FIPS_VERSION],
                (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp_kdf" != "yes")],
             [enable_srtp_kdf="no"; ENABLED_SRTP_KDF="no"])
 
-        AS_IF([test "$ENABLED_PKCS8" != "no" &&
+        AS_IF([test "$ENABLED_PKCS8" != "no" && test "$enable_pkcs8" != "yes"],
-               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_pkcs8" != "yes")],
             [enable_pkcs8="no"; ENABLED_PKCS8="no"; AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"])
 
 # public key section

wolfssl/wolfcrypt/wolfmath.h

@@ -42,14 +42,12 @@ This library provides big integer math functions.
 
 #if defined(NO_BIG_INT)
     /* MPI globally disabled -- no PK algorithms supported. */
-#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
-    #include <wolfssl/wolfcrypt/sp_int.h>
 #elif defined(USE_FAST_MATH)
     #include <wolfssl/wolfcrypt/tfm.h>
 #elif defined(USE_INTEGER_HEAP_MATH)
     #include <wolfssl/wolfcrypt/integer.h>
 #else
-    #error No MPI back end active, and NO_BIG_INT is not defined.
+    #include <wolfssl/wolfcrypt/sp_int.h>
 #endif
 
 #if !defined(NO_BIG_INT)