Fix for FIPS ECC integrity check with crypto callback set (#6425)

Skip ECC private key check when the TPM is used to generate the key, since it doesn't release the private part. this option needs to be used with a FIPS approved TPM for the end result to be FIPS approved

Author: jpbland1

configure.ac

@@ -434,7 +434,6 @@ AS_CASE([$FIPS_VERSION],
     ]
 )
 
-
 # For reproducible build, gate out from the build anything that might
 # introduce semantically frivolous jitter, maximizing chance of
 # identical object files.

wolfcrypt/src/ecc.c

@@ -5676,7 +5676,12 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
     if (err == MP_OKAY) {
         err = _ecc_validate_public_key(key, 0, 0);
     }
-    if (err == MP_OKAY) {
+    if (err == MP_OKAY
+#if defined(WOLF_CRYPTO_CB)
+        /* even if WOLF_CRYPTO_CB we generate the key if the devId is invalid */
+        && key->devId == INVALID_DEVID
+#endif
+        ) {
         err = _ecc_pairwise_consistency_test(key, rng);
     }
 #endif