Skip to content

Commit

Permalink
Merge pull request #7568 from lealem47/fips_pkcallback
Browse files Browse the repository at this point in the history
Fix building FIPS v5 with PK callbacks
  • Loading branch information
dgarske authored May 22, 2024
2 parents 32c5acc + ba5cc9b commit 425dd19
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 3 deletions.
4 changes: 2 additions & 2 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -33521,7 +33521,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,

#ifndef NO_CERTS

#ifdef WOLF_PRIVATE_KEY_ID
#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
int GetPrivateKeySigSize(WOLFSSL* ssl)
{
int sigSz = 0;
Expand Down Expand Up @@ -33562,7 +33562,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
return sigSz;
}
#endif /* HAVE_PK_CALLBACKS */
#endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */

#endif /* NO_CERTS */

Expand Down
2 changes: 1 addition & 1 deletion wolfssl/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -2191,7 +2191,7 @@ WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length);
#ifdef WOLFSSL_DUAL_ALG_CERTS
WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length);
#endif
#ifdef WOLF_PRIVATE_KEY_ID
#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
#ifndef NO_ASN
WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
Expand Down
5 changes: 5 additions & 0 deletions wolfssl/wolfcrypt/settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -3400,6 +3400,11 @@ extern void uITRON4_free(void *p) ;
#error The SRTP extension requires DTLS
#endif

/* FIPS v5 and older doesn't support WOLF_PRIVATE_KEY_ID with PK callbacks */
#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) && defined(HAVE_PK_CALLBACKS)
#define NO_WOLF_PRIVATE_KEY_ID
#endif

/* Are we using an external private key store like:
* PKCS11 / HSM / crypto callback / PK callback */
#if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \
Expand Down

0 comments on commit 425dd19

Please sign in to comment.