From ba5cc9bdaf31ed8dc54e4a7605cfed09d3dfe871 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 21 May 2024 15:07:32 -0600 Subject: [PATCH] Fix building FIPS v5 with PK callbacks --- src/internal.c | 4 ++-- wolfssl/internal.h | 2 +- wolfssl/wolfcrypt/settings.h | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4d10cc803e..abc594446c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -33478,7 +33478,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef NO_CERTS -#ifdef WOLF_PRIVATE_KEY_ID +#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) int GetPrivateKeySigSize(WOLFSSL* ssl) { int sigSz = 0; @@ -33519,7 +33519,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } return sigSz; } -#endif /* HAVE_PK_CALLBACKS */ +#endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */ #endif /* NO_CERTS */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c2d412986a..53b42f6932 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2189,7 +2189,7 @@ WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length); #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length); #endif -#ifdef WOLF_PRIVATE_KEY_ID +#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); #ifndef NO_ASN WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e2be024b8b..99329d06a6 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3396,6 +3396,11 @@ extern void uITRON4_free(void *p) ; #error The SRTP extension requires DTLS #endif +/* FIPS v5 and older doesn't support WOLF_PRIVATE_KEY_ID with PK callbacks */ +#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) && defined(HAVE_PK_CALLBACKS) + #define NO_WOLF_PRIVATE_KEY_ID +#endif + /* Are we using an external private key store like: * PKCS11 / HSM / crypto callback / PK callback */ #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \