Merge pull request #7568 from lealem47/fips_pkcallback

dgarske · web-flow · commit 425dd1986ba5 · 2024-05-22T08:45:58.000-07:00
Fix building FIPS v5 with PK callbacks
diff --git a/src/internal.c b/src/internal.c
@@ -33521,7 +33521,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #ifndef NO_CERTS
 
-#ifdef WOLF_PRIVATE_KEY_ID
+#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
     int GetPrivateKeySigSize(WOLFSSL* ssl)
     {
         int sigSz = 0;
@@ -33562,7 +33562,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
         return sigSz;
     }
-#endif /* HAVE_PK_CALLBACKS */
+#endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */
 
 #endif /* NO_CERTS */
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -2191,7 +2191,7 @@ WOLFSSL_LOCAL int  DecodePrivateKey(WOLFSSL *ssl, word32* length);
 #ifdef WOLFSSL_DUAL_ALG_CERTS
 WOLFSSL_LOCAL int  DecodeAltPrivateKey(WOLFSSL *ssl, word32* length);
 #endif
-#ifdef WOLF_PRIVATE_KEY_ID
+#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
 #ifndef NO_ASN
     WOLFSSL_LOCAL int  InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -3400,6 +3400,11 @@ extern void uITRON4_free(void *p) ;
     #error The SRTP extension requires DTLS
 #endif
 
+/* FIPS v5 and older doesn't support WOLF_PRIVATE_KEY_ID with PK callbacks */
+#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) && defined(HAVE_PK_CALLBACKS)
+    #define NO_WOLF_PRIVATE_KEY_ID
+#endif
+
 /* Are we using an external private key store like:
  *     PKCS11 / HSM / crypto callback / PK callback */
 #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \

Original file line number	Diff line number	Diff line change
`@@ -33521,7 +33521,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,`
`33521`	`33521`
`33522`	`33522`	`#ifndef NO_CERTS`
`33523`	`33523`
`33524`		`-#ifdef WOLF_PRIVATE_KEY_ID`
	`33524`	`+#if defined(WOLF_PRIVATE_KEY_ID) \|\| defined(HAVE_PK_CALLBACKS)`
`33525`	`33525`	`int GetPrivateKeySigSize(WOLFSSL* ssl)`
`33526`	`33526`	`{`
`33527`	`33527`	`int sigSz = 0;`
`@@ -33562,7 +33562,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,`
`33562`	`33562`	`}`
`33563`	`33563`	`return sigSz;`
`33564`	`33564`	`}`
`33565`		`-#endif /* HAVE_PK_CALLBACKS */`
	`33565`	`+#endif /* WOLF_PRIVATE_KEY_ID \|\| HAVE_PK_CALLBACKS */`
`33566`	`33566`
`33567`	`33567`	`#endif /* NO_CERTS */`
`33568`	`33568`