From 4d63d7dedff96644a55cff68830974499f8354b9 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Wed, 21 May 2025 12:33:37 -0700
Subject: [PATCH 1/2] Fix missing DH_MAX_SIZE define when building FIPS 140-3
 with OpenSSL compatibility layer dh.h.

---
 wolfssl/wolfcrypt/settings.h | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 53416eaf7..9792e31ef 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -4128,6 +4128,32 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_DH_EXTRA
 #endif
 
+/* FIPS 140-3 does not have this definition in wolfCrypt dh.h, but OpenSSL dh.h depends on it.
+ * Define it here as well if needed, as we want to avoid modifying dh.h in FIPS. */
+#ifndef DH_MAX_SIZE
+    #ifdef USE_FAST_MATH
+        /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+        #define DH_MAX_SIZE    (FP_MAX_BITS / 2)
+        #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192
+            #error "MySQL needs FP_MAX_BITS at least at 16384"
+        #endif
+    #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+        /* SP implementation supports numbers of SP_INT_BITS bits. */
+        #define DH_MAX_SIZE    (((SP_INT_BITS + 7) / 8) * 8)
+        #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192
+            #error "MySQL needs SP_INT_BITS at least at 8192"
+        #endif
+    #else
+        #ifdef WOLFSSL_MYSQL_COMPATIBLE
+            /* Integer maths is dynamic but we only go up to 8192 bits. */
+            #define DH_MAX_SIZE 8192
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define DH_MAX_SIZE 4096
+        #endif
+    #endif
+#endif
+
 /* wc_Sha512.devId isn't available before FIPS 5.1 */
 #if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,1)
     #define NO_SHA2_CRYPTO_CB

From 08f063d8b395c603e21fe220885c9bd3fe1c94bc Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Wed, 21 May 2025 12:34:09 -0700
Subject: [PATCH 2/2] Correct wolfssl.rc FILETYPE to VFT_DLL.  It was
 previously set to 0x7L which is VFT_STATIC_LIB.

---
 IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc |   2 +-
 IDE/WIN10/wolfssl-fips.rc              |   2 +-
 wolfssl.rc                             | Bin 4918 -> 4924 bytes
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
index 5af27ac69..6c0aca6cd 100644
--- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
@@ -60,7 +60,7 @@ VS_VERSION_INFO VERSIONINFO
  FILEFLAGS 0x0L
 #endif
  FILEOS 0x40004L
- FILETYPE 0x7L
+ FILETYPE VFT_DLL
  FILESUBTYPE 0x0L
 BEGIN
     BLOCK "StringFileInfo"
diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc
index 6c368f427..ee7182620 100644
--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -60,7 +60,7 @@ VS_VERSION_INFO VERSIONINFO
  FILEFLAGS 0x0L
 #endif
  FILEOS 0x40004L
- FILETYPE 0x7L
+ FILETYPE VFT_DLL
  FILESUBTYPE 0x0L
 BEGIN
     BLOCK "StringFileInfo"
diff --git a/wolfssl.rc b/wolfssl.rc
index d02aa1ca79d45ecccfe0c21c52e062cad1bde6cf..c68d816b805351d00404f0b77c9d09b7ba0bad96 100644
GIT binary patch
delta 24
fcmdm{wnuHlCQj}!1~-NfhIj@S2A|E_IqNwAU}^^s

delta 18
Zcmdm^woPrrCQeoZh6)CQ&3ifPIRQTm1_%HE