From 25d14f19371f94c2d6a5d92e78db46a1273523ac Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 2 Aug 2024 08:05:22 -0700
Subject: [PATCH] Fail with NOT_COMPILED_IN if someone tries to use
 ConfirmSignature with NO_ASN_CRYPT. Also default to signature failed.

---
 wolfcrypt/src/asn.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 1afe0f069..c791c0a1e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -16612,7 +16612,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
     const byte* sigParams, word32 sigParamsSz,
     byte* rsaKeyIdx)
 {
-    int ret = 0;
+    int ret = ASN_SIG_CONFIRM_E; /* default to failure */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     CertAttribute* certatt = NULL;
 #endif
@@ -17749,8 +17749,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
 exit_cs:
 
 #else
-    /* Warning: The NO_ASN_CRYPT option skips signature checking! */
-    ret = 0; /* allow unchecked signature */
+    /* For NO_ASN_CRYPT return "not compiled in" */
+    ret = NOT_COMPILED_IN;
 #endif /* !NO_ASN_CRYPT */
 
     (void)keyOID;