Merge pull request #4311 from haydenroche5/rsyslog

Make improvements for rsyslog port.
2021-08-18 16:55:32 -07:00
parent 9a1233c04d c16127d9ab
commit 63fde01e32
2 changed files with 8 additions and 5 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -4461,8 +4461,7 @@ fi

 if test "$ENABLED_RSYSLOG" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DFP_MAX_BITS=16384"
-    AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=8196 -DWOLFSSL_ERROR_CODE_OPENSSL"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DWOLFSSL_ERROR_CODE_OPENSSL"
    AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DOPENSSL_COMPATIBLE_DEFAULTS"
 fi

--- a/src/ssl.c
+++ b/src/ssl.c
@@ -31327,7 +31327,11 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
    return bn;
 }

-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+/* The functions inside the macro guard below are fine to use with FIPS provided
+ * WOLFSSL_DH_EXTRA isn't defined. That define will cause SetDhInternal to have
+ * a call to wc_DhImportKeyPair, which isn't defined in the FIPS v2 module. */
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
+ || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
 /* return code compliant with OpenSSL :
 *   1 if success, 0 if error
 */
@@ -31561,9 +31565,9 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,

    return WOLFSSL_SUCCESS;
 }
-
 #endif /* v1.1.0 or later */
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) || 
+        * HAVE_FIPS_VERSION > 2 */

 void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh,
        const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key)