diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e79ab79b2..e6b5fcdcd 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -41,6 +41,7 @@ #ifndef NO_DES3 #include #endif +#include #ifdef __cplusplus extern "C" { @@ -157,15 +158,6 @@ enum Pkcs7_Misc { MAX_RECIP_SZ = MAX_VERSION_SZ + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, -#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))) - /* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are - * not in aes.h for use with pkcs7 so enumerate it here outside the fips - * boundary */ - GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ - CCM_NONCE_MIN_SZ = 7, -#endif }; enum Cms_Options { diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index a5c33807d..93a8e7c45 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -60,6 +60,22 @@ #endif +#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))) + /* In FIPS cert 3389 and CAVP selftest v1 build, these enums are + * not in aes.h. Define them here outside the fips boundary. + */ + #ifndef GCM_NONCE_MID_SZ + /* The usual default nonce size for AES-GCM. */ + #define GCM_NONCE_MID_SZ 12 + #endif + #ifndef CCM_NONCE_MIN_SZ + #define CCM_NONCE_MIN_SZ 7 + #endif +#endif + + #if !defined(NO_AES) && defined(HAVE_AES_CBC) WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, const byte* key, word32 keySz,