feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Remove DH prime check on selftest/fips builds.

Browse Source
This commit is contained in:
John Safranek
2018-11-02 12:55:07 -07:00
parent 98291f8465
commit c1ca1f1b78
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl.c
View File

@ -1477,7 +1477,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
if (ssl->options.side == WOLFSSL_CLIENT_END) if (ssl->options.side == WOLFSSL_CLIENT_END)
return SIDE_ERROR; return SIDE_ERROR;
#ifndef WOLFSSL_OLD_PRIME_CHECK #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
{ {
DhKey checkKey; DhKey checkKey;
int error, freeKey = 0; int error, freeKey = 0;
@ -1563,7 +1564,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
if (pSz > ctx->maxDhKeySz) if (pSz > ctx->maxDhKeySz)
return DH_KEY_SIZE_E; return DH_KEY_SIZE_E;
#ifndef WOLFSSL_OLD_PRIME_CHECK #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
{ {
DhKey checkKey; DhKey checkKey;
WC_RNG rng; WC_RNG rng;