From fd502481397dfdf3df990b2da1a283aa9da2990b Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 15 May 2019 19:35:30 -0700
Subject: [PATCH] Fix for static RSA cipher suite (AES128-GCM-SHA256) with PK
 callbacks and no private key set. ZD 5092

---
 src/internal.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 5a92c78e8..1b219393e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -17030,6 +17030,15 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
     int      keySz;
     word32   idx;
 
+#ifdef HAVE_PK_CALLBACKS
+    /* allow no private key if using PK callbacks and CB is set */
+    if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
+        *length = GetPrivateKeySigSize(ssl);
+        return 0;
+    }
+    else
+#endif
+
     /* make sure private key exists */
     if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
         WOLFSSL_MSG("Private key missing!");