diff --git a/src/ssl.c b/src/ssl.c index 41fe9bad8..d6dd64f7a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16905,8 +16905,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } #if defined(OPENSSL_EXTRA) - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) { @@ -16950,8 +16950,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return SHA_Final(input, sha); } #if defined(OPENSSL_EXTRA) - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) { @@ -17064,8 +17064,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } #if defined(OPENSSL_EXTRA) - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, const unsigned char* data) { @@ -17191,8 +17191,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512, const unsigned char* data) { diff --git a/src/tls13.c b/src/tls13.c index 0422fe270..16b449f91 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8663,7 +8663,8 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) if (ssl->options.handShakeState == CLIENT_HELLO_COMPLETE) { #ifdef OPENSSL_EXTRA /* when processed early data exceeds max size */ - if (ssl->earlyDataSz + sz > ssl->session.maxEarlyDataSz) { + if (ssl->session.maxEarlyDataSz > 0 && + (ssl->earlyDataSz + sz > ssl->session.maxEarlyDataSz)) { ssl->error = TOO_MUCH_EARLY_DATA; return WOLFSSL_FATAL_ERROR; } diff --git a/tests/api.c b/tests/api.c index 93f8f589b..2579fe06c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33119,8 +33119,8 @@ static void test_wolfSSL_SHA224(void) static void test_wolfSSL_SHA_Transform(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA_BLOCK_SIZE]; @@ -33165,8 +33165,8 @@ static void test_wolfSSL_SHA_Transform(void) static void test_wolfSSL_SHA256_Transform(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA256_BLOCK_SIZE]; @@ -33235,8 +33235,8 @@ static void test_wolfSSL_SHA256(void) static void test_wolfSSL_SHA512_Transform(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA512_BLOCK_SIZE];