Fix to make sure the old public DH API's are not enabled unless FIPS v2 or older. Broken in PR #5018.

2022-04-26 15:39:54 -07:00 · 2022-04-26 15:39:54 -07:00 · 67029dc4e7
commit 67029dc4e7
parent a6d019ecf9
1 changed files with 3 additions and 1 deletions
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -2027,7 +2027,9 @@ extern void uITRON4_free(void *p) ;

 #if !defined(HAVE_PUBLIC_FFDHE) && !defined(NO_DH) && \
    !defined(WOLFSSL_NO_PUBLIC_FFDHE) && \
-    (defined(HAVE_SELFTEST) || FIPS_VERSION_GE(2,0))
+    (defined(HAVE_SELFTEST) || FIPS_VERSION_LE(2,0))
+    /* This should only be enabled for FIPS v2 or older. It enables use of the
+     * older wc_Dh_ffdhe####_Get() API's */
    #define HAVE_PUBLIC_FFDHE
 #endif