changes for tls 1.3 with FIPS ready

JacobBarthelmeh · JacobBarthelmeh · commit 20a39268307e · 2023-09-20T15:23:33.000-07:00
diff --git a/src/wp_hkdf.c b/src/wp_hkdf.c
@@ -578,8 +578,14 @@ static int wp_tls13_hkdf_extract(wp_HkdfCtx* ctx, unsigned char* key,
 
     if (ok) {
         (void)keyLen;
-        rc = wc_HKDF_Extract(ctx->mdType, salt, (word32)saltLen, inKey,
-            (word32)inKeyLen, key);
+        if (saltLen == 0) {
+            rc = wc_HKDF_Extract(ctx->mdType, NULL, 0, inKey,
+                (word32)inKeyLen, key);
+        }
+        else {
+            rc = wc_HKDF_Extract(ctx->mdType, salt, (word32)saltLen, inKey,
+                (word32)inKeyLen, key);
+        }
         if (rc != 0) {
             ok = 0;
         }
diff --git a/src/wp_wolfprov.c b/src/wp_wolfprov.c
@@ -997,6 +997,10 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
     int ok = 1;
     OSSL_FUNC_core_get_libctx_fn* c_get_libctx = NULL;
 
+#ifdef HAVE_FIPS
+    PRIVATE_KEY_UNLOCK();
+#endif
+
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
             case OSSL_FUNC_CORE_GETTABLE_PARAMS:
