Skip to content

Fix FIPS v6 build: cast away const for ed448 export call#10424

Open
lealem47 wants to merge 2 commits intowolfSSL:masterfrom
lealem47:ed448_v6
Open

Fix FIPS v6 build: cast away const for ed448 export call#10424
lealem47 wants to merge 2 commits intowolfSSL:masterfrom
lealem47:ed448_v6

Conversation

@lealem47
Copy link
Copy Markdown
Contributor

@lealem47 lealem47 commented May 7, 2026

Description

Mirror the FIPS-version-conditional cast pattern used for wc_ed25519_export_public in wc_Ed25519PublicKeyToDer.

Latest ed448.h prototype recently added a const param causing the following error in FIPS v6:

make[2]: warning: -jN forced in submake: disabling jobserver mode.
  CC       wolfcrypt/src/src_libwolfssl_la-asn.lo
wolfcrypt/src/asn.c:12934:34: error: passing 'const ed448_key *' (aka 'const struct ed448_key *') to parameter of type 'ed448_key *' (aka 'struct ed448_key *') discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
 12934 |     ret = wc_ed448_export_public(key, pubKey, &pubKeyLen);
       |                                  ^~~
./wolfssl/wolfcrypt/ed448.h:186:39: note: passing argument to parameter 'key' here
  186 | int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
      |                                       ^

Testing

./configure --enable-fips=v6 && make

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

Copilot AI review requested due to automatic review settings May 7, 2026 14:35
@lealem47 lealem47 self-assigned this May 7, 2026
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a FIPS v6 build failure in the Ed448 public-key DER export path by matching the existing FIPS-version-conditional casting pattern already used for Ed25519, ensuring compatibility with older FIPS function prototypes.

Changes:

  • Add a HAVE_FIPS && FIPS_VERSION3_LT(7,0,0) conditional cast when calling wc_ed448_export_public() from wc_Ed448PublicKeyToDer().
  • Adjust the Tailscale configure defaults to set ENABLED_SP (instead of enable_sp) when --enable-sp wasn’t explicitly provided.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
wolfcrypt/src/asn.c Adds a FIPS-version-conditional cast to keep Ed448 public key DER export building under older FIPS variants.
configure.ac Updates Tailscale-related configure defaults for SP enabling behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread configure.ac
Comment on lines 1659 to 1662
then
enable_wolfguard=yes
test "x$enable_sp" = "x" && enable_sp="yes,256"
test "x$enable_sp" = "x" && ENABLED_SP="yes,256"
enable_opensslall=yes
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

MemBrowse Memory Report

No memory changes detected for:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@lealem47 lealem47

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lealem47