Skip to content

Commit

Permalink
FIPS defines RSA_MIN_SIZE and users may want to override
Browse files Browse the repository at this point in the history
  • Loading branch information
Andras Fekete committed Sep 18, 2024
1 parent c390047 commit bd77ee4
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
4 changes: 2 additions & 2 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ then
test -z "$enable_sha" && enable_sha=yes
test -z "$with_eccminsz" && with_eccminsz=192
test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
fi

# wolfEngine Options
Expand Down Expand Up @@ -9458,7 +9458,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
AM_CFLAGS="$AM_CFLAGS -DRSA_MIN_SIZE=1024"
AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
fi
if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
Expand Down
6 changes: 5 additions & 1 deletion wolfssl/wolfcrypt/rsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif

#ifndef RSA_MIN_SIZE
#define RSA_MIN_SIZE 2048
#if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER)
#define RSA_MIN_SIZE 1024
#else
#define RSA_MIN_SIZE 2048
#endif
#endif

#ifndef RSA_MAX_SIZE
Expand Down

0 comments on commit bd77ee4

Please sign in to comment.