Skip to content

Commit

Permalink
Set RSA_MIN_SIZE default to 2048 bits
Browse files Browse the repository at this point in the history
  • Loading branch information
embhorn committed Sep 13, 2024
1 parent d4f6b5b commit 5e9ec36
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 11 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/no-malloc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
]
name: make check
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/openssh.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true

- name: tar build-dir
Expand Down
20 changes: 14 additions & 6 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -565,13 +565,16 @@ int tmpDirNameSet = 0;
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25

#ifndef NO_RSA
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
#define TEST_RSA_BITS 1024
#else
#define TEST_RSA_BITS 2048
#endif
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
#endif /* !NO_RSA */

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
Expand Down Expand Up @@ -20294,7 +20297,8 @@ static int test_wc_MakeRsaKey(void)
RsaKey genKey;
WC_RNG rng;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(RSA_MIN_SIZE <= 1024)
int bits = 1024;
#else
int bits = 2048;
Expand Down Expand Up @@ -20695,7 +20699,8 @@ static int test_wc_RsaKeyToDer(void)
WC_RNG rng;
byte* der = NULL;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(RSA_MIN_SIZE <= 1024)
int bits = 1024;
word32 derSz = 611;
/* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
Expand Down Expand Up @@ -20749,7 +20754,8 @@ static int test_wc_RsaKeyToPublicDer(void)
WC_RNG rng;
byte* der = NULL;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(RSA_MIN_SIZE <= 1024)
int bits = 1024;
word32 derLen = 162;
#else
Expand Down Expand Up @@ -21013,7 +21019,8 @@ static int test_wc_RsaEncryptSize(void)
ExpectIntEQ(wc_InitRng(&rng), 0);

#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(RSA_MIN_SIZE <= 1024)
ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);

ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
Expand Down Expand Up @@ -21047,7 +21054,8 @@ static int test_wc_RsaFlattenPublicKey(void)
word32 eSz = sizeof(e);
word32 nSz = sizeof(n);
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
(RSA_MIN_SIZE <= 1024)
int bits = 1024;
#else
int bits = 2048;
Expand Down
3 changes: 2 additions & 1 deletion wolfcrypt/benchmark/benchmark.c
Original file line number Diff line number Diff line change
Expand Up @@ -8433,7 +8433,8 @@ static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
void bench_rsaKeyGen(int useDeviceID)
{
int k;
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[2] = {1024, 2048};
#else
static const word32 keySizes[1] = {2048};
Expand Down
2 changes: 1 addition & 1 deletion wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -20891,7 +20891,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
word32 idx = 0;
#endif
int derSz = 0;
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && (RSA_MIN_SIZE <= 1024)
int keySz = 1024;
#else
int keySz = 2048;
Expand Down
2 changes: 1 addition & 1 deletion wolfssl/wolfcrypt/rsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif

#ifndef RSA_MIN_SIZE
#define RSA_MIN_SIZE 1024
#define RSA_MIN_SIZE 2048
#endif

#ifndef RSA_MAX_SIZE
Expand Down

0 comments on commit 5e9ec36

Please sign in to comment.