From bd77ee4f3729e671e822bf72a95a651ed77b3e73 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 18 Sep 2024 10:28:10 -0400 Subject: [PATCH] FIPS defines RSA_MIN_SIZE and users may want to override --- configure.ac | 4 ++-- wolfssl/wolfcrypt/rsa.h | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 49f9f7aaf0..0841cc5342 100644 --- a/configure.ac +++ b/configure.ac @@ -340,7 +340,7 @@ then test -z "$enable_sha" && enable_sha=yes test -z "$with_eccminsz" && with_eccminsz=192 test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024 - AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER" + AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER" fi # wolfEngine Options @@ -9458,7 +9458,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP" - AM_CFLAGS="$AM_CFLAGS -DRSA_MIN_SIZE=1024" + AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE" fi if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no" diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 7765333985..c5d211e67a 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -103,7 +103,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #ifndef RSA_MIN_SIZE -#define RSA_MIN_SIZE 2048 + #if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER) + #define RSA_MIN_SIZE 1024 + #else + #define RSA_MIN_SIZE 2048 + #endif #endif #ifndef RSA_MAX_SIZE