Merge pull request #7923 from embhorn/rsa2048_min
Set RSA_MIN_SIZE default to 2048 bits
This commit is contained in:
Sean Parkinson
GitHub
commit
e6b466dd71
2
.github/workflows/no-malloc.yml
vendored
2
.github/workflows/no-malloc.yml
vendored
@ -18,7 +18,7 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
config: [
|
config: [
|
||||||
# Add new configs here
|
# Add new configs here
|
||||||
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
|
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
|
||||||
]
|
]
|
||||||
name: make check
|
name: make check
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
2
.github/workflows/openssh.yml
vendored
2
.github/workflows/openssh.yml
vendored
@ -26,7 +26,7 @@ jobs:
|
|||||||
path: wolfssl
|
path: wolfssl
|
||||||
configure: >-
|
configure: >-
|
||||||
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
|
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
|
||||||
--enable-intelasm --enable-sp-asm
|
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
|
||||||
install: true
|
install: true
|
||||||
|
|
||||||
- name: tar build-dir
|
- name: tar build-dir
|
||||||
|
|||||||
20
tests/api.c
20
tests/api.c
@ -565,13 +565,16 @@ int tmpDirNameSet = 0;
|
|||||||
#define TEST_STRING "Everyone gets Friday off."
|
#define TEST_STRING "Everyone gets Friday off."
|
||||||
#define TEST_STRING_SZ 25
|
#define TEST_STRING_SZ 25
|
||||||
|
|
||||||
|
#ifndef NO_RSA
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
#define TEST_RSA_BITS 1024
|
#define TEST_RSA_BITS 1024
|
||||||
#else
|
#else
|
||||||
#define TEST_RSA_BITS 2048
|
#define TEST_RSA_BITS 2048
|
||||||
#endif
|
#endif
|
||||||
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
|
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
|
||||||
|
#endif /* !NO_RSA */
|
||||||
|
|
||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
|
||||||
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
|
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
|
||||||
@ -20564,7 +20567,8 @@ static int test_wc_MakeRsaKey(void)
|
|||||||
RsaKey genKey;
|
RsaKey genKey;
|
||||||
WC_RNG rng;
|
WC_RNG rng;
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
int bits = 1024;
|
int bits = 1024;
|
||||||
#else
|
#else
|
||||||
int bits = 2048;
|
int bits = 2048;
|
||||||
@ -20965,7 +20969,8 @@ static int test_wc_RsaKeyToDer(void)
|
|||||||
WC_RNG rng;
|
WC_RNG rng;
|
||||||
byte* der = NULL;
|
byte* der = NULL;
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
int bits = 1024;
|
int bits = 1024;
|
||||||
word32 derSz = 611;
|
word32 derSz = 611;
|
||||||
/* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
|
/* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
|
||||||
@ -21019,7 +21024,8 @@ static int test_wc_RsaKeyToPublicDer(void)
|
|||||||
WC_RNG rng;
|
WC_RNG rng;
|
||||||
byte* der = NULL;
|
byte* der = NULL;
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
int bits = 1024;
|
int bits = 1024;
|
||||||
word32 derLen = 162;
|
word32 derLen = 162;
|
||||||
#else
|
#else
|
||||||
@ -21283,7 +21289,8 @@ static int test_wc_RsaEncryptSize(void)
|
|||||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||||
|
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
|
ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
|
||||||
|
|
||||||
ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
|
ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
|
||||||
@ -21317,7 +21324,8 @@ static int test_wc_RsaFlattenPublicKey(void)
|
|||||||
word32 eSz = sizeof(e);
|
word32 eSz = sizeof(e);
|
||||||
word32 nSz = sizeof(n);
|
word32 nSz = sizeof(n);
|
||||||
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
|
||||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
|
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
int bits = 1024;
|
int bits = 1024;
|
||||||
#else
|
#else
|
||||||
int bits = 2048;
|
int bits = 2048;
|
||||||
|
|||||||
@ -8433,7 +8433,8 @@ exit:
|
|||||||
void bench_rsaKeyGen(int useDeviceID)
|
void bench_rsaKeyGen(int useDeviceID)
|
||||||
{
|
{
|
||||||
int k;
|
int k;
|
||||||
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
|
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) && \
|
||||||
|
(RSA_MIN_SIZE <= 1024)
|
||||||
static const word32 keySizes[2] = {1024, 2048};
|
static const word32 keySizes[2] = {1024, 2048};
|
||||||
#else
|
#else
|
||||||
static const word32 keySizes[1] = {2048};
|
static const word32 keySizes[1] = {2048};
|
||||||
|
|||||||
@ -21000,7 +21000,8 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
|
|||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
#endif
|
#endif
|
||||||
int derSz = 0;
|
int derSz = 0;
|
||||||
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
|
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \
|
||||||
|
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
|
||||||
int keySz = 1024;
|
int keySz = 1024;
|
||||||
#else
|
#else
|
||||||
int keySz = 2048;
|
int keySz = 2048;
|
||||||
|
|||||||
@ -103,7 +103,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef RSA_MIN_SIZE
|
#ifndef RSA_MIN_SIZE
|
||||||
#define RSA_MIN_SIZE 1024
|
#define RSA_MIN_SIZE 2048
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef RSA_MAX_SIZE
|
#ifndef RSA_MAX_SIZE
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user