From fa3ab4fd615a62e1e1d6c59a01b2700a3b3270af Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 17 Jan 2018 11:34:27 -0700
Subject: [PATCH] adjustment to RSA key size check

---
 wolfcrypt/src/rsa.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index ab0860b89..931f60fdf 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -2249,8 +2249,15 @@ static const byte lower_bound[] = {
 };
 
 
+/* returns 1 on key size ok and 0 if not ok */
 static INLINE int RsaSizeCheck(int size)
 {
+    if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) {
+        return 0;
+    }
+
+#ifdef HAVE_FIPS
+    /* Key size requirements for CAVP */
     switch (size) {
         case 1024:
         case 2048:
@@ -2258,7 +2265,11 @@ static INLINE int RsaSizeCheck(int size)
         case 4096:
             return 1;
     }
+
     return 0;
+#else
+    return 1; /* allow unusual key sizes in non FIPS mode */
+#endif /* HAVE_FIPS */
 }