Add to settings.h w a warning directive

2020-07-28 15:52:36 -06:00
parent ffdc2eddf6
commit 567f1b8be4
1 changed files with 9 additions and 0 deletions
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -2272,6 +2272,15 @@ extern void uITRON4_free(void *p) ;
    #undef WOLFSSL_TLS13
 #endif

+/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
+ * but make sure users consider enabling it */
+#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2    
+    #define NO_STRICT_ECDSA_LEN
+    #warning "ECDSA length checks off by default for CAVP testing"
+    #warning "consider enabling strict checks in production"
+#endif
+

 #ifdef __cplusplus
    }   /* extern "C" */