From 567f1b8be4d207c5fc934ece07f30f1af6042c3a Mon Sep 17 00:00:00 2001
From: Kaleb Himes <kaleb@wolfssl.com>
Date: Tue, 28 Jul 2020 15:52:36 -0600
Subject: [PATCH] Add to settings.h w a warning directive

---
 wolfssl/wolfcrypt/settings.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 3ee4a7dbc..c2837b722 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2272,6 +2272,15 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_TLS13
 #endif
 
+/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
+ * but make sure users consider enabling it */
+#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2    
+    #define NO_STRICT_ECDSA_LEN
+    #warning "ECDSA length checks off by default for CAVP testing"
+    #warning "consider enabling strict checks in production"
+#endif
+
 
 #ifdef __cplusplus
     }   /* extern "C" */