forked from wolfSSL/wolfssl
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
configure options for max rsa/ecc bits and ex_data
This commit is contained in:
Chris Conlon
GitHub
114
configure.ac
114
configure.ac
@ -472,7 +472,8 @@ then
|
||||
fi
|
||||
|
||||
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
|
||||
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
||||
|
||||
# Enable multiple attribute additions such as DC
|
||||
AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
|
||||
@ -581,7 +582,8 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
|
||||
|
||||
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
|
||||
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
||||
|
||||
# Enable multiple attribute additions such as DC
|
||||
AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
|
||||
@ -1062,7 +1064,8 @@ fi
|
||||
|
||||
if test "$ENABLED_BUMP" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
|
||||
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
|
||||
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
||||
fi
|
||||
|
||||
ENABLED_SLOWMATH="yes"
|
||||
@ -4328,11 +4331,11 @@ if test "$ENABLED_HAPROXY" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"
|
||||
# --enable-all defines its own FP_MAX_BITS
|
||||
if test "$ENABLED_ALL" != "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=16384"
|
||||
fi
|
||||
# --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS
|
||||
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"
|
||||
then
|
||||
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
|
||||
fi
|
||||
# Requires opensslextra and opensslall
|
||||
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
||||
then
|
||||
@ -4340,26 +4343,26 @@ then
|
||||
ENABLED_OPENSSLEXTRA="yes"
|
||||
AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
|
||||
if test "x$ENABLED_CERTGEN" = "xno"
|
||||
then
|
||||
ENABLED_CERTGEN="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
||||
fi
|
||||
|
||||
|
||||
if test "x$ENABLED_CERTREQ" = "xno"
|
||||
then
|
||||
ENABLED_CERTREQ="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
||||
fi
|
||||
|
||||
|
||||
# Requires sessioncerts make sure on
|
||||
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
||||
then
|
||||
ENABLED_SESSIONCERTS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
||||
fi
|
||||
|
||||
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SIGNAL" = "yes"
|
||||
@ -4520,7 +4523,7 @@ then
|
||||
# Requires Secure Renegotiation
|
||||
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -4705,7 +4708,7 @@ AC_ARG_ENABLE([libest],
|
||||
[ ENABLED_LIBEST=$enableval ],
|
||||
[ ENABLED_LIBEST=no ]
|
||||
)
|
||||
|
||||
|
||||
if test "$ENABLED_LIBEST" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
|
||||
@ -4727,13 +4730,13 @@ then
|
||||
ENABLED_OCSP="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
|
||||
fi
|
||||
|
||||
|
||||
# Requires PKCS7
|
||||
if test "x$ENABLED_PKCS7" = "xno"
|
||||
then
|
||||
ENABLED_PKCS7="yes"
|
||||
fi
|
||||
|
||||
|
||||
# Requires Certificate Generation and Request
|
||||
if test "x$ENABLED_CERTGEN" = "xno"
|
||||
then
|
||||
@ -4750,34 +4753,34 @@ then
|
||||
ENABLED_CERTEXT="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
||||
fi
|
||||
|
||||
|
||||
# Requires CRL
|
||||
if test "x$ENABLED_CRL" = "xno"
|
||||
then
|
||||
ENABLED_CRL="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
||||
fi
|
||||
|
||||
if test "x$ENABLED_SRP" = "xno"
|
||||
then
|
||||
|
||||
if test "x$ENABLED_SRP" = "xno"
|
||||
then
|
||||
ENABLED_SRP="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
|
||||
fi
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
|
||||
fi
|
||||
|
||||
# Enable prereqs if not already enabled
|
||||
if test "x$ENABLED_KEYGEN" = "xno"
|
||||
then
|
||||
ENABLED_KEYGEN="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
||||
fi
|
||||
|
||||
|
||||
# Requires sessioncerts make sure on
|
||||
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
||||
then
|
||||
ENABLED_SESSIONCERTS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
||||
fi
|
||||
|
||||
|
||||
if test "x$ENABLED_DSA" = "xno"
|
||||
then
|
||||
AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest])
|
||||
@ -5511,7 +5514,10 @@ do
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
|
||||
;;
|
||||
256 | 384 | 521 | 1024 | 2048 | 3072 | 4096)
|
||||
AM_CFLAGS="$AM_CFLAGS -DSP_INT_BITS=$v"
|
||||
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -o "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -lt "$v"
|
||||
then
|
||||
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS="$v"
|
||||
fi
|
||||
ENABLED_SP_MATH_ALL="yes"
|
||||
;;
|
||||
nomalloc)
|
||||
@ -6020,6 +6026,62 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS"
|
||||
fi
|
||||
|
||||
|
||||
AC_ARG_WITH([max-rsa-bits],
|
||||
[AS_HELP_STRING([--with-max-rsa-bits=number],[number of bits to support for RSA, DH, and DSA keys])],
|
||||
[WITH_MAX_CLASSIC_ASYM_KEY_BITS=$withval],
|
||||
[WITH_MAX_CLASSIC_ASYM_KEY_BITS="$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"])
|
||||
|
||||
if test -n "$WITH_MAX_CLASSIC_ASYM_KEY_BITS"; then
|
||||
if test "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -lt 1024 -o "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -gt 16384; then
|
||||
AC_MSG_ERROR([--with-max-rsa-bits argument must be between 1024 and 16384 inclusive])
|
||||
fi
|
||||
AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=$WITH_MAX_CLASSIC_ASYM_KEY_BITS"
|
||||
MPI_MAX_KEY_BITS=$WITH_MAX_CLASSIC_ASYM_KEY_BITS
|
||||
fi
|
||||
|
||||
AC_ARG_WITH([max-ecc-bits],
|
||||
[AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
|
||||
[WITH_MAX_ECC_BITS=$withval],
|
||||
[WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"])
|
||||
|
||||
if test -n "$WITH_MAX_ECC_BITS"; then
|
||||
if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then
|
||||
AC_MSG_ERROR([--with-max-ecc-bits argument must be between 112 and 1024 inclusive])
|
||||
fi
|
||||
AM_CFLAGS="$AM_CFLAGS -DMAX_ECC_BITS=$WITH_MAX_ECC_BITS"
|
||||
fi
|
||||
|
||||
if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
|
||||
if test -n "$MAX_MPI_KEY_BITS" -a -n "$WITH_MAX_ECC_BITS"; then
|
||||
if test -n "$MAX_MPI_KEY_BITS" -lt "$WITH_MAX_ECC_BITS"; then
|
||||
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
|
||||
fi
|
||||
elif test -n "$WITH_MAX_ECC_BITS"; then
|
||||
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
|
||||
fi
|
||||
if test "$MPI_MAX_KEY_BITS" -gt 1024; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=$((MPI_MAX_KEY_BITS * 2)) -DSP_INT_BITS=$MPI_MAX_KEY_BITS"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
AC_ARG_ENABLE([context-extra-user-data],
|
||||
[AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
|
||||
[ ENABLED_EX_DATA=$enableval ],
|
||||
[ ENABLED_EX_DATA=no ]
|
||||
)
|
||||
case "$ENABLED_EX_DATA" in
|
||||
no) ;;
|
||||
yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
||||
;;
|
||||
[[1-9]]|[[1-9]][[0-9]]) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
|
||||
;;
|
||||
*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 99])
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
# User Settings
|
||||
AC_ARG_ENABLE([usersettings],
|
||||
[AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
|
||||
|
||||
@ -35767,8 +35767,8 @@ static void test_wolfSSL_RSA(void)
|
||||
*/
|
||||
|
||||
AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
|
||||
AssertNull(RSA_generate_key(511, 3, NULL, NULL)); /* RSA_MIN_SIZE - 1 */
|
||||
AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */
|
||||
AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
|
||||
AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
|
||||
AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
|
||||
|
||||
|
||||
@ -46004,7 +46004,7 @@ static void test_wolfSSL_DH(void)
|
||||
#endif /* OPENSSL_EXTRA && !NO_DH */
|
||||
}
|
||||
|
||||
static void test_wolfSSL_ERR_strings()
|
||||
static void test_wolfSSL_ERR_strings(void)
|
||||
{
|
||||
const char* err1 = "unsupported cipher suite";
|
||||
const char* err2 = "wolfSSL PEM routines";
|
||||
|
||||
@ -1195,8 +1195,8 @@ enum {
|
||||
#if (WOLFSSL_MAX_DHKEY_BITS % 8)
|
||||
#error DH maximum bit size must be multiple of 8
|
||||
#endif
|
||||
#if (WOLFSSL_MAX_DHKEY_BITS > 16000)
|
||||
#error DH maximum bit size must not be greater than 16000
|
||||
#if (WOLFSSL_MAX_DHKEY_BITS > 16384)
|
||||
#error DH maximum bit size must not be greater than 16384
|
||||
#endif
|
||||
#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
|
||||
|
||||
|
||||
@ -1235,14 +1235,14 @@ static WC_INLINE int wolfsentry_store_endpoints(
|
||||
wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin6_family;
|
||||
wolfsentry_data->remote.sa_port = ntohs(remote->sin6_port);
|
||||
wolfsentry_data->local.sa_port = ntohs(local->sin6_port);
|
||||
if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
|
||||
if (WOLFSENTRY_MASKIN_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
|
||||
wolfsentry_data->remote.addr_len = 0;
|
||||
XMEMSET(wolfsentry_data->remote.addr, 0, sizeof remote->sin6_addr);
|
||||
} else {
|
||||
wolfsentry_data->remote.addr_len = sizeof remote->sin6_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(wolfsentry_data->remote.addr, &remote->sin6_addr, sizeof remote->sin6_addr);
|
||||
}
|
||||
if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
|
||||
if (WOLFSENTRY_MASKIN_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
|
||||
wolfsentry_data->local.addr_len = 0;
|
||||
XMEMSET(wolfsentry_data->local.addr, 0, sizeof local->sin6_addr);
|
||||
} else {
|
||||
@ -1256,14 +1256,14 @@ static WC_INLINE int wolfsentry_store_endpoints(
|
||||
wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin_family;
|
||||
wolfsentry_data->remote.sa_port = ntohs(remote->sin_port);
|
||||
wolfsentry_data->local.sa_port = ntohs(local->sin_port);
|
||||
if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
|
||||
if (WOLFSENTRY_MASKIN_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
|
||||
wolfsentry_data->remote.addr_len = 0;
|
||||
XMEMSET(wolfsentry_data->remote.addr, 0, sizeof remote->sin_addr);
|
||||
} else {
|
||||
wolfsentry_data->remote.addr_len = sizeof remote->sin_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(wolfsentry_data->remote.addr, &remote->sin_addr, sizeof remote->sin_addr);
|
||||
}
|
||||
if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
|
||||
if (WOLFSENTRY_MASKIN_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
|
||||
wolfsentry_data->local.addr_len = 0;
|
||||
XMEMSET(wolfsentry_data->local.addr, 0, sizeof local->sin_addr);
|
||||
} else {
|
||||
@ -1315,9 +1315,9 @@ static int wolfSentry_NetworkFilterCallback(
|
||||
&action_results);
|
||||
|
||||
if (ret >= 0) {
|
||||
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
|
||||
if (WOLFSENTRY_MASKIN_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
|
||||
*decision = WOLFSSL_NETFILTER_REJECT;
|
||||
else if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
else if (WOLFSENTRY_MASKIN_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
*decision = WOLFSSL_NETFILTER_ACCEPT;
|
||||
else
|
||||
*decision = WOLFSSL_NETFILTER_PASS;
|
||||
@ -1423,7 +1423,7 @@ static int wolfsentry_setup(
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) {
|
||||
if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
@ -1472,7 +1472,7 @@ static int wolfsentry_setup(
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
return ret;
|
||||
}
|
||||
} else if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) {
|
||||
} else if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
@ -1580,9 +1580,9 @@ static WC_INLINE int tcp_connect_with_wolfSentry(
|
||||
WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
decision = WOLFSSL_NETFILTER_PASS;
|
||||
} else {
|
||||
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
|
||||
if (WOLFSENTRY_MASKIN_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
|
||||
decision = WOLFSSL_NETFILTER_REJECT;
|
||||
else if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
else if (WOLFSENTRY_MASKIN_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
decision = WOLFSSL_NETFILTER_ACCEPT;
|
||||
else
|
||||
decision = WOLFSSL_NETFILTER_PASS;
|
||||
|
||||
@ -86,31 +86,40 @@
|
||||
|
||||
/* Determine max ECC bits based on enabled curves */
|
||||
#if defined(WOLFCRYPT_HAVE_SAKKE)
|
||||
#define MAX_ECC_BITS 1024
|
||||
#define MAX_ECC_BITS_NEEDED 1024
|
||||
#elif defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
|
||||
#define MAX_ECC_BITS 521
|
||||
#define MAX_ECC_BITS_NEEDED 521
|
||||
#elif defined(HAVE_ECC512)
|
||||
#define MAX_ECC_BITS 512
|
||||
#define MAX_ECC_BITS_NEEDED 512
|
||||
#elif defined(HAVE_ECC384)
|
||||
#define MAX_ECC_BITS 384
|
||||
#define MAX_ECC_BITS_NEEDED 384
|
||||
#elif defined(HAVE_ECC320)
|
||||
#define MAX_ECC_BITS 320
|
||||
#define MAX_ECC_BITS_NEEDED 320
|
||||
#elif !defined(NO_ECC256)
|
||||
#define MAX_ECC_BITS 256
|
||||
#define MAX_ECC_BITS_NEEDED 256
|
||||
#elif defined(HAVE_ECC239)
|
||||
#define MAX_ECC_BITS 239
|
||||
#define MAX_ECC_BITS_NEEDED 239
|
||||
#elif defined(HAVE_ECC224)
|
||||
#define MAX_ECC_BITS 224
|
||||
#define MAX_ECC_BITS_NEEDED 224
|
||||
#elif defined(HAVE_ECC192)
|
||||
#define MAX_ECC_BITS 192
|
||||
#define MAX_ECC_BITS_NEEDED 192
|
||||
#elif defined(HAVE_ECC160)
|
||||
#define MAX_ECC_BITS 160
|
||||
#define MAX_ECC_BITS_NEEDED 160
|
||||
#elif defined(HAVE_ECC128)
|
||||
#define MAX_ECC_BITS 128
|
||||
#define MAX_ECC_BITS_NEEDED 128
|
||||
#elif defined(HAVE_ECC112)
|
||||
#define MAX_ECC_BITS 112
|
||||
#define MAX_ECC_BITS_NEEDED 112
|
||||
#endif
|
||||
|
||||
#ifndef MAX_ECC_BITS
|
||||
#define MAX_ECC_BITS MAX_ECC_BITS_NEEDED
|
||||
#else
|
||||
#if MAX_ECC_BITS_NEEDED > MAX_ECC_BITS
|
||||
#error configured MAX_ECC_BITS is less than required by enabled curves.
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
/* calculate max ECC bytes */
|
||||
#if ((MAX_ECC_BITS * 2) % 8) == 0
|
||||
#define MAX_ECC_BYTES (MAX_ECC_BITS / 8)
|
||||
|
||||
@ -94,10 +94,13 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
enum {
|
||||
RSA_MIN_SIZE = 512,
|
||||
RSA_MAX_SIZE = 4096,
|
||||
};
|
||||
#ifndef RSA_MIN_SIZE
|
||||
#define RSA_MIN_SIZE 512
|
||||
#endif
|
||||
|
||||
#ifndef RSA_MAX_SIZE
|
||||
#define RSA_MAX_SIZE 4096
|
||||
#endif
|
||||
|
||||
/* avoid redefinition of structs */
|
||||
#if !defined(HAVE_FIPS) || \
|
||||
|
||||
@ -2412,7 +2412,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
|
||||
#ifndef MAX_EX_DATA
|
||||
#define MAX_EX_DATA 5 /* allow for five items of ex_data */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef NO_WOLFSSL_SMALL_STACK
|
||||
|
||||
Reference in New Issue
Block a user