From 43b62c8ccfe781a93be7f2ed9b49cfcfb5ca8256 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 16 May 2024 16:26:39 -0400 Subject: [PATCH 1/4] Make sure the ECC_MIN_SZ is set even when set to default --- configure.ac | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 8f1f085910..48375d184d 100644 --- a/configure.ac +++ b/configure.ac @@ -3964,12 +3964,10 @@ fi # ECC Minimum Key Size AC_ARG_WITH([eccminsz], [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])], - [ - ENABLED_ECCMINSZ=$withval - AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval" - ], + [ ENABLED_ECCMINSZ=$withval ], [ ENABLED_ECCMINSZ=224 ] ) +AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ" # Compressed Key AC_ARG_ENABLE([compkey], From e340e41db397cac2bd469ac04372f435819a8366 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 16 May 2024 16:28:02 -0400 Subject: [PATCH 2/4] Add --enable-wolfprovider --- configure.ac | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/configure.ac b/configure.ac index 48375d184d..9b2d8c8d4a 100644 --- a/configure.ac +++ b/configure.ac @@ -322,6 +322,22 @@ AC_ARG_ENABLE([fips], [ENABLED_FIPS=$enableval], [ENABLED_FIPS="no"]) +# wolfProvider Options +AC_ARG_ENABLE([wolfprovider], + [AS_HELP_STRING([--enable-wolfprovider],[Enable wolfProvider options (default: disabled)])], + [ ENABLED_WOLFPROVIDER=$enableval ], + [ ENABLED_WOLFPROVIDER=no ] + ) +if test "x$ENABLED_WOLFPROVIDER" != "xno" +then + enable_all_crypto=yes + enable_opensslcoexist=yes + enable_sha=yes + enable_eccminsz=192 + with_max_ecc_bits=1024 + AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER" +fi + # wolfEngine Options AC_ARG_ENABLE([engine], [AS_HELP_STRING([--enable-engine],[Enable wolfEngine options (default: disabled)])], From 7cc42d446e6554aab2747e5cf95acf394f90cf32 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 3 Jul 2024 11:20:51 -0400 Subject: [PATCH 3/4] Update the true minimum ECC key size default The discrepancy shows up when trying to compile with FIPS --- configure.ac | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 9b2d8c8d4a..247d84f296 100644 --- a/configure.ac +++ b/configure.ac @@ -3979,9 +3979,16 @@ fi # ECC Minimum Key Size AC_ARG_WITH([eccminsz], - [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])], + [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits non-FIPS / 192 bits with FIPS)])], [ ENABLED_ECCMINSZ=$withval ], - [ ENABLED_ECCMINSZ=224 ] + [ + if test "x$ENABLED_FIPS" = "xno" + then + ENABLED_ECCMINSZ=224 + else + ENABLED_ECCMINSZ=192 + fi + ] ) AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ" From 5b1e6db9a50f06ec382050495d5d64c9994b7efa Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 15 Jul 2024 09:46:36 -0400 Subject: [PATCH 4/4] Allow user to override required flags --- configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 247d84f296..37836908a4 100644 --- a/configure.ac +++ b/configure.ac @@ -330,11 +330,11 @@ AC_ARG_ENABLE([wolfprovider], ) if test "x$ENABLED_WOLFPROVIDER" != "xno" then - enable_all_crypto=yes - enable_opensslcoexist=yes - enable_sha=yes - enable_eccminsz=192 - with_max_ecc_bits=1024 + test -z "$enable_all_crypto" && enable_all_crypto=yes + test -z "$enable_opensslcoexist" && enable_opensslcoexist=yes + test -z "$enable_sha" && enable_sha=yes + test -z "$enable_eccminsz" && enable_eccminsz=192 + test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024 AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER" fi