TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d7bdbbeb0ae2dd855d0f7659df8158356a7b45ef^! / . / include
commitd7bdbbeb0ae2dd855d0f7659df8158356a7b45ef[log] [tgz]
authorWaleed Elmelegy <waleed.elmelegy@arm.com>Thu Jul 20 16:26:58 2023 +0000
committerWaleed Elmelegy <waleed.elmelegy@arm.com>Thu Jul 27 14:50:09 2023 +0000
treeefe49fda2486ee47a664a51ee2dfa1fc86425412
parent3d158f0c2810d8abba6e89f4710a69ce99719464 [diff]
Improve naming of mimimum RSA key size generation configurations

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index ab3837e..28249d3 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -3691,9 +3691,6 @@
 //#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
 
-/* RSA OPTIONS */
-//#define MBEDTLS_RSA_MIN_KEY_SIZE           1024 /**<  Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */
-
 /* Entropy options */
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
@@ -3784,6 +3781,9 @@
  */
 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
 
+/* RSA OPTIONS */
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS            1024 /**<  Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+
 /* SSL Cache options */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 8045e6b..69f3981 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h

@@ -85,8 +85,10 @@
 // Regular implementation
 //
 
-#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE)
-#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
+#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
+#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
+#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
 #endif
 
 /**

diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index fd0eeb9..0876177 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h

@@ -211,13 +211,13 @@
 /* The minimum size of an RSA key on this implementation, in bits.
  * This is a vendor-specific macro.
  *
- * Limits RSA key generation to a minimum due to security reasons.
+ * Limits RSA key generation to a minimum due to avoid accidental misuse.
  * This value cannot be less than 128 bits.
  */
-#if defined(MBEDTLS_RSA_MIN_KEY_SIZE)
-#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
 #else
-#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
 #endif
 
 /* The maximum size of an DH key on this implementation, in bits.