Improve naming of mimimum RSA key size generation configurations

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2026-04-07 23:45:18 +00:00 · 2023-07-20 16:26:58 +00:00 · 2023-07-20 16:26:58 +00:00 · d7bdbbeb0a
commit d7bdbbeb0a
parent 3d158f0c28
11 changed files with 50 additions and 45 deletions
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -3691,9 +3691,6 @@
 //#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */

-/* RSA OPTIONS */
-//#define MBEDTLS_RSA_MIN_KEY_SIZE           1024 /**<  Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */
-
 /* Entropy options */
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
@ -3784,6 +3781,9 @@
 */
 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32

+/* RSA OPTIONS */
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS            1024 /**<  Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+
 /* SSL Cache options */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -85,8 +85,10 @@ extern "C" {
 // Regular implementation
 //

-#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE)
-#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
+#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
+#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
+#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
 #endif

 /**
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@ -211,13 +211,13 @@
 /* The minimum size of an RSA key on this implementation, in bits.
 * This is a vendor-specific macro.
 *
- * Limits RSA key generation to a minimum due to security reasons.
+ * Limits RSA key generation to a minimum due to avoid accidental misuse.
 * This value cannot be less than 128 bits.
 */
-#if defined(MBEDTLS_RSA_MIN_KEY_SIZE)
-#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
 #else
-#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
 #endif

 /* The maximum size of an DH key on this implementation, in bits.