Wednesday, July 17, 2013

CyaSSL and 4096-bit certificates

As of version 2.6.0, CyaSSL now uses the fastmath library by default (versus the big integer library) when building with the ./configure system.

One of the less portable aspects of fastmath is the need for fixed buffers to reduce dynamic memory use. By default, these buffers allow a 2048 bit X 2048 bit multiply into a 4096 bit buffer. Since most sites are using 2048 bit RSA keys this is fine. But for those sites/users that have a 4096 bit RSA key the fastmath buffer size needs to be increased to 8192. Since your certs use 4096 bit RSA keys, you'll need to increase the size by modifying the define


in <cyassl_root>/cyassl/ctaocrypt/tfm.h, and setting it to 8192.