Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfcrypt tests: disable ecc sign/verify of all zero digest #8118

Merged
merged 3 commits into from
Oct 31, 2024

Conversation

bigbrett
Copy link
Contributor

Adds a non-feature-specific macro to disable ECC sign/verify of an all-zero digest in wolfCrypt tests.

Lots of ECC crypto hardware accelerators cannot handle a zero input digest for sign/verify. This flag is required when using wolfCrypt tests to exercise platform-specific crypto callbacks for hardware accelerators on these platforms that aren't natively supported in wolfCrypt.

We already disable this on a feature-by-feature basis (KCAPI, CRYPTOCELL, ASYNC, etc), but clearly enough hardware has issues with this feature that we should allow a generic way to turn it off.

I will add the macro to chapter 2 of the documentation when this merges. I don't think this is worthwhile to add as a configure flag, given the niche usage.

wolfcrypt/test/test.c Show resolved Hide resolved
@@ -3168,6 +3168,14 @@ extern void uITRON4_free(void *p) ;
#undef NO_DH
#endif

/* CryptoCell defines */
#ifdef WOLFSSL_CRYPTOCELL
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you may have lost the WOLFSSL_ASYNC_CRYPT one? This section can just be about which ECC signing hardware support zero digest.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dgarske I added it later on in the WOLFSSL_ASYNC_CRYPT section of settings.h, see line 3206.

That is fair, I was thinking I'd add the disable to the section of settings.h that corresponds to each higher level feature that wants to disable it, since that is what would drive the decision.

That way all the dependent options for ASYNC are set in the ASYNC section, the dependent options for cryptocell are set in the cryptocell section, etc. I noticed there wasn't a centralized cryptocell section for settings.h, so I created one.

Let me know if you would rather have it relocated to the ECC section?

@bigbrett
Copy link
Contributor Author

Jenkins retest this please

@dgarske dgarske assigned SparkiDev and unassigned bigbrett Oct 31, 2024
@dgarske dgarske requested a review from SparkiDev October 31, 2024 21:52
@SparkiDev SparkiDev merged commit 76e421b into wolfSSL:master Oct 31, 2024
142 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants