-
Notifications
You must be signed in to change notification settings - Fork 834
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wolfcrypt tests: disable ecc sign/verify of all zero digest #8118
wolfcrypt tests: disable ecc sign/verify of all zero digest #8118
Conversation
@@ -3168,6 +3168,14 @@ extern void uITRON4_free(void *p) ; | |||
#undef NO_DH | |||
#endif | |||
|
|||
/* CryptoCell defines */ | |||
#ifdef WOLFSSL_CRYPTOCELL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you may have lost the WOLFSSL_ASYNC_CRYPT
one? This section can just be about which ECC signing hardware support zero digest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dgarske I added it later on in the WOLFSSL_ASYNC_CRYPT section of settings.h, see line 3206.
That is fair, I was thinking I'd add the disable to the section of settings.h that corresponds to each higher level feature that wants to disable it, since that is what would drive the decision.
That way all the dependent options for ASYNC are set in the ASYNC section, the dependent options for cryptocell are set in the cryptocell section, etc. I noticed there wasn't a centralized cryptocell section for settings.h, so I created one.
Let me know if you would rather have it relocated to the ECC section?
Jenkins retest this please |
Adds a non-feature-specific macro to disable ECC sign/verify of an all-zero digest in wolfCrypt tests.
Lots of ECC crypto hardware accelerators cannot handle a zero input digest for sign/verify. This flag is required when using wolfCrypt tests to exercise platform-specific crypto callbacks for hardware accelerators on these platforms that aren't natively supported in wolfCrypt.
We already disable this on a feature-by-feature basis (KCAPI, CRYPTOCELL, ASYNC, etc), but clearly enough hardware has issues with this feature that we should allow a generic way to turn it off.
I will add the macro to chapter 2 of the documentation when this merges. I don't think this is worthwhile to add as a configure flag, given the niche usage.