wolfcrypt tests: disable ecc sign/verify of all zero digest #8118
Conversation
| @@ -3168,6 +3168,14 @@ extern void uITRON4_free(void *p) ; | |||
| #undef NO_DH | |||
| #endif | |||
|
|
|||
| /* CryptoCell defines */ | |||
| #ifdef WOLFSSL_CRYPTOCELL | |||
There was a problem hiding this comment.
I think you may have lost the WOLFSSL_ASYNC_CRYPT one? This section can just be about which ECC signing hardware support zero digest.
There was a problem hiding this comment.
@dgarske I added it later on in the WOLFSSL_ASYNC_CRYPT section of settings.h, see line 3206.
That is fair, I was thinking I'd add the disable to the section of settings.h that corresponds to each higher level feature that wants to disable it, since that is what would drive the decision.
That way all the dependent options for ASYNC are set in the ASYNC section, the dependent options for cryptocell are set in the cryptocell section, etc. I noticed there wasn't a centralized cryptocell section for settings.h, so I created one.
Let me know if you would rather have it relocated to the ECC section?
|
Jenkins retest this please |
Adds a non-feature-specific macro to disable ECC sign/verify of an all-zero digest in wolfCrypt tests.
Lots of ECC crypto hardware accelerators cannot handle a zero input digest for sign/verify. This flag is required when using wolfCrypt tests to exercise platform-specific crypto callbacks for hardware accelerators on these platforms that aren't natively supported in wolfCrypt.
We already disable this on a feature-by-feature basis (KCAPI, CRYPTOCELL, ASYNC, etc), but clearly enough hardware has issues with this feature that we should allow a generic way to turn it off.
I will add the macro to chapter 2 of the documentation when this merges. I don't think this is worthwhile to add as a configure flag, given the niche usage.