Closed maxgerhardt closed 1 year ago
Hi @maxgerhardt ,
Yeah you have hit a use-case we haven't tested. We typically always have the standard NIST prime curves enabled. I understand wanting just the brain pool curves enabled. I think at one time this worked and getting it working should be easy. I'll have another engineer review effort.
Thanks, David Garske, wolfSSL
Hi @maxgerhardt,
Thank you for this report. This issue should be resolved with https://github.com/wolfSSL/wolfssl/pull/6402
I applied https://patch-diff.githubusercontent.com/raw/wolfSSL/wolfssl/pull/6402.patch
to my wolfssl version and recompiled with NO_ECC_SECP
activated and in my embedded application (that has USE_CERT_BUFFERS_256
on), it the fails in the ecc_test_buffers()
test in
/* Lookup OID id. */
ret = wc_ecc_get_oid(oid, NULL, &oidSz);
because it can't find the curve OID for it.
ECC buffer test failed!
error = -10422
Further when WOLFSSL_CERT_GEN
is activated, that also blows up
ecc_test_vector 32 failed!: -140
ECC test failed!
@maxgerhardt Could you test with https://github.com/wolfSSL/wolfssl/pull/6411?
Hi @maxgerhardt,
Since we never heard back I will go ahead and close out this issue. If anything else come up please do not hesitate to open a new issue anytime. We are always happy to help out in any way we can.
Until next time all the best and thank you for reaching out.
Contact Details
maximilian.gerhardt@rub.de
Version
870f7cc95b1061b0f829d15315c66b6b6823eb99
Description
WolfSSL and NIST-P curves seem to glued together inseparably. I really don't want the NIST P-x / SECP curve in my application. WolfSSL has the
NO_ECC_SECP
macro which is supposed to disable these curves.However, doing so makes the selftests check still attempt to do tests on the NIST curves -- subsequently failing on it, although WolfSSL would be prefectly operateble on the chosen curves.
The testbench should respect
NO_ECC_SECP
and only test the features / curves it was compile-activated for.The relevant test.c code does not.
Reproduction steps
(On: Ubuntu 22.04, x64)
./configure --enable-brainpool --enable-ecccustcurves --disable-curve25519 --disable-ed25519 --enable-crypttests-libs --enable-crypttests
make
./wolfcrypt/test/testwolfcrypt
EXTRA_CFLAGS="-DNO_ECC_SECP" ./configure --enable-brainpool --enable-ecccustcurves --disable-curve25519 --disable-ed25519 --enable-crypttests-libs --enable-crypttests
make
./wolfcrypt/test/testwolfcrypt
Relevant log output
With first config:
with second config: