Fix test_ecx.c build if no ED448 in WolfSSL

[adrianjarc]

If WolfSSL is built without --enable-ed448 flag, the build of wolfProvider fails in test/test_ecx.c file because of undefined ED448_KEY_SIZE parameter.

This fix checks if ED25519 and ED448 are enabled and sets sizes for readback_ossl and readback_wolf accordingly.

[wolfSSL-Bot]

Can one of the admins verify this patch?

[padelsbach]

Hello Adrian, thanks for posting this. I see a different error when building with --disable-ed448 on your branch:

src/wp_ecx_sig.c:341:12: error: ‘wp_ed448_get_ctx_params’ defined but not used [-Werror=unused-function]
  341 | static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)

Can you let us know how you are building wolfProvider in this case?

[adrianjarc]

Hello Adrian, thanks for posting this. I see a different error when building with --disable-ed448 on your branch:

src/wp_ecx_sig.c:341:12: error: ‘wp_ed448_get_ctx_params’ defined but not used [-Werror=unused-function]
  341 | static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)

Can you let us know how you are building wolfProvider in this case?

Hello @padelsbach,

I am building wolfProvider with the following flags:

--with-openssl=${RECIPE_SYSROOT}/usr
--with-wolfssl=${RECIPE_SYSROOT}/usr

CPPFLAGS="-I${RECIPE_SYSROOT}/usr/include -I${WORKDIR}/git/include"

CFLAGS="-DWOLFSSL_SHA224 \
                  -DWOLFSSL_SHA3 \
                  -DHAVE_CURVE25519 \
                  -DHAVE_CURVE25519_KEY_IMPORT \
                  -DHAVE_CURVE25519_KEY_EXPORT \
                  -DHAVE_ED25519 \
                  -DHAVE_ED25519_KEY_IMPORT \
                  -DHAVE_ED25519_KEY_EXPORT \
                  -DHAVE_CURVE448 \
                  -DWOLFSSL_DH_EXTRA \
                  -DWOLFSSL_SHA512 \
                  -DHAVE_FIPS \
                  -DHAVE_FIPS_VERSION=5 \
                  -DHAVE_FFDHE_Q

I also have WolfSSL version 5.6.4 (provided by you, for FIPS build), which is built with:

--enable-fips=v5 \ 
--enable-cmac \
--enable-keygen \
--enable-sha \
--enable-aesctr \
--enable-aesccm \
--enable-aescfb \
--enable-aesgcm \
--enable-x963kdf \
--enable-certgen \
--enable-aeskeywrap \
--enable-enckeys \
--enable-curve25519 \
--enable-curve448 \
--enable-ed25519 \
--enable-sha224 \
--enable-sha3 \
--enable-pwdbased \
--enable-certreq \
--enable-certext \    
--enable-opensslcoexist \
--enable-aesgcm-stream

CPPFLAGS="-DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_RSA_KEY_CHECK -DWOLFSSL_DH_EXTRA -DECC_CACHE_CURVE -DHAVE_AES_DECRYPT -DWOLFCRYPT_FIPS_CORE_HASH_VALUE='<value>'"

CFLAGS="-DSIZEOF_LONG_LONG='<value>'"

all this is built as a part of a bigger Yocto project. And your warning did not occur when I was building it with those settings. The error that did occur (without the fix) was:

../git/test/test_ecx.c: In function 'test_ecx_sign_verify_raw_pub':
../git/test/test_ecx.c:338:55: error: 'ED448_KEY_SIZE' undeclared (first use in this function); did you mean 'ED25519_KEY_SIZE'?
   338 |     unsigned char readback_ossl[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                                                       ^~~~~~~~~~~~~~
 ../git/test/test_ecx.c:36:36: note: in definition of macro 'MAX'
    36 |     #define MAX(a,b)       ((a) > (b) ? (a) : (b))
       |                                    ^
 ../git/test/test_ecx.c:339:19: warning: unused variable 'readback_wolf' [-Wunused-variable]
   339 |     unsigned char readback_wolf[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                   ^~~~~~~~~~~~~
 ../git/test/test_ecx.c:338:19: warning: unused variable 'readback_ossl' [-Wunused-variable]
   338 |     unsigned char readback_ossl[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                   ^~~~~~~~~~~~~
 Makefile:1119: recipe for target 'test/unit_test-test_ecx.o' failed
 make: *** [test/unit_test-test_ecx.o] Error 1

[adrianjarc]

I am also now inspecting src/wp_ecx_sig.c file and see a few possible changes to take into account if ED448 or ED25519 are used. I will add them as a new commit to this PR.

[adrianjarc]

@padelsbach I have added new changes that better handle definitions of ED25519 and ED448 specific functions in src/wp_ecx_sig.c file. Please review.

[padelsbach]

I'm not able to reproduce the issue, perhaps mostly due to the fips build having several issues on aarch64.

But the change seems good to me.

Do you have a contributor agreement in place with WolfSSL?

[dgarske]

Okay to test. Approved contributor agreement on file. Thank you @adrianjarc

[adrianjarc]

@padelsbach Yes I have a contributor agreement in place with WolfSSL. I have also previously already contributed a small addition to WolfProvider: #34