Skip to content

Fix test_ecx.c build if no ED448 in WolfSSL#171

Merged
padelsbach merged 4 commits into
wolfSSL:masterfrom
adrianjarc:fix_ecx_test_build
Jun 19, 2025
Merged

Fix test_ecx.c build if no ED448 in WolfSSL#171
padelsbach merged 4 commits into
wolfSSL:masterfrom
adrianjarc:fix_ecx_test_build

Conversation

@adrianjarc
Copy link
Copy Markdown
Contributor

@adrianjarc adrianjarc commented Jun 16, 2025

If WolfSSL is built without --enable-ed448 flag, the build of wolfProvider fails in test/test_ecx.c file because of undefined ED448_KEY_SIZE parameter.

This fix checks if ED25519 and ED448 are enabled and sets sizes for readback_ossl and readback_wolf accordingly.

@wolfSSL-Bot
Copy link
Copy Markdown

wolfSSL-Bot commented Jun 16, 2025

Can one of the admins verify this patch?

@padelsbach
Copy link
Copy Markdown
Contributor

padelsbach commented Jun 16, 2025

Hello Adrian, thanks for posting this. I see a different error when building with --disable-ed448 on your branch:

src/wp_ecx_sig.c:341:12: error: ‘wp_ed448_get_ctx_params’ defined but not used [-Werror=unused-function]
  341 | static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)

Can you let us know how you are building wolfProvider in this case?

@adrianjarc
Copy link
Copy Markdown
Contributor Author

adrianjarc commented Jun 17, 2025

Hello Adrian, thanks for posting this. I see a different error when building with --disable-ed448 on your branch:

src/wp_ecx_sig.c:341:12: error: ‘wp_ed448_get_ctx_params’ defined but not used [-Werror=unused-function]
  341 | static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)

Can you let us know how you are building wolfProvider in this case?

Hello @padelsbach,

I am building wolfProvider with the following flags:

--with-openssl=${RECIPE_SYSROOT}/usr
--with-wolfssl=${RECIPE_SYSROOT}/usr

CPPFLAGS="-I${RECIPE_SYSROOT}/usr/include -I${WORKDIR}/git/include"

CFLAGS="-DWOLFSSL_SHA224 \
                  -DWOLFSSL_SHA3 \
                  -DHAVE_CURVE25519 \
                  -DHAVE_CURVE25519_KEY_IMPORT \
                  -DHAVE_CURVE25519_KEY_EXPORT \
                  -DHAVE_ED25519 \
                  -DHAVE_ED25519_KEY_IMPORT \
                  -DHAVE_ED25519_KEY_EXPORT \
                  -DHAVE_CURVE448 \
                  -DWOLFSSL_DH_EXTRA \
                  -DWOLFSSL_SHA512 \
                  -DHAVE_FIPS \
                  -DHAVE_FIPS_VERSION=5 \
                  -DHAVE_FFDHE_Q

I also have WolfSSL version 5.6.4 (provided by you, for FIPS build), which is built with:

--enable-fips=v5 \ 
--enable-cmac \
--enable-keygen \
--enable-sha \
--enable-aesctr \
--enable-aesccm \
--enable-aescfb \
--enable-aesgcm \
--enable-x963kdf \
--enable-certgen \
--enable-aeskeywrap \
--enable-enckeys \
--enable-curve25519 \
--enable-curve448 \
--enable-ed25519 \
--enable-sha224 \
--enable-sha3 \
--enable-pwdbased \
--enable-certreq \
--enable-certext \    
--enable-opensslcoexist \
--enable-aesgcm-stream

CPPFLAGS="-DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_RSA_KEY_CHECK -DWOLFSSL_DH_EXTRA -DECC_CACHE_CURVE -DHAVE_AES_DECRYPT -DWOLFCRYPT_FIPS_CORE_HASH_VALUE='<value>'"

CFLAGS="-DSIZEOF_LONG_LONG='<value>'"

all this is built as a part of a bigger Yocto project. And your warning did not occur when I was building it with those settings. The error that did occur (without the fix) was:

../git/test/test_ecx.c: In function 'test_ecx_sign_verify_raw_pub':
../git/test/test_ecx.c:338:55: error: 'ED448_KEY_SIZE' undeclared (first use in this function); did you mean 'ED25519_KEY_SIZE'?
   338 |     unsigned char readback_ossl[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                                                       ^~~~~~~~~~~~~~
 ../git/test/test_ecx.c:36:36: note: in definition of macro 'MAX'
    36 |     #define MAX(a,b)       ((a) > (b) ? (a) : (b))
       |                                    ^
 ../git/test/test_ecx.c:339:19: warning: unused variable 'readback_wolf' [-Wunused-variable]
   339 |     unsigned char readback_wolf[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                   ^~~~~~~~~~~~~
 ../git/test/test_ecx.c:338:19: warning: unused variable 'readback_ossl' [-Wunused-variable]
   338 |     unsigned char readback_ossl[MAX(ED25519_KEY_SIZE, ED448_KEY_SIZE)];
       |                   ^~~~~~~~~~~~~
 Makefile:1119: recipe for target 'test/unit_test-test_ecx.o' failed
 make: *** [test/unit_test-test_ecx.o] Error 1

@adrianjarc
Copy link
Copy Markdown
Contributor Author

adrianjarc commented Jun 17, 2025

I am also now inspecting src/wp_ecx_sig.c file and see a few possible changes to take into account if ED448 or ED25519 are used. I will add them as a new commit to this PR.

@adrianjarc
Copy link
Copy Markdown
Contributor Author

adrianjarc commented Jun 17, 2025

@padelsbach I have added new changes that better handle definitions of ED25519 and ED448 specific functions in src/wp_ecx_sig.c file. Please review.

@padelsbach
Copy link
Copy Markdown
Contributor

padelsbach commented Jun 17, 2025

I'm not able to reproduce the issue, perhaps mostly due to the fips build having several issues on aarch64.

But the change seems good to me.

Do you have a contributor agreement in place with WolfSSL?

@dgarske
Copy link
Copy Markdown
Member

dgarske commented Jun 17, 2025

Okay to test. Approved contributor agreement on file. Thank you @adrianjarc

@adrianjarc
Copy link
Copy Markdown
Contributor Author

adrianjarc commented Jun 19, 2025

@padelsbach Yes I have a contributor agreement in place with WolfSSL. I have also previously already contributed a small addition to WolfProvider: #34

@dgarske dgarske requested a review from padelsbach June 19, 2025 13:04
@padelsbach padelsbach merged commit b1a102e into wolfSSL:master Jun 19, 2025
148 checks passed
@adrianjarc adrianjarc deleted the fix_ecx_test_build branch June 20, 2025 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@padelsbach padelsbach padelsbach approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

@padelsbach padelsbach

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@adrianjarc @wolfSSL-Bot @padelsbach @dgarske