Topic: ecc_test_curve_size 24 failed!: -9917

I am trying to configure & install wolfssl-4.7.0-gplv3-fips-ready

Configure script seemed to run OK, I then did make, followed by "make check". Initial run of "make check" failed (expected) and then I updated verifyCore in fips_test.c as directed in test-suite.log

I then re-ran make and "make check". Check failed again with the error "ecc_test_curve_size 24 failed!: -9917"

There are subsequent "RNG required but not provided" errors in test-suite.log

I'm at a loss as to what's going on. Any ideas? configure script output is attached in case it's helpful to know what config options were used.

Post's attachments

config.log 78.1 kb, 1 downloads since 2021-03-24 

You don't have the permssions to download the attachments of this post.

Share

Re: ecc_test_curve_size 24 failed!: -9917

It appears that when running testsuite during "make check", it's hitting this error in wolfcrypt/src/ecc.c:

#ifdef ECC_TIMING_RESISTANT
       if (private_key->rng == NULL) {
            err = MISSING_RNG_E;
        }
#endif

I *am* running with timing resistance (I believe --enable-harden turns that on), but I don't understand what would cause the test to try to run w/o providing an RNG to the private_key struct...

Share

Re: ecc_test_curve_size 24 failed!: -9917

Hello sahl.john

There is a fix pending for the RNG dependency. This fix will be available in the next release, although I can't provide a specific timeline. I will update as soon as the fix is available (i.e. the PR has been merged).

Thanks,
Eric @ wolfSSL Support

Re: ecc_test_curve_size 24 failed!: -9917

Here is the patch for the code to get the test working:


 fips_test.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fips_test.c b/fips_test.c
index 78008dc..21db828 100644
--- a/fips_test.c
+++ b/fips_test.c
@@ -809,6 +809,15 @@ static int ECDSA_PairwiseAgreeTest(int type, const char* msg)
         return ret;
     }
 
+#ifdef ECC_TIMING_RESISTANT
+    ret = wc_ecc_set_rng(&ecc, &rng);
+    if (ret != 0) {
+        wc_ecc_free(&ecc);
+        wc_FreeRng(&rng);
+        return ret;
+    }
+#endif
+
     switch (type) {
         case WC_SHA256 :
         {