wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

[Bug]: benchmark crash on ECDSA SECP521R1 at sign and verify

Open netmonitoring opened this issue 3 weeks ago • 3 comments

Contact Details

[email protected]

Version

v5.8.4-stable

Description

SECP521R1 curve size is 66 bytes. sing and verify steps use wc_ecc_sign_hash function where inlen argument assigned to (word32)keySize. keySize = wc_ecc_get_curve_size_from_id(curveId); <- 66 This is not correct, because SHA-512 is used for P-521, and the correct value is 64.

Error:

ECC [ SECP521R1] 528 key gen 2000 ops took 1.044 sec, avg 0.522 ms, 1915.969 ops/sec, 3031364765 cycles 1515682.4 Cycles/op ECDHE [ SECP521R1] 528 agree 2000 ops took 1.048 sec, avg 0.524 ms, 1908.751 ops/sec, 3042826874 cycles 1521413.4 Cycles/op ECDSA [ SECP521R1] 528 sign 0 ops took 0.000 sec, avg 0.000 ms, 0.000 ops/sec, 4768 cycles 0.0 Cycles/op Benchmark ECDSA [ SECP521R1] sign 528 failed: -279

Solution to fix:

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index fbce752e..03745439 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -12196,6 +12196,7 @@ exit_ecdhe:
     }

     /* ECC Sign */
+    #define DIGEST_SIZE 64  // SHA-512 for P-521
     bench_stats_start(&count, &start);
     do {
         for (times = 0; times < agreeTimes || pending > 0; ) {
@@ -12209,8 +12210,8 @@ exit_ecdhe:
                     if (genKey[i]->state == 0) {
                         x[i] = ECC_MAX_SIG_SIZE;
                     }
-
-                    ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i],
+
+                    ret = wc_ecc_sign_hash(digest[i], DIGEST_SIZE, sig[i],
                                            &x[i], GLOBAL_RNG, genKey[i]);

                     if (!bench_async_handle(&ret,
@@ -12262,7 +12263,7 @@ exit_ecdsa_sign:
                     }

                     ret = wc_ecc_verify_hash(sig[i], x[i], digest[i],
-                                             (word32)keySize, &verify[i],
+                                             DIGEST_SIZE, &verify[i],
                                              genKey[i]);

                     if (!bench_async_handle(&ret,

Final result:

wolfSSL version 5.8.4

wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)

ECC Benchmarks: ECC [ PRIME239V1] 240 key gen 12400 ops took 1.000 sec, avg 0.081 ms, 12396.134 ops/sec, 2904905383 cycles 234266.6 Cycles/op ECDHE [ PRIME239V1] 240 agree 12700 ops took 1.007 sec, avg 0.079 ms, 12615.064 ops/sec, 2923551847 cycles 230200.9 Cycles/op ECDSA [ PRIME239V1] 240 sign 10600 ops took 1.003 sec, avg 0.095 ms, 10569.400 ops/sec, 2912432944 cycles 274757.8 Cycles/op ECDSA [ PRIME239V1] 240 verify 9100 ops took 1.009 sec, avg 0.111 ms, 9022.859 ops/sec, 2928828132 cycles 321849.2 Cycles/op

ECC [ SECP256R1] 256 key gen 82200 ops took 1.001 sec, avg 0.012 ms, 82113.214 ops/sec, 2907069111 cycles 35365.8 Cycles/op ECDHE [ SECP256R1] 256 agree 58800 ops took 1.001 sec, avg 0.017 ms, 58716.300 ops/sec, 2908139328 cycles 49458.2 Cycles/op ECDSA [ SECP256R1] 256 sign 53100 ops took 1.002 sec, avg 0.019 ms, 53003.958 ops/sec, 2909263034 cycles 54788.4 Cycles/op ECDSA [ SECP256R1] 256 verify 50700 ops took 1.001 sec, avg 0.020 ms, 50668.519 ops/sec, 2905804907 cycles 57313.7 Cycles/op

ECC [ SECP224R1] 224 key gen 12800 ops took 1.000 sec, avg 0.078 ms, 12796.726 ops/sec, 2904743229 cycles 226933.1 Cycles/op ECDHE [ SECP224R1] 224 agree 13100 ops took 1.007 sec, avg 0.077 ms, 13005.348 ops/sec, 2925133497 cycles 223292.6 Cycles/op ECDSA [ SECP224R1] 224 sign 11000 ops took 1.005 sec, avg 0.091 ms, 10942.687 ops/sec, 2919211000 cycles 265382.8 Cycles/op ECDSA [ SECP224R1] 224 verify 9600 ops took 1.009 sec, avg 0.105 ms, 9516.268 ops/sec, 2929552462 cycles 305161.7 Cycles/op

ECC [ SECP384R1] 384 key gen 5500 ops took 1.003 sec, avg 0.182 ms, 5484.837 ops/sec, 2912028865 cycles 529459.8 Cycles/op ECDHE [ SECP384R1] 384 agree 5500 ops took 1.001 sec, avg 0.182 ms, 5492.874 ops/sec, 2907765811 cycles 528684.7 Cycles/op ECDSA [ SECP384R1] 384 sign 4800 ops took 1.012 sec, avg 0.211 ms, 4743.325 ops/sec, 2938697887 cycles 612228.7 Cycles/op ECDSA [ SECP384R1] 384 verify 3900 ops took 1.008 sec, avg 0.258 ms, 3870.829 ops/sec, 2925885736 cycles 750227.1 Cycles/op

ECC [ SECP521R1] 528 key gen 2000 ops took 1.040 sec, avg 0.520 ms, 1922.182 ops/sec, 3021565759 cycles 1510782.9 Cycles/op ECDHE [ SECP521R1] 528 agree 1900 ops took 1.002 sec, avg 0.527 ms, 1896.498 ops/sec, 2909360804 cycles 1531242.5 Cycles/op ECDSA [ SECP521R1] 528 sign 1800 ops took 1.008 sec, avg 0.560 ms, 1785.217 ops/sec, 2928047626 cycles 1626693.1 Cycles/op ECDSA [ SECP521R1] 528 verify 1500 ops took 1.014 sec, avg 0.676 ms, 1478.571 ops/sec, 2946088268 cycles 1964058.8 Cycles/op

Benchmark complete

Reproduction steps

No response

Relevant log output

netmonitoring avatar Dec 04 '25 15:12 netmonitoring

Hello @netmonitoring

Thanks for contacting wolfSSL Support. Could you tell us a bit about your project using wolfSSL? I'll have a look at the issue you've reported.

Kind regards, Eric - wolfSSL Support

embhorn avatar Dec 04 '25 17:12 embhorn

This started failing because of https://github.com/wolfSSL/wolfssl/pull/9422

@SparkiDev

embhorn avatar Dec 04 '25 18:12 embhorn

Hi @netmonitoring,

I've put up a PR that fixes this: #9494

Let us know if you have any issues with the fix.

Thanks, Sean

SparkiDev avatar Dec 04 '25 23:12 SparkiDev