Fix ECC genkey default curve and sign test data size

- Default to P-256 when no curve name is given, so the EC_KEY group
  NID is always set before EC_KEY_generate_key(). Without this,
  wolfSSL_EC_KEY_new() leaves the group as WC_NID_undef and the
  generated key's DER export is malformed.
- Increase test sign data from 15 to 20 bytes to meet wolfSSL's
  WC_MIN_DIGEST_SIZE (16) requirement in wc_ecc_sign_hash().

Author: julek-wolfssl

src/genkey/clu_genkey.c

@@ -554,21 +554,24 @@ WOLFSSL_EC_KEY* wolfCLU_GenKeyECC(char* name)
 
     if (ret == WOLFCLU_SUCCESS) {
         key = wolfSSL_EC_KEY_new();
-        if (key != NULL && name != NULL) {
+        if (key != NULL) {
             WOLFSSL_EC_GROUP *group = NULL;
             int nid;
+            /* Default to P-256 when no curve name is given so the
+             * EC_KEY group NID is always set before generate. */
+            const char* curveName = (lower != NULL) ? lower : "prime256v1";
 
-            WOLFCLU_LOG(WOLFCLU_L0, "Setting ECC group with curve %s", lower);
-            nid = wolfSSL_OBJ_txt2nid(lower);
+            WOLFCLU_LOG(WOLFCLU_L0, "Setting ECC group with curve %s",
+                    curveName);
+            nid = wolfSSL_OBJ_txt2nid(curveName);
             if (nid <= 0) {
                 wolfCLU_LogError("Error getting NID value for curve %s",
-                        lower);
+                        curveName);
                 ret = WOLFCLU_FATAL_ERROR;
             }
 
             if (ret == WOLFCLU_SUCCESS) {
-                group = wolfSSL_EC_GROUP_new_by_curve_name(
-                        wolfSSL_OBJ_txt2nid(lower));
+                group = wolfSSL_EC_GROUP_new_by_curve_name(nid);
                 if (group == NULL) {
                     wolfCLU_LogError("unable to set curve");
                     ret = WOLFCLU_FATAL_ERROR;

tests/genkey_sign_ver/genkey-sign-ver-test.py

@@ -40,7 +40,7 @@ def setUpClass(cls):
                     raise unittest.SkipTest("filesystem support disabled")
 
         with open(cls.SIGN_FILE, "w") as f:
-            f.write("Sign this data\n")
+            f.write("Sign this test data\n")
 
     @classmethod
     def tearDownClass(cls):
@@ -138,6 +138,22 @@ def test_ed25519_raw(self):
 
 class EccTest(_GenkeySignVerifyBase):
 
+    # @classmethod
+    # def setUpClass(cls):
+    #     super().setUpClass()
+    #     # Quick smoke test: ECC sign can fail on smallstack wolfSSL builds
+    #     r = run_wolfssl("-genkey", "ecc", "-out", "ecc_probe",
+    #                     "-outform", "der", "KEYPAIR")
+    #     if r.returncode == 0:
+    #         r2 = run_wolfssl("-ecc", "-sign", "-inkey", "ecc_probe.priv",
+    #                          "-inform", "der", "-in", cls.SIGN_FILE,
+    #                          "-out", "ecc_probe.sig")
+    #         _cleanup_files(["ecc_probe.priv", "ecc_probe.pub",
+    #                         "ecc_probe.sig"])
+    #         if r2.returncode != 0:
+    #             raise unittest.SkipTest(
+    #                 "ECC sign not functional: " + r2.stderr.strip())
+
     def test_ecc_der(self):
         self._gen_sign_verify("ecc", "ecckey", "ecc-signed.sig", "der")