From 9bd300e07d5bbfb4c45d5fa5abf4b18e2f919651 Mon Sep 17 00:00:00 2001
From: Kaleb Himes <kaleb@wolfssl.com>
Date: Sun, 19 Sep 2021 16:29:15 -0600
Subject: [PATCH] AESNI in FIPS mode does not support zero length inputs
 (#4411)

* AESNI in FIPS mode does not support zero length inputs

* Update note to specifically note AESNI
---
 tests/api.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index c6a7e2c19..f3fff2366 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15572,6 +15572,11 @@ static int test_wc_AesCbcEncryptDecrypt (void)
 #endif
     }
     if (cbcE == 0) {
+    #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+        (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
+        printf("Zero length inputs not supported with AESNI in FIPS mode (v2),"
+               " skip test");
+    #else
         /* Test passing in size of 0  */
         XMEMSET(enc, 0, sizeof(enc));
         cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
@@ -15581,6 +15586,7 @@ static int test_wc_AesCbcEncryptDecrypt (void)
             for (i = 0; i < (int)sizeof(enc); i++)
                 cbcE |= enc[i];
         }
+    #endif
     }
     printf(resultFmt, cbcE == 0 ? passed : failed);
     if (cbcE != 0) {