tests/api/test_ed25519.c and tests/api/test_ed448.c: add missing FIPS v7+ gating in test_wc_ed25519_export() and test_wc_ed448_export().

wolfcrypt/test/test.c: in aes_cbc_test(), use unconditional static on msg4 and verify4 to work around gcc optimizer bug (probably same bug as noted in ac11279c60).
This commit is contained in:
Daniel Pouzzner
2026-05-06 14:23:42 -05:00
parent 490c1062e4
commit 03cee6f2bf
3 changed files with 18 additions and 2 deletions
+8
View File
@@ -347,6 +347,8 @@ int test_wc_ed25519_export(void)
XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(&rng, 0, sizeof(WC_RNG));
ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_ed25519_init(&key), 0);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* Reject export when private key not set. */ /* Reject export when private key not set. */
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz),
@@ -354,6 +356,8 @@ int test_wc_ed25519_export(void)
ExpectIntEQ(wc_ed25519_export_private(&key, priv, &privSz), ExpectIntEQ(wc_ed25519_export_private(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitRng(&rng), 0);
#ifdef HAVE_ED25519_MAKE_KEY #ifdef HAVE_ED25519_MAKE_KEY
ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
@@ -392,12 +396,16 @@ int test_wc_ed25519_export(void)
wc_ed25519_free(&key); wc_ed25519_free(&key);
ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_ed25519_init(&key), 0);
ExpectIntEQ(wc_ed25519_import_public(pub, pubSz, &key), 0); ExpectIntEQ(wc_ed25519_import_public(pub, pubSz, &key), 0);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_ed25519_export_private(&key, priv, &privSz), ExpectIntEQ(wc_ed25519_export_private(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
#endif #endif
DoExpectIntEQ(wc_FreeRng(&rng), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0);
+8
View File
@@ -324,6 +324,8 @@ int test_wc_ed448_export(void)
XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(&rng, 0, sizeof(WC_RNG));
ExpectIntEQ(wc_ed448_init(&key), 0); ExpectIntEQ(wc_ed448_init(&key), 0);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* Reject export when private key not set. */ /* Reject export when private key not set. */
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz),
@@ -331,6 +333,8 @@ int test_wc_ed448_export(void)
ExpectIntEQ(wc_ed448_export_private(&key, priv, &privSz), ExpectIntEQ(wc_ed448_export_private(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
@@ -364,12 +368,16 @@ int test_wc_ed448_export(void)
wc_ed448_free(&key); wc_ed448_free(&key);
ExpectIntEQ(wc_ed448_init(&key), 0); ExpectIntEQ(wc_ed448_init(&key), 0);
ExpectIntEQ(wc_ed448_import_public(pub, pubSz, &key), 0); ExpectIntEQ(wc_ed448_import_public(pub, pubSz, &key), 0);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_ed448_export_private(&key, priv, &privSz), ExpectIntEQ(wc_ed448_export_private(&key, priv, &privSz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
#endif #endif
DoExpectIntEQ(wc_FreeRng(&rng), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0);
+2 -2
View File
@@ -16840,7 +16840,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
* the wrong ciphertext block into aes->reg between calls (e.g. the * the wrong ciphertext block into aes->reg between calls (e.g. the
* first block instead of the last) will fail the second KAT. */ * first block instead of the last) will fail the second KAT. */
{ {
WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = { static const byte msg4[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
@@ -16850,7 +16850,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
}; };
WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = { static const byte verify4[] = {
0x76,0x49,0xab,0xac,0x81,0x19,0xb2,0x46, 0x76,0x49,0xab,0xac,0x81,0x19,0xb2,0x46,
0xce,0xe9,0x8e,0x9b,0x12,0xe9,0x19,0x7d, 0xce,0xe9,0x8e,0x9b,0x12,0xe9,0x19,0x7d,
0x50,0x86,0xcb,0x9b,0x50,0x72,0x19,0xee, 0x50,0x86,0xcb,0x9b,0x50,0x72,0x19,0xee,