From 4755bb21c53e1db1f24220ad72c8cd3a1ed3ce5b Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 7 Jul 2026 06:49:32 +0200 Subject: [PATCH] tests: skip AES rounds-corruption under FIPS/self-test (fixes CCM segfault) test_wc_AesCcmArgMcdc segfaulted on the FIPS builds (apple-M1 config A, CAVP self-test), exit 139. The AES *ArgMcdc tests reach the post-key-setup "ret != 0" checkpoints by corrupting aes->rounds = 0 and calling wc_AesCcmEncrypt/Decrypt. That relies on the pure-C AesEncryptBlocks_C guard (if r==0 return KEYUSAGE_E) to turn the corruption into a clean error return. Under the FIPS / self-test module the AES implementation has no such guard, so rounds=0 runs AES with a zero-round key schedule and dereferences past the key schedule -> SIGSEGV. The corruption is already gated by WC_TEST_AES_ROUNDS_OFFLOADED (crypto-cb / asm offload). FIPS and self-test are the same situation - the pure-C guard is not in the compiled path - so add HAVE_FIPS / HAVE_SELFTEST to that macro. The three function-level FIPS-guarded tests (SetKey/Modes/Cmac ArgMcdc) were already skipped; test_wc_AesCcmArgMcdc is not, and its non-corruption CCM coverage now still runs under FIPS while only the rounds-corruption blocks are skipped. Verified: --enable-all (non-FIPS) still runs and passes all rounds-corruption tests; the corruption blocks compile out only under FIPS/self-test. --- tests/api/test_aes.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index f1da71aa2b..d2bd499a94 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -59,7 +59,12 @@ * (e.g. WOLFSSL_ARMASM on ARMv8 with crypto extensions). * In all these cases the corrupted struct is ignored and the op returns 0. */ #if defined(WOLF_CRYPTO_CB_FIND) || defined(WOLF_CRYPTO_CB_ONLY_AES) || \ - defined(WOLFSSL_ARMASM) + defined(WOLFSSL_ARMASM) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + /* The aes->rounds=0 corruption trick relies on the pure-C AesEncryptBlocks_C + * guard (if r==0 return KEYUSAGE_E). When AES is offloaded (crypto-cb / asm) + * or provided by the FIPS/self-test module, that guard is absent: rounds=0 + * runs AES with a zero-round key schedule and segfaults instead of erroring. + * Treat those builds as offloaded so the corruption blocks are skipped. */ #define WC_TEST_AES_ROUNDS_OFFLOADED #endif