diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2fb85db9e1..af06d3be5f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -57790,7 +57790,7 @@ static wc_test_ret_t slhdsa_keygen_kat(enum SlhDsaParam param, DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E)); XMEMSET(key, 0, sizeof(*key)); - ret = wc_SlhDsaKey_Init(key, param, NULL, INVALID_DEVID); + ret = wc_SlhDsaKey_Init(key, param, NULL, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -58073,30 +58073,30 @@ static wc_test_ret_t slhdsa_id_label_test(void) /* NULL key rejected. */ ret = wc_SlhDsaKey_Init_id(NULL, param, id, (int)sizeof(id), HEAP_HINT, - INVALID_DEVID); + devId); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); /* (id == NULL, len > 0) is the silent-contradiction case the original * review flagged; must be rejected. */ - ret = wc_SlhDsaKey_Init_id(&key, param, NULL, 8, HEAP_HINT, INVALID_DEVID); + ret = wc_SlhDsaKey_Init_id(&key, param, NULL, 8, HEAP_HINT, devId); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); /* Length over the cap rejected with BUFFER_E. */ ret = wc_SlhDsaKey_Init_id(&key, param, id, SLHDSA_MAX_ID_LEN + 1, - HEAP_HINT, INVALID_DEVID); + HEAP_HINT, devId); if (ret != WC_NO_ERR_TRACE(BUFFER_E)) return WC_TEST_RET_ENC_EC(ret); /* Negative length rejected. */ - ret = wc_SlhDsaKey_Init_id(&key, param, id, -1, HEAP_HINT, INVALID_DEVID); + ret = wc_SlhDsaKey_Init_id(&key, param, id, -1, HEAP_HINT, devId); if (ret != WC_NO_ERR_TRACE(BUFFER_E)) return WC_TEST_RET_ENC_EC(ret); /* Successful init copies the id and stores its length. */ ret = wc_SlhDsaKey_Init_id(&key, param, id, (int)sizeof(id), HEAP_HINT, - INVALID_DEVID); + devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (key.idLen != (int)sizeof(id)) @@ -58109,7 +58109,7 @@ static wc_test_ret_t slhdsa_id_label_test(void) XMEMSET(&key, 0, sizeof(key)); /* (id != NULL, len == 0) is accepted as a no-op. */ - ret = wc_SlhDsaKey_Init_id(&key, param, id, 0, HEAP_HINT, INVALID_DEVID); + ret = wc_SlhDsaKey_Init_id(&key, param, id, 0, HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (key.idLen != 0) @@ -58127,7 +58127,7 @@ static wc_test_ret_t slhdsa_id_label_test(void) for (i = 0; i < SLHDSA_MAX_ID_LEN; i++) id_max[i] = (unsigned char)(0x40 + i); ret = wc_SlhDsaKey_Init_id(&key, param, id_max, SLHDSA_MAX_ID_LEN, - HEAP_HINT, INVALID_DEVID); + HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (key.idLen != SLHDSA_MAX_ID_LEN) @@ -58143,22 +58143,22 @@ static wc_test_ret_t slhdsa_id_label_test(void) /* Init_label: NULL label / NULL key rejected. */ ret = wc_SlhDsaKey_Init_label(NULL, param, label, HEAP_HINT, - INVALID_DEVID); + devId); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); ret = wc_SlhDsaKey_Init_label(&key, param, NULL, HEAP_HINT, - INVALID_DEVID); + devId); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); /* Empty label is rejected. */ - ret = wc_SlhDsaKey_Init_label(&key, param, "", HEAP_HINT, INVALID_DEVID); + ret = wc_SlhDsaKey_Init_label(&key, param, "", HEAP_HINT, devId); if (ret != WC_NO_ERR_TRACE(BUFFER_E)) return WC_TEST_RET_ENC_EC(ret); /* Successful init copies the label and stores its length. */ ret = wc_SlhDsaKey_Init_label(&key, param, label, HEAP_HINT, - INVALID_DEVID); + devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (key.labelLen != (int)XSTRLEN(label)) @@ -58182,7 +58182,7 @@ static wc_test_ret_t slhdsa_id_label_test(void) label_max[i] = 'L'; label_max[SLHDSA_MAX_LABEL_LEN] = '\0'; ret = wc_SlhDsaKey_Init_label(&key, param, label_max, HEAP_HINT, - INVALID_DEVID); + devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (key.labelLen != SLHDSA_MAX_LABEL_LEN) @@ -59249,7 +59249,7 @@ wc_test_ret_t slhdsa_test(void) #endif #ifndef WOLFSSL_SLHDSA_VERIFY_ONLY - ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID); + ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -74929,11 +74929,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) * * Only enforce when slhdsa_test() actually runs a cb-routed op: * !VERIFY_ONLY runs slhdsa_test_param (uses devId), or - * PARAM_128S enables the in-tree KAT verify (also uses devId). */ + * PARAM_128S enables the in-tree KAT verify (also uses devId). + * + * The FIPS wrappers force the devId to FIPS_INVALID_DEVID, so we skip + * the check for FIPS. + */ int baseline = myCtx.exampleVar; ret = slhdsa_test(); - #if !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \ - defined(WOLFSSL_SLHDSA_PARAM_128S) + #if (!defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \ + defined(WOLFSSL_SLHDSA_PARAM_128S)) && \ + !defined(HAVE_FIPS) if ((ret == 0) && (myCtx.exampleVar == baseline)) ret = WC_TEST_RET_ENC_NC; #endif