tests: fix config-dependent AES-CTR rounds-check coverage assertion

test_wc_AesModesArgMcdc asserted that wc_AesCtrEncrypt() with corrupted
aes.rounds returns KEYUSAGE_E, but used sz = 32 (an exact block multiple).
When in != out, the full blocks are consumed by a batch path that does not
surface the per-block rounds error - the AES-NI batch, or the HAVE_AES_ECB
fast path which ignores wc_AesEcbEncrypt()'s return - leaving no trailing
partial block, so the function returns 0 and the assertion fails. This was
latent (the whole test binary failed to link before the visibility fix) and
reproduces in --disable-aesni --enable-aesecb builds.

Use a non-block-multiple size (WC_AES_BLOCK_SIZE + 4) so the
"(ret == 0) && sz" leftover-handling call runs and fails on the corrupted
rounds via wc_AesEncrypt() in every backend. Reported by Copilot review on
PR #10845.

Verified: test_wc_AesModesArgMcdc now passes under --disable-aesni
--enable-aesecb (previously failed) and under --enable-aesni --enable-aesecb.
This commit is contained in:
Daniele Lacamera
2026-07-06 11:03:29 +02:00
parent e8cad24798
commit a3b3ee829b
+9 -6
View File
@@ -8690,13 +8690,16 @@ int test_wc_AesModesArgMcdc(void)
* decision true, leftover is processed. */
ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, 5), 0);
/* Corrupted rounds + sz >= block size: on this platform the full
* blocks are consumed by the AES-NI batch path (which does not
* consult wc_AesEncrypt()'s rounds check), so this still lands on
* the "ret == 0 && sz != 0" (true) leftover-handling call, which
* itself then fails via the corrupted rounds. */
/* Corrupted rounds + a NON-block-multiple size: the full blocks may be
* consumed by a batch path that does not surface wc_AesEncrypt()'s
* rounds check - the AES-NI batch, or the HAVE_AES_ECB fast path taken
* when in != out, which ignores wc_AesEcbEncrypt()'s return. With an
* exact block multiple that path leaves no leftover and can return 0.
* Leaving a partial trailing block (WC_AES_BLOCK_SIZE + 4) forces the
* "(ret == 0) && sz" leftover-handling call, which goes through
* wc_AesEncrypt() and fails on the corrupted rounds in every backend. */
aes.rounds = 0;
ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, 32),
ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, WC_AES_BLOCK_SIZE + 4),
WC_NO_ERR_TRACE(KEYUSAGE_E));
wc_AesFree(&aes);