From a3b3ee829bb367726645dfb96c97e6426005bc2e Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 6 Jul 2026 11:03:29 +0200 Subject: [PATCH] tests: fix config-dependent AES-CTR rounds-check coverage assertion test_wc_AesModesArgMcdc asserted that wc_AesCtrEncrypt() with corrupted aes.rounds returns KEYUSAGE_E, but used sz = 32 (an exact block multiple). When in != out, the full blocks are consumed by a batch path that does not surface the per-block rounds error - the AES-NI batch, or the HAVE_AES_ECB fast path which ignores wc_AesEcbEncrypt()'s return - leaving no trailing partial block, so the function returns 0 and the assertion fails. This was latent (the whole test binary failed to link before the visibility fix) and reproduces in --disable-aesni --enable-aesecb builds. Use a non-block-multiple size (WC_AES_BLOCK_SIZE + 4) so the "(ret == 0) && sz" leftover-handling call runs and fails on the corrupted rounds via wc_AesEncrypt() in every backend. Reported by Copilot review on PR #10845. Verified: test_wc_AesModesArgMcdc now passes under --disable-aesni --enable-aesecb (previously failed) and under --enable-aesni --enable-aesecb. --- tests/api/test_aes.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index e2679d3926..783c5cd84a 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -8690,13 +8690,16 @@ int test_wc_AesModesArgMcdc(void) * decision true, leftover is processed. */ ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, 5), 0); - /* Corrupted rounds + sz >= block size: on this platform the full - * blocks are consumed by the AES-NI batch path (which does not - * consult wc_AesEncrypt()'s rounds check), so this still lands on - * the "ret == 0 && sz != 0" (true) leftover-handling call, which - * itself then fails via the corrupted rounds. */ + /* Corrupted rounds + a NON-block-multiple size: the full blocks may be + * consumed by a batch path that does not surface wc_AesEncrypt()'s + * rounds check - the AES-NI batch, or the HAVE_AES_ECB fast path taken + * when in != out, which ignores wc_AesEcbEncrypt()'s return. With an + * exact block multiple that path leaves no leftover and can return 0. + * Leaving a partial trailing block (WC_AES_BLOCK_SIZE + 4) forces the + * "(ret == 0) && sz" leftover-handling call, which goes through + * wc_AesEncrypt() and fails on the corrupted rounds in every backend. */ aes.rounds = 0; - ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, 32), + ExpectIntEQ(wc_AesCtrEncrypt(&aes, out, in, WC_AES_BLOCK_SIZE + 4), WC_NO_ERR_TRACE(KEYUSAGE_E)); wc_AesFree(&aes);