tests: skip whole AesCcmArgMcdc under FIPS/self-test (fixes v5 segfault)

A second apple-M1 FIPS segfault (--enable-fips=v5): test_wc_AesCcmArgMcdc probes
the pure-C CCM inSz-overflow decision by calling wc_AesCcmEncrypt/Decrypt with a
1-byte dummy in/out buffer and a claimed length of 65536, relying on the pure-C
path returning AES_CCM_OVERFLOW_E *before* touching the buffer. The FIPS module's
CCM does not reject early, so it writes 65536 bytes into the 1-byte buffer and
segfaults. (The rounds=0 corruption in the same test was already skipped via
WC_TEST_AES_ROUNDS_OFFLOADED, but the two overflow blocks were not.)

Every decision this test targets lives in pure-C aes.c CCM code that is not
compiled in FIPS/self-test builds, so guard the whole function on
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) rather than patching each unsafe
block. The other *ArgMcdc tests only corrupt rounds (macro-skipped) and have no
oversized-buffer calls, so they need no further change.

Verified: --enable-all still builds and test_wc_AesCcmArgMcdc passes; the 65536
overflow calls are present non-FIPS and absent when HAVE_FIPS is defined.
This commit is contained in:
Daniele Lacamera
2026-07-07 09:14:05 +02:00
parent 479659fa96
commit b680985328
+8 -1
View File
@@ -9446,7 +9446,14 @@ int test_wc_AesGmacArgMcdc(void)
int test_wc_AesCcmArgMcdc(void)
{
EXPECT_DECLS;
#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
/* This probes pure-C aes.c CCM internals: the inSz overflow check (via a 1-byte
* buffer with a 65536 length, safe only because the pure-C path rejects before
* writing) and the rounds=0 corruption. Under the FIPS/self-test module those
* guards are absent, so the oversized encrypt writes past the buffer and
* segfaults. The decisions being covered are not compiled in FIPS builds
* anyway, so skip the whole test there. */
#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
byte key[AES_128_KEY_SIZE] = { 0 };
byte nonce13[13] = {
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,