From b680985328dbbcc31e753866ce0ee3a65c867cd4 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 7 Jul 2026 09:14:05 +0200 Subject: [PATCH] tests: skip whole AesCcmArgMcdc under FIPS/self-test (fixes v5 segfault) A second apple-M1 FIPS segfault (--enable-fips=v5): test_wc_AesCcmArgMcdc probes the pure-C CCM inSz-overflow decision by calling wc_AesCcmEncrypt/Decrypt with a 1-byte dummy in/out buffer and a claimed length of 65536, relying on the pure-C path returning AES_CCM_OVERFLOW_E *before* touching the buffer. The FIPS module's CCM does not reject early, so it writes 65536 bytes into the 1-byte buffer and segfaults. (The rounds=0 corruption in the same test was already skipped via WC_TEST_AES_ROUNDS_OFFLOADED, but the two overflow blocks were not.) Every decision this test targets lives in pure-C aes.c CCM code that is not compiled in FIPS/self-test builds, so guard the whole function on !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) rather than patching each unsafe block. The other *ArgMcdc tests only corrupt rounds (macro-skipped) and have no oversized-buffer calls, so they need no further change. Verified: --enable-all still builds and test_wc_AesCcmArgMcdc passes; the 65536 overflow calls are present non-FIPS and absent when HAVE_FIPS is defined. --- tests/api/test_aes.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index 667104c909..caf0ce1561 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -9446,7 +9446,14 @@ int test_wc_AesGmacArgMcdc(void) int test_wc_AesCcmArgMcdc(void) { EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) +/* This probes pure-C aes.c CCM internals: the inSz overflow check (via a 1-byte + * buffer with a 65536 length, safe only because the pure-C path rejects before + * writing) and the rounds=0 corruption. Under the FIPS/self-test module those + * guards are absent, so the oversized encrypt writes past the buffer and + * segfaults. The decisions being covered are not compiled in FIPS builds + * anyway, so skip the whole test there. */ +#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) byte key[AES_128_KEY_SIZE] = { 0 }; byte nonce13[13] = { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,