mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 21:10:49 +02:00
tests: skip RsaDecisionCoverage under the self-test module
The PRB-CAVP-selftest-v2 leg (./configure --enable-selftest=v2, which overlays
frozen wolfCrypt 4.1.0 crypto) failed in test_wc_RsaDecisionCoverage.
Reproduced against that exact build; the failing assertion is:
tests/api/test_rsa.c:1474
ExpectIntEQ(wc_RsaSetRNG(&key, NULL), BAD_FUNC_ARG) /* got 0 */
So the assertion is correct for current wolfCrypt but not part of the frozen
self-test module's contract. This test's whole purpose is MC/DC of the *open*
wolfcrypt/src/rsa.c decision branches, which is not even the rsa.c compiled
under --enable-selftest, so under self-test it measures nothing and only risks
divergent error codes like this one. The sibling key-gen/decision tests in this
file (test_wc_CheckProbablePrime, the RsaKeyGeneration group) exclude
HAVE_SELFTEST for the same reason; do so here too.
Guard the whole function rather than the single assertion: none of it counts
toward the (open-build) MC/DC campaign under self-test, and a whole-function
guard is robust against any other frozen-vs-current divergence in the same
body. HAVE_FIPS is intentionally left running -- that (newer) module honours
these decisions (and excludes the WC_RSA_BLINDING wc_RsaSetRNG block anyway),
and the open MC/DC campaign builds are unaffected.
Verified: with the guard, the test is cleanly skipped under --enable-selftest=v2
(test index 365, matching CI); the open build still runs and passes it.
This commit is contained in:
+11
-1
@@ -1418,8 +1418,18 @@ int test_wc_RsaKeyToDer_SizeOverflow(void)
|
||||
int test_wc_RsaDecisionCoverage(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
/* This function asserts wolfcrypt/src/rsa.c *internal* decision outcomes
|
||||
* (short-buffer RSA_BUFFER_E, invalid pad-type, OAEP-vs-PKCSv15 padding
|
||||
* mismatch) whose whole value is MC/DC of the open wolfCrypt rsa.c. Under the
|
||||
* frozen self-test module that rsa.c is not the code being exercised, so these
|
||||
* error-code decisions are not part of its contract and can legitimately
|
||||
* differ. The sibling key-gen/decision tests in this file (e.g.
|
||||
* test_wc_CheckProbablePrime, the RsaKeyGeneration group) exclude HAVE_SELFTEST
|
||||
* for the same reason; do so here too. HAVE_FIPS is intentionally left running:
|
||||
* that (newer) module honours these decisions and the campaign gains coverage
|
||||
* from it. */
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_SELFTEST)
|
||||
RsaKey key;
|
||||
WC_RNG rng;
|
||||
const char inStr[] = TEST_STRING;
|
||||
|
||||
Reference in New Issue
Block a user