From ba3fd1203b8f3fcb674d81804f74fd471779e9b5 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 6 Jul 2026 17:18:56 +0200 Subject: [PATCH] tests: skip AES rounds-corruption checks under WOLFSSL_ARMASM The aes.rounds-validity check that returns KEYUSAGE_E lives only in the pure-C block encrypt (AesEncryptBlocks_C). On ARMv8 with crypto extensions, --enable-all auto-enables WOLFSSL_ARMASM, whose asm wc_AesEncrypt bypasses that check, so corrupting aes.rounds no longer fails the op (returns 0). This broke the SetKey/CTR/CFB/OFB/CCM/CMAC rounds-corruption assertions on the arm64 CI runners. Extend WC_TEST_AES_ROUNDS_OFFLOADED to also cover WOLFSSL_ARMASM (joining WOLF_CRYPTO_CB_FIND / WOLF_CRYPTO_CB_ONLY_AES). MC/DC of that decision is still obtained from the pure-C configs in the variant union. x86 (incl. AES-NI, which does validate rounds) is unaffected. --- tests/api/test_aes.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index 1f0638b6a0..c56f81fd47 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -48,13 +48,18 @@ #include #include -/* Several tests corrupt aes.rounds (or cmac.aes.rounds) to force the in-process - * software AES to fail with KEYUSAGE_E. That is only observable when the - * software AES actually runs and validates rounds. It does NOT when the op is - * offloaded to a crypto callback: WOLF_CRYPTO_CB_FIND routes even INVALID_DEVID - * to the callback, and WOLF_CRYPTO_CB_ONLY_AES strips the software AES entirely - * (both make the corrupted struct irrelevant, so the op returns success). */ -#if defined(WOLF_CRYPTO_CB_FIND) || defined(WOLF_CRYPTO_CB_ONLY_AES) +/* Several tests corrupt aes.rounds (or cmac.aes.rounds) to force KEYUSAGE_E from + * the AES rounds-validity check. That check lives only in the pure-C block + * encrypt (AesEncryptBlocks_C), so the corruption is only observable when that + * path runs. It is NOT observable when: + * - the op is offloaded to a crypto callback: WOLF_CRYPTO_CB_FIND routes even + * INVALID_DEVID to the callback, and WOLF_CRYPTO_CB_ONLY_AES strips the + * software AES entirely; or + * - an asm/HW backend provides its own wc_AesEncrypt that skips the check + * (e.g. WOLFSSL_ARMASM on ARMv8 with crypto extensions). + * In all these cases the corrupted struct is ignored and the op returns 0. */ +#if defined(WOLF_CRYPTO_CB_FIND) || defined(WOLF_CRYPTO_CB_ONLY_AES) || \ + defined(WOLFSSL_ARMASM) #define WC_TEST_AES_ROUNDS_OFFLOADED #endif