From d7af80dc93c98eee57773841a364ea737f9a63dd Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 14 May 2026 12:46:25 -0700 Subject: [PATCH] Update new AES-CMAC bounds test to account for FIPS still using the old code. --- tests/api/test_cmac.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c index b3af844e97..535d8715d1 100644 --- a/tests/api/test_cmac.c +++ b/tests/api/test_cmac.c @@ -245,12 +245,14 @@ int test_wc_AesCmacGenerate(void) ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if !defined(HAVE_FIPS) ExpectIntEQ(wc_AesCmacVerify(mac, 1, msg, msgSz, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCmacVerify(mac, WC_CMAC_TAG_MIN_SZ - 1, msg, msgSz, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCmacVerify(mac, WC_AES_BLOCK_SIZE + 1, msg, msgSz, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif /* Truncated tags within the supported range must verify correctly when * the generator was asked to produce the same length */