From e14a3aafc9892dd1c8184fbb1772989f19a58154 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 7 Jul 2026 13:27:11 +0200 Subject: [PATCH] tests: skip AesFeatureCoverage GCM/CCM under the self-test module The PRB-CAVP-selftest-v2 leg (--enable-selftest=v2, frozen wolfCrypt 4.1.0 crypto) failed in test_wc_AesFeatureCoverage. Reproduced against that exact build; the failing assertion is: tests/api/test_aes.c:8324 ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, NULL, 0, ccmNonce13, sizeof(ccmNonce13), ccmTag, 16, ccmAad, sizeof(ccmAad)), 0) /* got -173 */ That is the AAD-only (empty-plaintext) CCM case. Current wolfCrypt accepts NULL in/out when inSz==0; the frozen v4.1.0 wc_AesCcmEncrypt rejects in/out==NULL unconditionally and returns BAD_FUNC_ARG. Same class as the RsaDecisionCoverage self-test fix: the frozen module's argument-validation contract predates the modern behaviour this test asserts. This function's value is MC/DC of the open wolfcrypt/src/aes.c feature paths, which is not the aes.c compiled under --enable-selftest, so under self-test it measures nothing and only risks such divergences. The key-wrap block in this same function already excludes HAVE_SELFTEST (and the AES *ArgMcdc tests do too); extend that to the GCM/GMAC and CCM blocks. HAVE_FIPS is intentionally left running -- that (newer) module honours these paths and never flagged this test; the open MC/DC campaign builds are unaffected. Verified: skipped cleanly under --enable-selftest=v2 (test index 278, matching CI); open build still runs and passes it. --- tests/api/test_aes.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index caf0ce1561..879051ced1 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -8393,7 +8393,16 @@ int test_wc_AesGcmDecisionCoverage(void) int test_wc_AesFeatureCoverage(void) { EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AESGCM) +/* This function's value is MC/DC of the *open* wolfcrypt/src/aes.c feature + * paths. Under the frozen self-test module that aes.c is not the code being + * exercised, and some of these modern behaviours are not part of its contract: + * e.g. the AAD-only wc_AesCcmEncrypt(NULL,NULL,0,...) case below returns 0 in + * current wolfCrypt but BAD_FUNC_ARG in the frozen v4.1.0 aes.c (which rejects + * in/out==NULL unconditionally). The key-wrap block already excludes + * HAVE_SELFTEST for the same reason; exclude the GCM/GMAC and CCM blocks too. + * HAVE_FIPS is intentionally left running (that newer module honours these + * paths); the open MC/DC campaign builds are unaffected. */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) /* ---- AES-GCM streaming API: multi-chunk AAD and data ---- */ /* Uses a hardcoded 256-bit key, so requires AES-256. */ #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_AES_256) @@ -8498,9 +8507,9 @@ int test_wc_AesFeatureCoverage(void) sizeof(gmacAad), gmacTag, sizeof(gmacTag)), 0); wc_AesFree(&gmac.aes); } -#endif /* !NO_AES && HAVE_AESGCM */ +#endif /* !NO_AES && HAVE_AESGCM && !HAVE_SELFTEST */ -#if !defined(NO_AES) && defined(HAVE_AESCCM) +#if !defined(NO_AES) && defined(HAVE_AESCCM) && !defined(HAVE_SELFTEST) /* ---- AES-CCM round trips with varied AAD / nonce / tag sizes ---- */ { static const byte ccmKey[16] = { @@ -8567,7 +8576,7 @@ int test_wc_AesFeatureCoverage(void) if (initDone) wc_AesFree(&aes); } -#endif /* !NO_AES && HAVE_AESCCM */ +#endif /* !NO_AES && HAVE_AESCCM && !HAVE_SELFTEST */ /* kwKey below is a 192-bit key, so this block requires AES-192. */ #if !defined(NO_AES) && defined(HAVE_AES_KEYWRAP) && defined(WOLFSSL_AES_192) && \