mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 09:50:52 +02:00
4755bb21c5
test_wc_AesCcmArgMcdc segfaulted on the FIPS builds (apple-M1 config A, CAVP self-test), exit 139. The AES *ArgMcdc tests reach the post-key-setup "ret != 0" checkpoints by corrupting aes->rounds = 0 and calling wc_AesCcmEncrypt/Decrypt. That relies on the pure-C AesEncryptBlocks_C guard (if r==0 return KEYUSAGE_E) to turn the corruption into a clean error return. Under the FIPS / self-test module the AES implementation has no such guard, so rounds=0 runs AES with a zero-round key schedule and dereferences past the key schedule -> SIGSEGV. The corruption is already gated by WC_TEST_AES_ROUNDS_OFFLOADED (crypto-cb / asm offload). FIPS and self-test are the same situation - the pure-C guard is not in the compiled path - so add HAVE_FIPS / HAVE_SELFTEST to that macro. The three function-level FIPS-guarded tests (SetKey/Modes/Cmac ArgMcdc) were already skipped; test_wc_AesCcmArgMcdc is not, and its non-corruption CCM coverage now still runs under FIPS while only the rounds-corruption blocks are skipped. Verified: --enable-all (non-FIPS) still runs and passes all rounds-corruption tests; the corruption blocks compile out only under FIPS/self-test.
Before creating any new configure files (.conf) read the CONF_FILES_README.md