mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 21:10:49 +02:00
a3b3ee829b
test_wc_AesModesArgMcdc asserted that wc_AesCtrEncrypt() with corrupted aes.rounds returns KEYUSAGE_E, but used sz = 32 (an exact block multiple). When in != out, the full blocks are consumed by a batch path that does not surface the per-block rounds error - the AES-NI batch, or the HAVE_AES_ECB fast path which ignores wc_AesEcbEncrypt()'s return - leaving no trailing partial block, so the function returns 0 and the assertion fails. This was latent (the whole test binary failed to link before the visibility fix) and reproduces in --disable-aesni --enable-aesecb builds. Use a non-block-multiple size (WC_AES_BLOCK_SIZE + 4) so the "(ret == 0) && sz" leftover-handling call runs and fails on the corrupted rounds via wc_AesEncrypt() in every backend. Reported by Copilot review on PR #10845. Verified: test_wc_AesModesArgMcdc now passes under --disable-aesni --enable-aesecb (previously failed) and under --enable-aesni --enable-aesecb.
Before creating any new configure files (.conf) read the CONF_FILES_README.md