mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 22:40:49 +02:00
e14a3aafc9
The PRB-CAVP-selftest-v2 leg (--enable-selftest=v2, frozen wolfCrypt 4.1.0
crypto) failed in test_wc_AesFeatureCoverage.
Reproduced against that exact build; the failing assertion is:
tests/api/test_aes.c:8324
ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, NULL, 0, ccmNonce13,
sizeof(ccmNonce13), ccmTag, 16, ccmAad, sizeof(ccmAad)), 0) /* got -173 */
That is the AAD-only (empty-plaintext) CCM case. Current wolfCrypt accepts
NULL in/out when inSz==0; the frozen v4.1.0 wc_AesCcmEncrypt rejects in/out==NULL
unconditionally and returns BAD_FUNC_ARG. Same class as the RsaDecisionCoverage
self-test fix: the frozen module's argument-validation contract predates the
modern behaviour this test asserts.
This function's value is MC/DC of the open wolfcrypt/src/aes.c feature paths,
which is not the aes.c compiled under --enable-selftest, so under self-test it
measures nothing and only risks such divergences. The key-wrap block in this
same function already excludes HAVE_SELFTEST (and the AES *ArgMcdc tests do
too); extend that to the GCM/GMAC and CCM blocks. HAVE_FIPS is intentionally
left running -- that (newer) module honours these paths and never flagged this
test; the open MC/DC campaign builds are unaffected.
Verified: skipped cleanly under --enable-selftest=v2 (test index 278, matching
CI); open build still runs and passes it.
Before creating any new configure files (.conf) read the CONF_FILES_README.md