1 files changed, 8 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 6cb853ad6f..649e4e67f1 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.50 2018/09/15 19:12:31 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.51 2018/09/15 22:03:28 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -567,7 +567,13 @@ func checkAesCcmOrGcm(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, ke
                        fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CIPHER_CTX_ctrl() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
                        return false
                }
-                // XXX audit acceptable cases...
+                // There are no acceptable CCM cases. All acceptable GCM test
+                // pass. They have len(IV) <= 48. NIST SP 800-38D, 5.2.1.1, p.8,
+                // allows 1 <= len(IV) 2^64-1, but notes:
+                //   "For IVs it is recommended that implementations restrict
+                //    support to the length of 96 bits, to promote
+                //    interoperability, efficiency and simplicity of design."
                if bytes.Equal(tagOut, tag) != (wt.Result == "valid" || wt.Result == "acceptable") {
                        fmt.Printf("FAIL: Test case %d (%q) [%v] - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
                        success = false

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 6cb853ad6f..649e4e67f1 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.50 2018/09/15 19:12:31 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.51 2018/09/15 22:03:28 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -567,7 +567,13 @@ func checkAesCcmOrGcm(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, ke
567	fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CIPHER_CTX_ctrl() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)	567	fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CIPHER_CTX_ctrl() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
568	return false	568	return false
569	}	569	}
570	// XXX audit acceptable cases...	570
		571	// There are no acceptable CCM cases. All acceptable GCM test
		572	// pass. They have len(IV) <= 48. NIST SP 800-38D, 5.2.1.1, p.8,
		573	// allows 1 <= len(IV) 2^64-1, but notes:
		574	// "For IVs it is recommended that implementations restrict
		575	// support to the length of 96 bits, to promote
		576	// interoperability, efficiency and simplicity of design."
571	if bytes.Equal(tagOut, tag) != (wt.Result == "valid" \|\| wt.Result == "acceptable") {	577	if bytes.Equal(tagOut, tag) != (wt.Result == "valid" \|\| wt.Result == "acceptable") {
572	fmt.Printf("FAIL: Test case %d (%q) [%v] - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)	578	fmt.Printf("FAIL: Test case %d (%q) [%v] - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
573	success = false	579	success = false