From 7230345c386ca08c3bd745cb449fc7fa99ee0081 Mon Sep 17 00:00:00 2001 From: tb <> Date: Thu, 22 Jan 2026 08:59:40 +0000 Subject: ML-KEM: don't treat API failure as test failure for invalid test cases An update to the test vectors adds tests which verifies that the API correctly rejects some inputs. --- src/regress/lib/libcrypto/wycheproof/wycheproof.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 397958ac15..a204503c3e 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.196 2026/01/01 12:47:52 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.197 2026/01/22 08:59:40 tb Exp $ */ /* * Copyright (c) 2018,2023 Joel Sing * Copyright (c) 2018,2019,2022-2025 Theo Buehler @@ -2387,8 +2387,11 @@ func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool { ek, _ := mustDecodeHexString(wt.Ek, "ek") if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), C.size_t(seedLen)) != 1 { - fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt) - return false + if wt.Result != "invalid" { + fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt) + return false; + } + return true } if C.MLKEM_public_from_private(privKey, pubKey) != 1 { @@ -2416,8 +2419,11 @@ func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool { var sharedSecretLen C.size_t defer C.free(unsafe.Pointer(sharedSecret)) if C.MLKEM_decap(privKey, (*C.uchar)(unsafe.Pointer(&c[0])), C.size_t(cLen), (**C.uchar)(unsafe.Pointer(&sharedSecret)), (*C.size_t)(unsafe.Pointer(&sharedSecretLen))) != 1 { - fmt.Printf("%s - MLKEM_decap failed\n", wt) - return false + if wt.Result != "invalid" { + fmt.Printf("%s - MLKEM_decap failed\n", wt) + return false + } + return true } gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen) -- cgit v1.2.3-55-g6feb