From 7e4ed44237f7848740dd18ce2e39fe2d240df5b3 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 22 Sep 2018 00:10:18 +0000
Subject: Introduce a couple of convenience targets to help with auditing the
 acceptable cases.

---
 src/regress/lib/libcrypto/wycheproof/Makefile      | 11 +++++--
 src/regress/lib/libcrypto/wycheproof/wycheproof.go | 35 ++++++++++++++++++++--
 2 files changed, 41 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/regress/lib/libcrypto/wycheproof/Makefile b/src/regress/lib/libcrypto/wycheproof/Makefile
index e7338cb1f0..4359db438c 100644
--- a/src/regress/lib/libcrypto/wycheproof/Makefile
+++ b/src/regress/lib/libcrypto/wycheproof/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.1 2018/07/25 18:04:09 jsing Exp $
+# $OpenBSD: Makefile,v 1.2 2018/09/22 00:10:18 tb Exp $
 
 GO_VERSION != sh -c "(go version) 2>/dev/null || true"
 
@@ -11,8 +11,15 @@ regress:
 CLEANFILES+=wycheproof
 REGRESS_TARGETS=regress-wycheproof
 
-regress-wycheproof:
+audit: wycheproof
+	./wycheproof -v
+
+wycheproof: wycheproof.go
 	go build -o wycheproof ${.CURDIR}/wycheproof.go
+
+regress-wycheproof: wycheproof
 	./wycheproof
 
+.PHONY: audit
+
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 313965d260..adf147651d 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.58 2018/09/21 23:16:16 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.59 2018/09/22 00:10:18 tb Exp $ */
 /*
  * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -46,6 +46,7 @@ import (
 	"crypto/sha512"
 	"encoding/hex"
 	"encoding/json"
+	"flag"
 	"fmt"
 	"hash"
 	"io/ioutil"
@@ -56,6 +57,7 @@ import (
 )
 
 const testVectorPath = "/usr/local/share/wycheproof/testvectors"
+var acceptableAudit = false
 
 type wycheproofTestGroupAesCbcPkcs5 struct {
 	IVSize  int                          `json:"ivSize"`
@@ -369,6 +371,9 @@ func checkAesCbcPkcs5(ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []byte, keyLen i
 	success := false
 	if bytes.Equal(openedMsg, out) || wt.Result == "invalid" {
 		success = true
+		if acceptableAudit && wt.Result == "acceptable" {
+			fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+		}
 	} else {
 		fmt.Printf("FAIL: Test case %d (%q) [%v] %v - msg match: %t; want %v\n", wt.TCID, wt.Comment, wt.Flags, action, bytes.Equal(openedMsg, out), wt.Result)
 	}
@@ -578,6 +583,9 @@ func checkAesAead(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []
 			fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, wt.Flags, action, ret, wt.Result)
 			success = false
 		}
+		if success && acceptableAudit && wt.Result == "acceptable" {
+			fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+		}
 	}
 	return success
 }
@@ -1131,7 +1139,13 @@ func runECDHTest(nid int, doECpoint bool, wt *wycheproofTestECDH) bool {
 	C.free(unsafe.Pointer(Cpub))
 
 	if pubKey == nil {
-		if wt.Result == "invalid" || wt.Result == "acceptable" {
+		if wt.Result == "invalid" {
+			return true
+		}
+		if wt.Result == "acceptable" {
+			if acceptableAudit {
+				fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+			}
 			return true
 		}
 		fmt.Printf("FAIL: Test case %d (%q) - ASN decoding failed: want %v\n", wt.TCID, wt.Comment, wt.Result)
@@ -1229,6 +1243,9 @@ func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA
 		fmt.Printf("FAIL: Test case %d (%q) - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result)
 		success = false
 	}
+	if success && acceptableAudit && wt.Result == "acceptable" {
+		fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+	}
 	return success
 }
 
@@ -1327,9 +1344,12 @@ func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLe
 
 	ret = C.RSA_verify_PKCS1_PSS_mgf1(rsa, (*C.uchar)(unsafe.Pointer(&msg[0])), sha, mgfSha, (*C.uchar)(unsafe.Pointer(&sigOut[0])), C.int(sLen))
 
-	// XX: audit acceptable cases...
+	// XXX: audit acceptable cases...
 	success := false
 	if ret == 1 && (wt.Result == "valid" || wt.Result == "acceptable") {
+		if acceptableAudit && wt.Result == "acceptable" {
+			fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+		}
 		success = true
 	} else if ret == 0 && (wt.Result == "invalid" || wt.Result == "acceptable") {
 		success = true
@@ -1415,6 +1435,9 @@ func runRSATest(rsa *C.RSA, nid int, h hash.Hash, wt *wycheproofTestRSA) bool {
 		fmt.Printf("FAIL: Test case %d (%q) - RSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result)
 		success = false
 	}
+	if success && acceptableAudit && wt.Result == "acceptable" {
+		fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+	}
 	return success
 }
 
@@ -1486,6 +1509,9 @@ func runX25519Test(wt *wycheproofTestX25519) bool {
 		fmt.Printf("FAIL: Test case %d (%q) - X25519(), want %v\n", wt.TCID, wt.Comment, wt.Result)
 		success = false
 	}
+	if success && acceptableAudit && wt.Result == "acceptable" {
+		fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags)
+	}
 	return success
 }
 
@@ -1604,6 +1630,9 @@ func main() {
 		os.Exit(0)
 	}
 
+	flag.BoolVar(&acceptableAudit, "v", false, "audit acceptable cases")
+	flag.Parse()
+
 	tests := []struct {
 		name    string
 		pattern string
-- 
cgit v1.2.3-55-g6feb