Notes from Emilia (review of RT3001): The other point in that ticket leads to something far more important: that test is bust. It's setting the first parameter of RSA_private_decrypt - length of the ciphertext - to |num|, however |num|, at that point, is plen, i.e., the length of the plaintext. So that test does not exercise data corruption the way it's meant to - it fails because the passed-in ciphertext has bad length. (Truncation is a good test, too, but this test is confused.)
Also, if it's meant to test single-byte mutations, it isn't doing exactly that either as it's not resetting the bytes to their original values. So that needs fixing. Whether the test breaks early *on failure* is unimportant imho. If it's too slow then we should cut some cases *always*, for example, not test all 255 byte mutations. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
