RT 3493: fix RSA test
authorEmilia Kasper <emilia@openssl.org>
Tue, 1 Sep 2015 11:19:15 +0000 (13:19 +0200)
committerEmilia Kasper <emilia@openssl.org>
Tue, 1 Sep 2015 18:05:56 +0000 (20:05 +0200)
- Pass in the right ciphertext length to ensure we're indeed testing
  ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 25d6b3401ca40c9a2cbe5080449c1c2a37037777)

crypto/rsa/rsa_test.c

index e971295..85c7440 100644 (file)
@@ -297,22 +297,30 @@ int main(int argc, char *argv[])
         } else
             printf("OAEP encryption/decryption ok\n");
 
-        /* Try decrypting corrupted ciphertexts */
+        /* Try decrypting corrupted ciphertexts. */
         for (n = 0; n < clen; ++n) {
-            int b;
-            unsigned char saved = ctext[n];
-            for (b = 0; b < 256; ++b) {
-                if (b == saved)
-                    continue;
-                ctext[n] = b;
-                num = RSA_private_decrypt(num, ctext, ptext, key,
+            ctext[n] ^= 1;
+            num = RSA_private_decrypt(clen, ctext, ptext, key,
                                           RSA_PKCS1_OAEP_PADDING);
-                if (num > 0) {
-                    printf("Corrupt data decrypted!\n");
-                    err = 1;
-                }
+            if (num > 0) {
+                printf("Corrupt data decrypted!\n");
+                err = 1;
+                break;
             }
+            ctext[n] ^= 1;
         }
+
+        /* Test truncated ciphertexts, as well as negative length. */
+        for (n = -1; n < clen; ++n) {
+            num = RSA_private_decrypt(n, ctext, ptext, key,
+                                      RSA_PKCS1_OAEP_PADDING);
+            if (num > 0) {
+                printf("Truncated data decrypted!\n");
+                err = 1;
+                break;
+            }
+        }
+
  next:
         RSA_free(key);
     }