RT 3493: fix RSA test
- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.
(Imported from upstream's 5f623eb61655688501cb1817a7ad0592299d894a.)
Change-Id: I425a77668beac9d391387e3afad8d15ae387468f
Reviewed-on: https://boringssl-review.googlesource.com/5945
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/rsa/rsa_test.cc b/crypto/rsa/rsa_test.cc
index d52b78b..399c0b7 100644
--- a/crypto/rsa/rsa_test.cc
+++ b/crypto/rsa/rsa_test.cc
@@ -554,20 +554,24 @@
// Try decrypting corrupted ciphertexts.
memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len);
for (size_t i = 0; i < oaep_ciphertext_len; i++) {
- uint8_t saved = ciphertext[i];
- for (unsigned b = 0; b < 256; b++) {
- if (b == saved) {
- continue;
- }
- ciphertext[i] = b;
- num = RSA_private_decrypt(num, ciphertext, plaintext, key.get(),
- RSA_PKCS1_OAEP_PADDING);
- if (num > 0) {
- fprintf(stderr, "Corrupt data decrypted!\n");
- return false;
- }
+ ciphertext[i] ^= 1;
+ num = RSA_private_decrypt(oaep_ciphertext_len, ciphertext, plaintext,
+ key.get(), RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ fprintf(stderr, "Corrupt data decrypted!\n");
+ return false;
}
- ciphertext[i] = saved;
+ ciphertext[i] ^= 1;
+ }
+
+ // Test truncated ciphertexts.
+ for (size_t len = 0; len < oaep_ciphertext_len; len++) {
+ num = RSA_private_decrypt(len, ciphertext, plaintext, key.get(),
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ fprintf(stderr, "Corrupt data decrypted!\n");
+ return false;
+ }
}
return true;
