[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Stephan Neuhaus stephan.neuhaus at tik.ee.ethz.ch
Mon Mar 3 03:03:56 EST 2014

On 01.03.2014 15:06, Peter Gutmann wrote:
> Andrew Righter <andrew.righter at gmail.com> writes:
>> Are there unit testing framworks for crypto libs? I suppose they would do as
>> Peter suggested below in depth running along side assertions and check
>> equalities.
> I doubt there are, because to do this kind of testing you need to poke around
> deep inside the internals of the crypto library.  What you're doing is
> generating incorrect or malformed output in a controlled manner, which isn't
> generally something that's supported in standard code.

Essentially, what you're describing is fuzzing.  I agree with your 
assertion that it's dangerous to have it lying around in code, but 
there's no reason why one couldn't annotate the code (using comments, 
for example) and then have a fuzzer prepare a special version.  This 
version could be transient and exist only for testing purposes.

Sounds like an interesting project. Any collaborators?



More information about the cryptography mailing list