[gnutls-devel] [PATCH] Handle zero length plaintext for VIA PadLock functions
nmav at gnutls.org
Tue Dec 30 11:06:12 CET 2014
On Tue, 2014-12-30 at 03:34 +0100, Matthias-Christian Ott wrote:
> Boundary value analysis and testing or design by contract would have
> caught this bug. Perhaps it would be a good idea to systematically test
> GnuTLS (testable functions, proper test suite, systematic test design,
> coverage metrics) to prevent similar bugs in the future. It took me a
> day to track this bug down. If there are more a dozen or more of these
> bugs in GnuTLS, such testing would be worthwhile.
Thanks. There is an extensive test suite in tests/; if there are tests
you believe they should be added, please do add them. Note that the
tests are typically run under valgrind but on common CPUs, I have
access, prior to release. VIA as such has had less testing.
More information about the Gnutls-devel