From 57907c7a1a372600a7caf4a84db7eba62aa27706 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Sun, 18 Jan 2015 19:53:58 +0000
Subject: [PATCH] make the signature fuzzing test much more rigorous: ensure
 that the fuzzed input cases do not match the original (using new
 fuzz_matches_original() function) and check that the verification fails in
 each case

---
 regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c b/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
index 936a8899cad..0e9cb6f5a78 100644
--- a/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
+++ b/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_fuzz.c,v 1.1 2014/06/24 01:14:18 djm Exp $ */
+/* 	$OpenBSD: test_fuzz.c,v 1.2 2015/01/18 19:53:58 djm Exp $ */
 /*
  * Fuzz tests for key parsing
  *
@@ -81,8 +81,11 @@ sig_fuzz(struct sshkey *k)
 	free(sig);
 	TEST_ONERROR(onerror, fuzz);
 	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
-		sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
-		    c, sizeof(c), 0);
+		/* Ensure 1-bit difference at least */
+		if (fuzz_matches_original(fuzz))
+			continue;
+		ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
+		    c, sizeof(c), 0), 0);
 	}
 	fuzz_cleanup(fuzz);
 }
-- 
2.20.1