From b4c30b5e7e7df9f70d8e90f2e3e8a6948c5080f2 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 9 Nov 2022 17:00:18 +0800
Subject: [PATCH] Ignore all-zero ed25519 keys in fuzzer-verify

---
 fuzz/fuzzer-verify.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/fuzz/fuzzer-verify.c b/fuzz/fuzzer-verify.c
index a0ad086..f2937af 100644
--- a/fuzz/fuzzer-verify.c
+++ b/fuzz/fuzzer-verify.c
@@ -3,6 +3,7 @@
 #include "fuzz-wrapfd.h"
 #include "debug.h"
 #include "dss.h"
+#include "ed25519.h"
 
 static void setup_fuzzer(void) {
 	fuzz_common_setup();
@@ -59,6 +60,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 					/* Could also check g**q mod p == 1 */
 				}
 
+				if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) {
+					dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
+					if (eck && *eck) {
+						int i;
+						/* we've seen all-zero keys validate */
+						boguskey = 1;
+						for (i = 0; i < CURVE25519_LEN; i++) {
+							if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) {
+								boguskey = 0;
+							}
+						}
+
+					}
+				}
+
 				if (!boguskey) {
 					printf("Random key/signature managed to verify!\n");
 					abort();