1 files changed, 21 insertions, 12 deletions

diff --git a/src/extra_tests/fuzzers/jigs/pkcs1.cpp b/src/extra_tests/fuzzers/jigs/pkcs1.cpp
index 889308f0e..8a16d17e5 100644
--- a/src/extra_tests/fuzzers/jigs/pkcs1.cpp
+++ b/src/extra_tests/fuzzers/jigs/pkcs1.cpp
@@ -13,14 +13,14 @@ secure_vector<byte> simple_pkcs1_unpad(const byte in[], size_t len)
    if(len < 10)
       throw Botan::Decoding_Error("bad len");
 
-   if(in[0] != 2)
-      throw Botan::Decoding_Error("bad field");
+   if(in[0] != 0 || in[1] != 2)
+      throw Botan::Decoding_Error("bad header field");
 
-   for(size_t i = 1; i < len; ++i)
+   for(size_t i = 2; i < len; ++i)
       {
       if(in[i] == 0)
          {
-         if(i < 9)
+         if(i < 10) // at least 8 padding bytes required
             throw Botan::Decoding_Error("insufficient padding bytes");
          return secure_vector<byte>(in + i + 1, in + len);
          }
@@ -42,9 +42,9 @@ void fuzz(const uint8_t in[], size_t len)
       secure_vector<byte> decoded = ((EME*)&pkcs1)->unpad(valid_mask, in, len);
 
       if(valid_mask == 0)
-         lib_rejected = false;
-      else if(valid_mask == 0xFF)
          lib_rejected = true;
+      else if(valid_mask == 0xFF)
+         lib_rejected = false;
       else
          abort();
       }
@@ -54,15 +54,24 @@ void fuzz(const uint8_t in[], size_t len)
       {
       ref_result = simple_pkcs1_unpad(in, len);
       }
-   catch(Botan::Decoding_Error&) { ref_rejected = true; }
+   catch(Botan::Decoding_Error& e) { ref_rejected = true; /*printf("%s\n", e.what());*/ }
 
-   FUZZER_ASSERT_EQUAL(lib_rejected, ref_rejected);
+   if(lib_rejected == ref_rejected)
+      {
+      return; // ok, they agree
+      }
 
-   if(lib_result != ref_result)
+   // otherwise: incorrect result, log info and crash
+   if(lib_rejected == true && ref_rejected == false)
+      {
+      std::cerr << "Library rejected input accepted by ref\n";
+      std::cerr << "Ref decoded " << hex_encode(ref_result) << "\n";
+      }
+   else if(ref_rejected == true && lib_rejected == false)
       {
-      std::cerr << hex_encode(lib_result) << " != ref \n"
-                << hex_encode(ref_result) << std::endl;
-      abort();
+      std::cerr << "Library accepted input reject by ref\n";
+      std::cerr << "Lib decoded " << hex_encode(lib_result) << "\n";
       }
 
+   abort();
    }