Line | Count | Source |
1 | | // Copyright 2020 Google Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | // |
15 | | //////////////////////////////////////////////////////////////////////////////// |
16 | | |
17 | | // This fuzz target fuzzes the same API as |
18 | | // https://github.com/google/boringssl/blob/master/fuzz/cert.cc, but it employs |
19 | | // libprotobuf-mutator for structure-aware fuzzing. |
20 | | |
21 | | #include <openssl/err.h> |
22 | | #include <openssl/mem.h> |
23 | | #include <openssl/x509.h> |
24 | | #include "asn1_pdu.pb.h" |
25 | | #include "asn1_pdu_to_der.h" |
26 | | #include "libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h" |
27 | | |
28 | 6.65k | DEFINE_PROTO_FUZZER(const asn1_pdu::PDU& asn1) { |
29 | 6.65k | asn1_pdu::ASN1PDUToDER converter; |
30 | 6.65k | std::vector<uint8_t> encoded = converter.PDUToDER(asn1); |
31 | 6.65k | const uint8_t* buf = encoded.data(); |
32 | 6.65k | size_t len = encoded.size(); |
33 | | |
34 | 6.65k | X509* x509 = d2i_X509(NULL, &buf, len); |
35 | 6.65k | if (x509 != NULL) { |
36 | | // Extract the public key. |
37 | 406 | EVP_PKEY_free(X509_get_pubkey(x509)); |
38 | | |
39 | | // Reserialize the structure. |
40 | 406 | uint8_t* der = NULL; |
41 | 406 | i2d_X509(x509, &der); |
42 | 406 | OPENSSL_free(der); |
43 | 406 | } |
44 | 6.65k | X509_free(x509); |
45 | 6.65k | ERR_clear_error(); |
46 | 6.65k | } |