/src/nss/fuzz/targets/pkcs7.cc

Source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <cstddef>
#include <cstdint>

#include "cert.h"
#include "nss_scoped_ptrs.h"
#include "prtime.h"
#include "prtypes.h"
#include "seccomon.h"
#include "utilrename.h"

#include "asn1/mutators.h"
#include "base/database.h"
#include "base/mutate.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  static NSSDatabase db = NSSDatabase();

  ScopedCERTCertificate cert(
      CERT_DecodeCertFromPackage((char *)data, (int)size));
  if (!cert) {
    return 0;
  }

  SECCertificateUsage usage;
  SECItem der;

  (void)CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), cert.get(), PR_TRUE,
                                  certificateUsageCheckAllUsages, nullptr,
                                  &usage);
  (void)CERT_VerifyCertName(cert.get(), "fuzz.host");
  (void)CERT_GetCertificateDer(cert.get(), &der);

  ScopedSECKEYPublicKey pubk(CERT_ExtractPublicKey(cert.get()));
  ScopedCERTCertList chain(
      CERT_GetCertChainFromCert(cert.get(), PR_Now(), certUsageEmailSigner));

  CERTCertNicknames *patterns = CERT_GetValidDNSPatternsFromCert(cert.get());
  PORT_FreeArena(patterns ? patterns->arena : nullptr, PR_FALSE);

  return 0;
}

extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
                                          size_t maxSize, unsigned int seed) {
  return CustomMutate(
      Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
      size, maxSize, seed);
}

Line	Count	Source
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include <cstddef>
6		#include <cstdint>
7
8		#include "cert.h"
9		#include "nss_scoped_ptrs.h"
10		#include "prtime.h"
11		#include "prtypes.h"
12		#include "seccomon.h"
13		#include "utilrename.h"
14
15		#include "asn1/mutators.h"
16		#include "base/database.h"
17		#include "base/mutate.h"
18
19	7.24k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
20	7.24k	static NSSDatabase db = NSSDatabase();
21
22	7.24k	ScopedCERTCertificate cert(
23	7.24k	CERT_DecodeCertFromPackage((char *)data, (int)size));
24	7.24k	if (!cert) {
25	2.66k	return 0;
26	2.66k	}
27
28	4.58k	SECCertificateUsage usage;
29	4.58k	SECItem der;
30
31	4.58k	(void)CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), cert.get(), PR_TRUE,
32	4.58k	certificateUsageCheckAllUsages, nullptr,
33	4.58k	&usage);
34	4.58k	(void)CERT_VerifyCertName(cert.get(), "fuzz.host");
35	4.58k	(void)CERT_GetCertificateDer(cert.get(), &der);
36
37	4.58k	ScopedSECKEYPublicKey pubk(CERT_ExtractPublicKey(cert.get()));
38	4.58k	ScopedCERTCertList chain(
39	4.58k	CERT_GetCertChainFromCert(cert.get(), PR_Now(), certUsageEmailSigner));
40
41	4.58k	CERTCertNicknames *patterns = CERT_GetValidDNSPatternsFromCert(cert.get());
42	4.58k	PORT_FreeArena(patterns ? patterns->arena : nullptr, PR_FALSE);
43
44	4.58k	return 0;
45	7.24k	}
46
47		extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
48	0	size_t maxSize, unsigned int seed) {
49	0	return CustomMutate(
50	0	Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
51	0	size, maxSize, seed);
52	0	}

Coverage Report

Created: 2025-11-19 06:34