/src/nss/fuzz/targets/pkcs12.cc

Source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <cassert>
#include <cstddef>
#include <cstdint>

#include "nss_scoped_ptrs.h"
#include "p12.h"
#include "pk11pub.h"
#include "seccomon.h"

#include "asn1/mutators.h"
#include "base/database.h"
#include "base/mutate.h"

static SECItem* nicknameCollision(SECItem* oldNick, PRBool* cancel,
                                  void* wincx) {
  *cancel = true;
  return nullptr;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static NSSDatabase db = NSSDatabase();

  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
  assert(slot);

  // Initialize the decoder.
  SECItem pwItem = {siBuffer, nullptr, 0};
  ScopedSEC_PKCS12DecoderContext dcx(
      SEC_PKCS12DecoderStart(&pwItem, slot.get(), nullptr, nullptr, nullptr,
                             nullptr, nullptr, nullptr));
  assert(dcx);

  SECStatus rv = SEC_PKCS12DecoderUpdate(dcx.get(), (unsigned char*)data, size);
  if (rv != SECSuccess) {
    return 0;
  }

  // Verify the blob.
  rv = SEC_PKCS12DecoderVerify(dcx.get());
  if (rv != SECSuccess) {
    return 0;
  }

  // Validate bags.
  rv = SEC_PKCS12DecoderValidateBags(dcx.get(), nicknameCollision);
  if (rv != SECSuccess) {
    return 0;
  }

  // Import cert and key.
  rv = SEC_PKCS12DecoderImportBags(dcx.get());
  if (rv != SECSuccess) {
    return 0;
  }

  return 0;
}

extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
                                          size_t maxSize, unsigned int seed) {
  return CustomMutate(
      Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
      size, maxSize, seed);
}

Line	Count	Source
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include <cassert>
6		#include <cstddef>
7		#include <cstdint>
8
9		#include "nss_scoped_ptrs.h"
10		#include "p12.h"
11		#include "pk11pub.h"
12		#include "seccomon.h"
13
14		#include "asn1/mutators.h"
15		#include "base/database.h"
16		#include "base/mutate.h"
17
18		static SECItem* nicknameCollision(SECItem* oldNick, PRBool* cancel,
19	0	void* wincx) {
20	0	*cancel = true;
21	0	return nullptr;
22	0	}
23
24	2.52k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
25	2.52k	static NSSDatabase db = NSSDatabase();
26
27	2.52k	ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
28	2.52k	assert(slot);
29
30		// Initialize the decoder.
31	2.52k	SECItem pwItem = {siBuffer, nullptr, 0};
32	2.52k	ScopedSEC_PKCS12DecoderContext dcx(
33	2.52k	SEC_PKCS12DecoderStart(&pwItem, slot.get(), nullptr, nullptr, nullptr,
34	2.52k	nullptr, nullptr, nullptr));
35	2.52k	assert(dcx);
36
37	2.52k	SECStatus rv = SEC_PKCS12DecoderUpdate(dcx.get(), (unsigned char*)data, size);
38	2.52k	if (rv != SECSuccess) {
39	102	return 0;
40	102	}
41
42		// Verify the blob.
43	2.42k	rv = SEC_PKCS12DecoderVerify(dcx.get());
44	2.42k	if (rv != SECSuccess) {
45	2.40k	return 0;
46	2.40k	}
47
48		// Validate bags.
49	25	rv = SEC_PKCS12DecoderValidateBags(dcx.get(), nicknameCollision);
50	25	if (rv != SECSuccess) {
51	23	return 0;
52	23	}
53
54		// Import cert and key.
55	2	rv = SEC_PKCS12DecoderImportBags(dcx.get());
56	2	if (rv != SECSuccess) {
57	0	return 0;
58	0	}
59
60	2	return 0;
61	2	}
62
63		extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
64	0	size_t maxSize, unsigned int seed) {
65	0	return CustomMutate(
66	0	Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
67	0	size, maxSize, seed);
68	0	}

Coverage Report

Created: 2026-02-18 06:59