1 // Copyright 2020 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 // This fuzz target fuzzes the same API as 18 // https://github.com/google/boringssl/blob/master/fuzz/cert.cc, but it employs 19 // libprotobuf-mutator for structure-aware fuzzing. 20 21 #include <openssl/err.h> 22 #include <openssl/mem.h> 23 #include <openssl/x509.h> 24 #include "asn1_pdu.pb.h" 25 #include "asn1_pdu_to_der.h" 26 #include "libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h" 27 DEFINE_PROTO_FUZZER(const asn1_pdu::PDU & asn1)28DEFINE_PROTO_FUZZER(const asn1_pdu::PDU& asn1) { 29 asn1_pdu::ASN1PDUToDER converter; 30 std::vector<uint8_t> encoded = converter.PDUToDER(asn1); 31 const uint8_t* buf = encoded.data(); 32 size_t len = encoded.size(); 33 34 X509* x509 = d2i_X509(NULL, &buf, len); 35 if (x509 != NULL) { 36 // Extract the public key. 37 EVP_PKEY_free(X509_get_pubkey(x509)); 38 39 // Reserialize the structure. 40 uint8_t* der = NULL; 41 i2d_X509(x509, &der); 42 OPENSSL_free(der); 43 } 44 X509_free(x509); 45 ERR_clear_error(); 46 }