1 files changed, 41 insertions, 0 deletions

diff --git a/projects/boringssl/fuzz_pkcs12.cc b/projects/boringssl/fuzz_pkcs12.cc
new file mode 100644
index 000000000..11cded4d2
--- /dev/null
+++ b/projects/boringssl/fuzz_pkcs12.cc
@@ -0,0 +1,41 @@
+// Copyright 2020 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+// This fuzz target fuzzes the same API as
+// https://github.com/google/boringssl/blob/master/fuzz/pkcs12.cc, but it
+// employs libprotobuf-mutator for structure-aware fuzzing.
+
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs8.h>
+#include <openssl/x509.h>
+#include "asn1_pdu.pb.h"
+#include "asn1_pdu_to_der.h"
+#include "libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h"
+
+DEFINE_PROTO_FUZZER(const asn1_pdu::PDU& asn1) {
+  asn1_pdu::ASN1PDUToDER converter;
+  std::vector<uint8_t> encoded = converter.PDUToDER(asn1);
+  const uint8_t* buf = encoded.data();
+  size_t len = encoded.size();
+
+  bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
+  EVP_PKEY* key = nullptr;
+  CBS cbs;
+  CBS_init(&cbs, buf, len);
+  PKCS12_get_key_and_certs(&key, certs.get(), &cbs, "foo");
+  EVP_PKEY_free(key);
+}
\ No newline at end of file