1 // Copyright 2022 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <openssl/bio.h>
16 #include <openssl/conf.h>
17 #include <openssl/x509.h>
18
19 #include <algorithm>
20
LLVMFuzzerTestOneInput(const uint8_t * buf,size_t len)21 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
22 // The string-based extensions APIs routinely produce output quadratic in
23 // their input. Cap the input size to mitigate this. See also
24 // https://crbug.com/boringssl/611.
25 len = std::min(len, size_t{8 * 1024});
26
27 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(buf, len));
28 bssl::UniquePtr<CONF> conf(NCONF_new(nullptr));
29 if (NCONF_load_bio(conf.get(), bio.get(), nullptr)) {
30 // Run with and without |X509V3_CTX| information.
31 bssl::UniquePtr<X509> cert(X509_new());
32 X509V3_CTX ctx;
33 X509V3_set_ctx(&ctx, /*subject=*/cert.get(), /*issuer=*/cert.get(), nullptr,
34 nullptr, 0);
35 X509V3_EXT_add_nconf(conf.get(), &ctx, "default", cert.get());
36
37 cert.reset(X509_new());
38 X509V3_EXT_add_nconf(conf.get(), nullptr, "default", cert.get());
39 }
40 return 0;
41 }
42