Google Git
Sign in
boringssl/boringssl.git/bc97b7a8e1952bab69fea961301a90e5ad3344e9^!/./pki/verify_name_match_fuzzer.cc
commit
bc97b7a8e1952bab69fea961301a90e5ad3344e9
[log]
author
Bob Beck <bbe@google.com>
Tue Apr 18 08:35:15 2023 -0600
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Jun 22 19:34:39 2023 +0000
tree
f59febcf515db04b416e3161cefe99906d5d63a0
parent
ee194c75a65ca813fc78eb2cb7eca65ce344ec7b [diff] [blame]
Bring in the core of  chromium certificate verifier as libpki

Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/pki/verify_name_match_fuzzer.cc b/pki/verify_name_match_fuzzer.cc
new file mode 100644
index 0000000..d76abc6
--- /dev/null
+++ b/pki/verify_name_match_fuzzer.cc

@@ -0,0 +1,34 @@
+// Copyright 2016 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "verify_name_match.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <vector>
+
+#include "input.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  FuzzedDataProvider fuzzed_data(data, size);
+
+  // Intentionally using uint16_t here to avoid empty |second_part|.
+  size_t first_part_size = fuzzed_data.ConsumeIntegral<uint16_t>();
+  std::vector<uint8_t> first_part =
+      fuzzed_data.ConsumeBytes<uint8_t>(first_part_size);
+  std::vector<uint8_t> second_part =
+      fuzzed_data.ConsumeRemainingBytes<uint8_t>();
+
+  bssl::der::Input in1(first_part.data(), first_part.size());
+  bssl::der::Input in2(second_part.data(), second_part.size());
+  bool match = net::VerifyNameMatch(in1, in2);
+  bool reverse_order_match = net::VerifyNameMatch(in2, in1);
+  // Result should be the same regardless of argument order.
+  CHECK_EQ(match, reverse_order_match);
+  return 0;
+}