Fuzz x509v3_cache_extensions.
X509 objects do some deferred parsing. Make sure we cover that code with
fuzzers.
Change-Id: I618e90aaf4d8decbc3af59f36910feb9949a8cd2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55751
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h
index d077632..efc1741 100644
--- a/crypto/x509v3/internal.h
+++ b/crypto/x509v3/internal.h
@@ -104,7 +104,7 @@
// x509v3_cache_extensions fills in a number of fields relating to X.509
// extensions in |x|. It returns one on success and zero if some extensions were
// invalid.
-int x509v3_cache_extensions(X509 *x);
+OPENSSL_EXPORT int x509v3_cache_extensions(X509 *x);
// x509v3_a2i_ipadd decodes |ipasc| as an IPv4 or IPv6 address. IPv6 addresses
// use colon-separated syntax while IPv4 addresses use dotted decimal syntax. If
diff --git a/fuzz/cert.cc b/fuzz/cert.cc
index 79e1456..548109e 100644
--- a/fuzz/cert.cc
+++ b/fuzz/cert.cc
@@ -16,12 +16,17 @@
#include <openssl/mem.h>
#include <openssl/x509.h>
+#include "../crypto/x509v3/internal.h"
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
X509 *x509 = d2i_X509(NULL, &buf, len);
if (x509 != NULL) {
// Extract the public key.
EVP_PKEY_free(X509_get_pubkey(x509));
+ // Fuzz some deferred parsing.
+ x509v3_cache_extensions(x509);
+
// Reserialize the structure.
uint8_t *der = NULL;
i2d_X509(x509, &der);