From 7656bcd101491e4d2a9d8dfa899483de52692f25 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 14 Jul 2025 22:09:51 +0200 Subject: [PATCH] key packet fuzzing tests: Use OpenPGPKey/OpenPGPCertificate API --- .../sop/fuzzing/PublicKeyPacketFuzzTest.java | 21 ++++++------------- .../sop/fuzzing/SecretKeyPacketFuzzTest.java | 18 +++++----------- 2 files changed, 11 insertions(+), 28 deletions(-) diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java index a5f6acc3..ab961811 100644 --- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java @@ -6,33 +6,24 @@ package org.pgpainless.sop.fuzzing; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.junit.FuzzTest; -import org.bouncycastle.bcpg.BCPGInputStream; import org.bouncycastle.bcpg.UnsupportedPacketVersionException; -import org.bouncycastle.openpgp.PGPObjectFactory; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.bc.BcPGPObjectFactory; +import org.bouncycastle.openpgp.api.OpenPGPKeyReader; -import java.io.ByteArrayInputStream; import java.io.IOException; public class PublicKeyPacketFuzzTest { - @FuzzTest(maxDuration = "30m") - public void parsePublicKeyPacket(FuzzedDataProvider provider) - { + private final OpenPGPKeyReader reader = new OpenPGPKeyReader(); + + @FuzzTest(maxDuration = "60s") + public void parsePublicKeyPacket(FuzzedDataProvider provider) { byte[] encoding = provider.consumeRemainingAsBytes(); if (encoding.length == 0) { return; } - ByteArrayInputStream bIn = new ByteArrayInputStream(encoding); - BCPGInputStream pIn = new BCPGInputStream(bIn); - PGPObjectFactory objFac = new BcPGPObjectFactory(pIn); try { - Object next = objFac.nextObject(); - if (next == null) return; - - PGPPublicKeyRing pubKey = (PGPPublicKeyRing) next; + reader.parseCertificate(encoding); } catch (IOException e) { // ignore } catch (UnsupportedPacketVersionException e) { diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java index 670050eb..cb3cfd9a 100644 --- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java @@ -6,18 +6,16 @@ package org.pgpainless.sop.fuzzing; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.junit.FuzzTest; -import org.bouncycastle.bcpg.BCPGInputStream; import org.bouncycastle.bcpg.UnsupportedPacketVersionException; -import org.bouncycastle.openpgp.PGPObjectFactory; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.bc.BcPGPObjectFactory; +import org.bouncycastle.openpgp.api.OpenPGPKeyReader; -import java.io.ByteArrayInputStream; import java.io.IOException; public class SecretKeyPacketFuzzTest { - @FuzzTest(maxDuration = "30m") + private final OpenPGPKeyReader reader = new OpenPGPKeyReader(); + + @FuzzTest(maxDuration = "6ßs") public void parseSecretKeyPacket(FuzzedDataProvider provider) { byte[] encoding = provider.consumeRemainingAsBytes(); @@ -25,14 +23,8 @@ public class SecretKeyPacketFuzzTest { return; } - ByteArrayInputStream bIn = new ByteArrayInputStream(encoding); - BCPGInputStream pIn = new BCPGInputStream(bIn); - PGPObjectFactory objFac = new BcPGPObjectFactory(pIn); try { - Object next = objFac.nextObject(); - if (next == null) return; - - PGPSecretKeyRing secKey = (PGPSecretKeyRing) next; + reader.parseKey(encoding); } catch (IOException e) { // ignore } catch (UnsupportedPacketVersionException e) {