key packet fuzzing tests: Use OpenPGPKey/OpenPGPCertificate API

2025-09-09 18:29:39 +02:00 · 2025-07-14 22:09:51 +02:00 · 2025-07-14 22:09:51 +02:00 · 7656bcd101
commit 7656bcd101
parent 9f8ce475eb
2 changed files with 11 additions and 28 deletions
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/PublicKeyPacketFuzzTest.java
@ -6,33 +6,24 @@ package org.pgpainless.sop.fuzzing;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import com.code_intelligence.jazzer.junit.FuzzTest;
 import org.bouncycastle.bcpg.BCPGInputStream;
 import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
-import org.bouncycastle.openpgp.PGPObjectFactory;
+import org.bouncycastle.openpgp.api.OpenPGPKeyReader;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 public class PublicKeyPacketFuzzTest {
-    @FuzzTest(maxDuration = "30m")
+    private final OpenPGPKeyReader reader = new OpenPGPKeyReader();
-    public void parsePublicKeyPacket(FuzzedDataProvider provider)
+
-    {
+    @FuzzTest(maxDuration = "60s")
    public void parsePublicKeyPacket(FuzzedDataProvider provider) {
        byte[] encoding = provider.consumeRemainingAsBytes();
        if (encoding.length == 0) {
            return;
        }
        ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
        BCPGInputStream pIn = new BCPGInputStream(bIn);
        PGPObjectFactory objFac = new BcPGPObjectFactory(pIn);
        try {
-            Object next = objFac.nextObject();
+            reader.parseCertificate(encoding);
            if (next == null) return;
            PGPPublicKeyRing pubKey = (PGPPublicKeyRing) next;
        } catch (IOException e) {
            // ignore
        } catch (UnsupportedPacketVersionException e) {
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SecretKeyPacketFuzzTest.java
@ -6,18 +6,16 @@ package org.pgpainless.sop.fuzzing;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import com.code_intelligence.jazzer.junit.FuzzTest;
 import org.bouncycastle.bcpg.BCPGInputStream;
 import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
-import org.bouncycastle.openpgp.PGPObjectFactory;
+import org.bouncycastle.openpgp.api.OpenPGPKeyReader;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 public class SecretKeyPacketFuzzTest {
-    @FuzzTest(maxDuration = "30m")
+    private final OpenPGPKeyReader reader = new OpenPGPKeyReader();
    @FuzzTest(maxDuration = "6ßs")
    public void parseSecretKeyPacket(FuzzedDataProvider provider)
    {
        byte[] encoding = provider.consumeRemainingAsBytes();
@ -25,14 +23,8 @@ public class SecretKeyPacketFuzzTest {
            return;
        }
        ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
        BCPGInputStream pIn = new BCPGInputStream(bIn);
        PGPObjectFactory objFac = new BcPGPObjectFactory(pIn);
        try {
-            Object next = objFac.nextObject();
+            reader.parseKey(encoding);
            if (next == null) return;
            PGPSecretKeyRing secKey = (PGPSecretKeyRing) next;
        } catch (IOException e) {
            // ignore
        } catch (UnsupportedPacketVersionException e) {