Move the fuzzers into the fuzz directory and make them build.

Change-Id: I9346a4bf48d756da254dc27842cd645a3a69f847
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62045
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

182 files changed, 150 insertions, 128 deletions

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index d9b898d..3905f55 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -22,10 +22,20 @@ fuzzer(bn_mod_exp)
 fuzzer(cert)
 fuzzer(client ssl)
 fuzzer(conf)
+fuzzer(crl_getcrlstatusforcert_fuzzer pki)
+fuzzer(crl_parse_crl_certificatelist_fuzzer pki)
+fuzzer(crl_parse_crl_tbscertlist_fuzzer pki)
+fuzzer(crl_parse_issuing_distribution_point_fuzzer pki)
 fuzzer(decode_client_hello_inner ssl)
 fuzzer(der_roundtrip)
 fuzzer(dtls_client ssl)
 fuzzer(dtls_server ssl)
+fuzzer(ocsp_parse_ocsp_cert_id_fuzzer pki)
+fuzzer(ocsp_parse_ocsp_response_data_fuzzer pki)
+fuzzer(ocsp_parse_ocsp_response_fuzzer pki)
+fuzzer(ocsp_parse_ocsp_single_response_fuzzer pki)
+fuzzer(parse_authority_key_identifier_fuzzer pki)
+fuzzer(parse_certificate_fuzzer pki)
 fuzzer(pkcs12)
 fuzzer(pkcs8)
 fuzzer(privkey)
@@ -34,4 +44,6 @@ fuzzer(server ssl)
 fuzzer(session ssl)
 fuzzer(spki)
 fuzzer(ssl_ctx_api ssl)
-fuzzer(parse_certificate_fuzzer pki)
+fuzzer(verify_name_match_fuzzer pki)
+fuzzer(verify_name_match_normalizename_fuzzer pki)
+fuzzer(verify_name_match_verifynameinsubtree_fuzzer pki)
diff --git a/pki/crl_getcrlstatusforcert_fuzzer.cc b/fuzz/crl_getcrlstatusforcert_fuzzer.cc
index 9f0fd14..a9825fe 100644
--- a/pki/crl_getcrlstatusforcert_fuzzer.cc
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer.cc
@@ -6,8 +6,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "crl.h"
-#include "input.h"
+#include "../pki/crl.h"
+#include "../pki/input.h"
 #include <openssl/sha.h>
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
@@ -15,14 +15,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   uint8_t data_hash[SHA256_DIGEST_LENGTH];
   SHA256(data, size, data_hash);
-  const net::CrlVersion crl_version =
-      (data_hash[0] % 2) ? net::CrlVersion::V2 : net::CrlVersion::V1;
+  const bssl::CrlVersion crl_version =
+      (data_hash[0] % 2) ? bssl::CrlVersion::V2 : bssl::CrlVersion::V1;
   const size_t serial_len = data_hash[1] % (sizeof(data_hash) - 2);
   assert(serial_len + 2 < sizeof(data_hash));
   const bssl::der::Input cert_serial(
       reinterpret_cast<const uint8_t*>(data_hash + 2), serial_len);
 
-  net::GetCRLStatusForCert(cert_serial, crl_version,
+  bssl::GetCRLStatusForCert(cert_serial, crl_version,
                            std::make_optional(input_der));
 
   return 0;
diff --git a/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_extensions b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_extensions
new file mode 100644
index 0000000..53e2224
--- /dev/null
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_extensions
diff --git a/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_sequence b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_sequence
new file mode 100644
index 0000000..def7fcb
--- /dev/null
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/bad_empty_sequence
diff --git a/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good
new file mode 100644
index 0000000..cdfccaa
--- /dev/null
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good
diff --git a/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good_no_extensions b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good_no_extensions
new file mode 100644
index 0000000..ccfb121
--- /dev/null
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer_corpus/good_no_extensions
@@ -0,0 +1 @@
+0#0!��8�V�+�R�'��
181025161138Z
\ No newline at end of file
diff --git a/pki/crl_parse_crl_certificatelist_fuzzer.cc b/fuzz/crl_parse_crl_certificatelist_fuzzer.cc
index 2c6c571..508f7da 100644
--- a/pki/crl_parse_crl_certificatelist_fuzzer.cc
+++ b/fuzz/crl_parse_crl_certificatelist_fuzzer.cc
@@ -7,8 +7,8 @@
 
 #include <tuple>
 
-#include "crl.h"
-#include "input.h"
+#include "../pki/crl.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input crl_der(data, size);
@@ -17,7 +17,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input signature_algorithm_tlv;
   bssl::der::BitString signature_value;
 
-  std::ignore = net::ParseCrlCertificateList(
+  std::ignore = bssl::ParseCrlCertificateList(
       crl_der, &tbs_cert_list_tlv, &signature_algorithm_tlv, &signature_value);
 
   return 0;
diff --git a/fuzz/crl_parse_crl_certificatelist_fuzzer_corpus/good_minimal b/fuzz/crl_parse_crl_certificatelist_fuzzer_corpus/good_minimal
new file mode 100644
index 0000000..b159c95
--- /dev/null
+++ b/fuzz/crl_parse_crl_certificatelist_fuzzer_corpus/good_minimal
diff --git a/pki/crl_parse_crl_tbscertlist_fuzzer.cc b/fuzz/crl_parse_crl_tbscertlist_fuzzer.cc
index dae0ea6..845bfbd 100644
--- a/pki/crl_parse_crl_tbscertlist_fuzzer.cc
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer.cc
@@ -7,14 +7,14 @@
 
 #include <tuple>
 
-#include "crl.h"
-#include "input.h"
+#include "../pki/crl.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input input_der(data, size);
 
-  net::ParsedCrlTbsCertList tbs_cert_list;
-  std::ignore = net::ParseCrlTbsCertList(input_der, &tbs_cert_list);
+  bssl::ParsedCrlTbsCertList tbs_cert_list;
+  std::ignore = bssl::ParseCrlTbsCertList(input_der, &tbs_cert_list);
 
   return 0;
 }
diff --git a/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good
new file mode 100644
index 0000000..1963fe2
--- /dev/null
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good
diff --git a/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_noextensions b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_noextensions
new file mode 100644
index 0000000..ee3f216
--- /dev/null
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_noextensions
diff --git a/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nonextupdate b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nonextupdate
new file mode 100644
index 0000000..d64fb9e
--- /dev/null
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nonextupdate
diff --git a/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nooptionals b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nooptionals
new file mode 100644
index 0000000..f3b3110
--- /dev/null
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_nooptionals
diff --git a/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_norevokedcerts b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_norevokedcerts
new file mode 100644
index 0000000..66aab9a
--- /dev/null
+++ b/fuzz/crl_parse_crl_tbscertlist_fuzzer_corpus/good_norevokedcerts
diff --git a/pki/crl_parse_issuing_distribution_point_fuzzer.cc b/fuzz/crl_parse_issuing_distribution_point_fuzzer.cc
index d262c6c..1239f4d 100644
--- a/pki/crl_parse_issuing_distribution_point_fuzzer.cc
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer.cc
@@ -6,22 +6,22 @@
 #include <stdint.h>
 #include <stdlib.h>
 
-#include "crl.h"
-#include "input.h"
+#include "../pki/crl.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input idp_der(data, size);
 
-  std::unique_ptr<net::GeneralNames> distribution_point_names;
-  net::ContainedCertsType only_contains_cert_type;
+  std::unique_ptr<bssl::GeneralNames> distribution_point_names;
+  bssl::ContainedCertsType only_contains_cert_type;
 
-  if (net::ParseIssuingDistributionPoint(idp_der, &distribution_point_names,
+  if (bssl::ParseIssuingDistributionPoint(idp_der, &distribution_point_names,
                                          &only_contains_cert_type)) {
     bool has_distribution_point_names =
         distribution_point_names &&
-        distribution_point_names->present_name_types != net::GENERAL_NAME_NONE;
+        distribution_point_names->present_name_types != bssl::GENERAL_NAME_NONE;
     if (!has_distribution_point_names &&
-        only_contains_cert_type == net::ContainedCertsType::ANY_CERTS) {
+        only_contains_cert_type == bssl::ContainedCertsType::ANY_CERTS) {
       abort();
     }
   }
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/empty_sequence b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/empty_sequence
new file mode 100644
index 0000000..def7fcb
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/empty_sequence
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_fullName_uri b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_fullName_uri
new file mode 100644
index 0000000..2f74234
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_fullName_uri
@@ -0,0 +1 @@
+0 ���http://example.com/foo.crl
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_nameRelativeToCRLIssuer b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_nameRelativeToCRLIssuer
new file mode 100644
index 0000000..a45d024
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_distributionPoint_nameRelativeToCRLIssuer
@@ -0,0 +1 @@
+0��
10	UUS
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_dpname_onlyca_reasons_and_indirectcrl b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_dpname_onlyca_reasons_and_indirectcrl
new file mode 100644
index 0000000..d5954c7
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_dpname_onlyca_reasons_and_indirectcrl
@@ -0,0 +1 @@
+0+���http://example.com/foo.crl�
�����
�
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_indirectCrl b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_indirectCrl
new file mode 100644
index 0000000..fe8256c
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_indirectCrl
@@ -0,0 +1 @@
+0�
�
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsAttributeCerts b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsAttributeCerts
new file mode 100644
index 0000000..4195f6e
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsAttributeCerts
@@ -0,0 +1 @@
+0�
�
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsCaCerts b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsCaCerts
new file mode 100644
index 0000000..e38a636
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsCaCerts
@@ -0,0 +1 @@
+0�
�
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsUserCerts b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsUserCerts
new file mode 100644
index 0000000..91d56bd
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlyContainsUserCerts
@@ -0,0 +1 @@
+0�
�
\ No newline at end of file
diff --git a/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlySomeReasons b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlySomeReasons
new file mode 100644
index 0000000..fdedbe9
--- /dev/null
+++ b/fuzz/crl_parse_issuing_distribution_point_fuzzer_corpus/idp_with_onlySomeReasons
@@ -0,0 +1 @@
+0���
\ No newline at end of file
diff --git a/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer.cc
index 49f7c90..77d0a20 100644
--- a/pki/ocsp_parse_ocsp_cert_id_fuzzer.cc
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer.cc
@@ -5,13 +5,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "ocsp.h"
-#include "input.h"
+#include "../pki/ocsp.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input cert_id_der(data, size);
-  net::OCSPCertID cert_id;
-  net::ParseOCSPCertID(cert_id_der, &cert_id);
+  bssl::OCSPCertID cert_id;
+  bssl::ParseOCSPCertID(cert_id_der, &cert_id);
 
   return 0;
 }
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_issuer_key_hash_type b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_issuer_key_hash_type
new file mode 100644
index 0000000..8b001aa
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_issuer_key_hash_type
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_name_hash_type b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_name_hash_type
new file mode 100644
index 0000000..63084c2
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_name_hash_type
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_params b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_params
new file mode 100644
index 0000000..059120e
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_params
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_serial_number_type b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_serial_number_type
new file mode 100644
index 0000000..29224ff
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/bad_serial_number_type
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash
new file mode 100644
index 0000000..595db6b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash_oid b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash_oid
new file mode 100644
index 0000000..282dbb1
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_hash_oid
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_sequence b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_sequence
new file mode 100644
index 0000000..def7fcb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_sequence
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_serial_number b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_serial_number
new file mode 100644
index 0000000..6296a22
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/empty_serial_number
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/good b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/good
new file mode 100644
index 0000000..788cbf0
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/good
@@ -0,0 +1,2 @@
+0;0
+*��U
�u����������������������������������������

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_as_integer b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_as_integer
new file mode 100644
index 0000000..7b407db
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_as_integer
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_oid_as_integer b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_oid_as_integer
new file mode 100644
index 0000000..f2234fb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/hash_oid_as_integer
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/md4_params b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/md4_params
new file mode 100644
index 0000000..8448edb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/md4_params
@@ -0,0 +1,2 @@
+00
+*�H��

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/negative_serial b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/negative_serial
new file mode 100644
index 0000000..009e7f4
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/negative_serial
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/non_minimal_serial b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/non_minimal_serial
new file mode 100644
index 0000000..32bd979
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/non_minimal_serial
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/not_sequence b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/not_sequence
new file mode 100644
index 0000000..cfcc2fe
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/not_sequence
@@ -0,0 +1 @@
+

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/null_params b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/null_params
new file mode 100644
index 0000000..2bc8fb5
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/null_params
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/overlong_serial b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/overlong_serial
new file mode 100644
index 0000000..ee0e2b6
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/overlong_serial
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_data b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_data
new file mode 100644
index 0000000..8507597
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_inner_data b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_inner_data
new file mode 100644
index 0000000..13f1aec
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/trailing_inner_data
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/unknown_hash_oid b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/unknown_hash_oid
new file mode 100644
index 0000000..c11ffee
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/unknown_hash_oid
@@ -0,0 +1 @@
+0	0+
\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/zero_serial b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/zero_serial
new file mode 100644
index 0000000..cb9c664
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_cert_id_fuzzer_corpus/zero_serial
diff --git a/pki/ocsp_parse_ocsp_response_data_fuzzer.cc b/fuzz/ocsp_parse_ocsp_response_data_fuzzer.cc
index 884a8a7..99839d5 100644
--- a/pki/ocsp_parse_ocsp_response_data_fuzzer.cc
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer.cc
@@ -5,13 +5,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "ocsp.h"
-#include "input.h"
+#include "../pki/ocsp.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input response_data_der(data, size);
-  net::OCSPResponseData response_data;
-  net::ParseOCSPResponseData(response_data_der, &response_data);
+  bssl::OCSPResponseData response_data;
+  bssl::ParseOCSPResponseData(response_data_der, &response_data);
 
   return 0;
 }
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_produced_at_type b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_produced_at_type
new file mode 100644
index 0000000..033c54b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_produced_at_type
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_length b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_length
new file mode 100644
index 0000000..302c64b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_length
@@ -0,0 +1 @@
+0��������������������
\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_trailing_data b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_trailing_data
new file mode 100644
index 0000000..42906d0
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_type b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_type
new file mode 100644
index 0000000..5b667cc
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responder_id_key_hash_type
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_data b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_data
new file mode 100644
index 0000000..6638cbf
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_data
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_type b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_type
new file mode 100644
index 0000000..4b09b3c
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/bad_responses_type
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_extensions b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_extensions
new file mode 100644
index 0000000..c46e843
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_extensions
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responder_id_name b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responder_id_name
new file mode 100644
index 0000000..7cb619d
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responder_id_name
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responses b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responses
new file mode 100644
index 0000000..62840b9
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_responses
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_version b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_version
new file mode 100644
index 0000000..fa20e44
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/empty_version
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/null_responses_data b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/null_responses_data
new file mode 100644
index 0000000..29bbc44
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/null_responses_data
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_junk b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_junk
new file mode 100644
index 0000000..d69f701
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_junk
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_outer_data b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_outer_data
new file mode 100644
index 0000000..3b73587
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/trailing_outer_data
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_explicit_default b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_explicit_default
new file mode 100644
index 0000000..15c89fb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_explicit_default
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_large b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_large
new file mode 100644
index 0000000..4c5e703
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_large
@@ -0,0 +1 @@
+0�


\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_new b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_new
new file mode 100644
index 0000000..6dfd6ad
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_too_new
@@ -0,0 +1 @@
+0�


\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_trailing_data b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_trailing_data
new file mode 100644
index 0000000..75412ad
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/version_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_outer_type b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_outer_type
new file mode 100644
index 0000000..19b3e94
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_outer_type
diff --git a/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_responder_id_type b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_responder_id_type
new file mode 100644
index 0000000..df0dd6d
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_data_fuzzer_corpus/wrong_responder_id_type
diff --git a/pki/ocsp_parse_ocsp_response_fuzzer.cc b/fuzz/ocsp_parse_ocsp_response_fuzzer.cc
index df6c880..148612c 100644
--- a/pki/ocsp_parse_ocsp_response_fuzzer.cc
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer.cc
@@ -5,13 +5,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "ocsp.h"
-#include "input.h"
+#include "../pki/ocsp.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input response_der(data, size);
-  net::OCSPResponse response;
-  net::ParseOCSPResponse(response_der, &response);
+  bssl::OCSPResponse response;
+  bssl::ParseOCSPResponse(response_der, &response);
 
   return 0;
 }
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_bad_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_bad_data
new file mode 100644
index 0000000..418147d
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_bad_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_trailing_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_trailing_data
new file mode 100644
index 0000000..6e5c0fe
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/baisc_response_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs
new file mode 100644
index 0000000..0460e1a
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_inner_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_inner_data
new file mode 100644
index 0000000..eb4dd03
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_inner_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_trailing_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_trailing_data
new file mode 100644
index 0000000..9c322c4
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_type
new file mode 100644
index 0000000..61fd3a2
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_certs_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg
new file mode 100644
index 0000000..2b501de
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_params b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_params
new file mode 100644
index 0000000..cb855ef
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_params
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_non_empty_params b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_non_empty_params
new file mode 100644
index 0000000..8a593e7
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_non_empty_params
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_params b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_params
new file mode 100644
index 0000000..497e993
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_bad_sha1_params
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_data_trailing_params b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_data_trailing_params
new file mode 100644
index 0000000..c6ce25e
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_data_trailing_params
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_empty_oid b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_empty_oid
new file mode 100644
index 0000000..b27581b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_empty_oid
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_oid_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_oid_type
new file mode 100644
index 0000000..2a2db0a
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_oid_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_type
new file mode 100644
index 0000000..cef9501
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_alg_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_type
new file mode 100644
index 0000000..a0d9616
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_bad_sig_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_certs b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_certs
new file mode 100644
index 0000000..6da3aa0
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_certs
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_sig b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_sig
new file mode 100644
index 0000000..97ef6a9
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_empty_sig
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_null_certs b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_null_certs
new file mode 100644
index 0000000..73ff9c0
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_null_certs
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_inner_junk b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_inner_junk
new file mode 100644
index 0000000..169dbea
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_inner_junk
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_junk b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_junk
new file mode 100644
index 0000000..3ce548d
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_junk
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_outer_junk b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_outer_junk
new file mode 100644
index 0000000..52eb0f8
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/basic_response_trailing_outer_junk
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_oid_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_oid_type
new file mode 100644
index 0000000..a821342
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_oid_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_response_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_response_type
new file mode 100644
index 0000000..cd6df83
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_bad_response_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_oid b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_oid
new file mode 100644
index 0000000..63152f7
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_oid
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_response b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_response
new file mode 100644
index 0000000..8c42956
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_empty_response
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_trailing_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_trailing_data
new file mode 100644
index 0000000..ffdf181
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_bytes_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_out_of_range b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_out_of_range
new file mode 100644
index 0000000..e96966e
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_out_of_range
@@ -0,0 +1,2 @@
+0
+

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_too_large b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_too_large
new file mode 100644
index 0000000..a071026
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/response_status_type_too_large
@@ -0,0 +1,2 @@
+0
+


\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_inner_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_inner_data
new file mode 100644
index 0000000..d3fa1b4
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_inner_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_outer_data b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_outer_data
new file mode 100644
index 0000000..3b73587
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/trailing_outer_data
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/try_later b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/try_later
new file mode 100644
index 0000000..39e09cf
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/try_later
@@ -0,0 +1,2 @@
+0
+

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/unused b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/unused
new file mode 100644
index 0000000..3838393
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/unused
@@ -0,0 +1,2 @@
+0
+

\ No newline at end of file
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_basic_response_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_basic_response_type
new file mode 100644
index 0000000..7966443
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_basic_response_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_outer_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_outer_type
new file mode 100644
index 0000000..bbfb76b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_outer_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes
new file mode 100644
index 0000000..0b7768b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes_type
new file mode 100644
index 0000000..5bd1e98
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_bytes_type
diff --git a/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_status_type b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_status_type
new file mode 100644
index 0000000..7b407db
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_response_fuzzer_corpus/wrong_response_status_type
diff --git a/pki/ocsp_parse_ocsp_single_response_fuzzer.cc b/fuzz/ocsp_parse_ocsp_single_response_fuzzer.cc
index 9c07918..3c7861d 100644
--- a/pki/ocsp_parse_ocsp_single_response_fuzzer.cc
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer.cc
@@ -5,13 +5,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "ocsp.h"
-#include "input.h"
+#include "../pki/ocsp.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input single_response_der(data, size);
-  net::OCSPSingleResponse single_response;
-  net::ParseOCSPSingleResponse(single_response_der, &single_response);
+  bssl::OCSPSingleResponse single_response;
+  bssl::ParseOCSPSingleResponse(single_response_der, &single_response);
 
   return 0;
 }
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_context b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_context
new file mode 100644
index 0000000..610d533
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_context
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_type
new file mode 100644
index 0000000..f3ca9af
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_cert_status_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_extensions b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_extensions
new file mode 100644
index 0000000..e654d41
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_extensions
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update
new file mode 100644
index 0000000..b04f3ad
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_trailing_data b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_trailing_data
new file mode 100644
index 0000000..d228524
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_type
new file mode 100644
index 0000000..f0d1489
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_next_update_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_outer_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_outer_type
new file mode 100644
index 0000000..bbfb76b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_outer_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_offset b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_offset
new file mode 100644
index 0000000..85b7ccf
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_offset
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_type
new file mode 100644
index 0000000..e890edb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_value b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_value
new file mode 100644
index 0000000..65e3709
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_date_value
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_integer b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_integer
new file mode 100644
index 0000000..03c66fe
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_integer
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_primitive b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_primitive
new file mode 100644
index 0000000..5a84984
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_primitive
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_out_of_range b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_out_of_range
new file mode 100644
index 0000000..a31531c
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_out_of_range
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_too_large b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_too_large
new file mode 100644
index 0000000..bec5172
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_too_large
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_trailing_data b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_trailing_data
new file mode 100644
index 0000000..778630f
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_type
new file mode 100644
index 0000000..144078b
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_unused b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_unused
new file mode 100644
index 0000000..0bade04
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_reason_value_unused
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_trailing_data b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_trailing_data
new file mode 100644
index 0000000..5e5bcbc
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_revoked_info_trailing_data
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_this_update_type b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_this_update_type
new file mode 100644
index 0000000..0d82e23
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/bad_this_update_type
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_extensions b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_extensions
new file mode 100644
index 0000000..457a329
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_extensions
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_next_update b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_next_update
new file mode 100644
index 0000000..d401d93
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/empty_next_update
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/no_extensions b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/no_extensions
new file mode 100644
index 0000000..d026ebb
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/no_extensions
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_inner_data b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_inner_data
new file mode 100644
index 0000000..5f58d17
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_inner_data
diff --git a/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_outer_data b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_outer_data
new file mode 100644
index 0000000..8507597
--- /dev/null
+++ b/fuzz/ocsp_parse_ocsp_single_response_fuzzer_corpus/trailing_outer_data
diff --git a/pki/parse_authority_key_identifier_fuzzer.cc b/fuzz/parse_authority_key_identifier_fuzzer.cc
index 18d4b62..1e95af6 100644
--- a/pki/parse_authority_key_identifier_fuzzer.cc
+++ b/fuzz/parse_authority_key_identifier_fuzzer.cc
@@ -7,16 +7,16 @@
 
 #include <tuple>
 
-#include "parse_certificate.h"
-#include "input.h"
+#include "../pki/parse_certificate.h"
+#include "../pki/input.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input der(data, size);
 
-  net::ParsedAuthorityKeyIdentifier authority_key_identifier;
+  bssl::ParsedAuthorityKeyIdentifier authority_key_identifier;
 
   std::ignore =
-      net::ParseAuthorityKeyIdentifier(der, &authority_key_identifier);
+      bssl::ParseAuthorityKeyIdentifier(der, &authority_key_identifier);
 
   return 0;
 }
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/empty_sequence b/fuzz/parse_authority_key_identifier_fuzzer_corpus/empty_sequence
new file mode 100644
index 0000000..def7fcb
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/empty_sequence
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/extra_contents_after_issuer_and_serial b/fuzz/parse_authority_key_identifier_fuzzer_corpus/extra_contents_after_issuer_and_serial
new file mode 100644
index 0000000..0861b74
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/extra_contents_after_issuer_and_serial
@@ -0,0 +1 @@
+0��01
0URoot�'O4
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/invalid_contents b/fuzz/parse_authority_key_identifier_fuzzer_corpus/invalid_contents
new file mode 100644
index 0000000..bde072e
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/invalid_contents
@@ -0,0 +1 @@
+04
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_and_serial b/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_and_serial
new file mode 100644
index 0000000..b92ee50
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_and_serial
@@ -0,0 +1 @@
+0��01
0URoot�'O
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_only b/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_only
new file mode 100644
index 0000000..8576644
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/issuer_only
@@ -0,0 +1 @@
+0��01
0URoot
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier b/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier
new file mode 100644
index 0000000..07d6612
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier
@@ -0,0 +1 @@
+0�ޭ�
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier_and_issuer_and_serial b/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier_and_issuer_and_serial
new file mode 100644
index 0000000..23b4b37
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/key_identifier_and_issuer_and_serial
@@ -0,0 +1 @@
+0�ޭ���01
0URoot�'O
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/serial_only b/fuzz/parse_authority_key_identifier_fuzzer_corpus/serial_only
new file mode 100644
index 0000000..b0fbe47
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/serial_only
@@ -0,0 +1 @@
+0�'O
\ No newline at end of file
diff --git a/fuzz/parse_authority_key_identifier_fuzzer_corpus/url_issuer_and_serial b/fuzz/parse_authority_key_identifier_fuzzer_corpus/url_issuer_and_serial
new file mode 100644
index 0000000..e5f1579
--- /dev/null
+++ b/fuzz/parse_authority_key_identifier_fuzzer_corpus/url_issuer_and_serial
@@ -0,0 +1 @@
+0��http://example.com�'O
\ No newline at end of file
diff --git a/pki/verify_name_match_fuzzer.cc b/fuzz/verify_name_match_fuzzer.cc
index 5b2b159..e5e2c21 100644
--- a/pki/verify_name_match_fuzzer.cc
+++ b/fuzz/verify_name_match_fuzzer.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "verify_name_match.h"
+#include "../pki/verify_name_match.h"
 
 #include <stddef.h>
 #include <stdint.h>
@@ -12,7 +12,7 @@
 
 #include <vector>
 
-#include "input.h"
+#include "../pki/input.h"
 
 // Entry point for LibFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
@@ -27,8 +27,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   bssl::der::Input in1(first_part);
   bssl::der::Input in2(second_part);
-  bool match = net::VerifyNameMatch(in1, in2);
-  bool reverse_order_match = net::VerifyNameMatch(in2, in1);
+  bool match = bssl::VerifyNameMatch(in1, in2);
+  bool reverse_order_match = bssl::VerifyNameMatch(in2, in1);
   // Result should be the same regardless of argument order.
   if (match != reverse_order_match) {
     abort();
diff --git a/fuzz/verify_name_match_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130 b/fuzz/verify_name_match_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130
new file mode 100644
index 0000000..c6b3045
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130
diff --git a/fuzz/verify_name_match_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f b/fuzz/verify_name_match_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f
new file mode 100644
index 0000000..432b4f4
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f
diff --git a/fuzz/verify_name_match_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717 b/fuzz/verify_name_match_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717
new file mode 100644
index 0000000..d1517dc
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717
diff --git a/fuzz/verify_name_match_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63 b/fuzz/verify_name_match_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63
new file mode 100644
index 0000000..5f6a5ee
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63
diff --git a/fuzz/verify_name_match_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6 b/fuzz/verify_name_match_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6
new file mode 100644
index 0000000..05dbb52
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6
diff --git a/fuzz/verify_name_match_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c b/fuzz/verify_name_match_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c
new file mode 100644
index 0000000..a8af270
--- /dev/null
+++ b/fuzz/verify_name_match_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c
diff --git a/pki/verify_name_match_normalizename_fuzzer.cc b/fuzz/verify_name_match_normalizename_fuzzer.cc
index 0bf31bb..2577dfa 100644
--- a/pki/verify_name_match_normalizename_fuzzer.cc
+++ b/fuzz/verify_name_match_normalizename_fuzzer.cc
@@ -2,22 +2,22 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "verify_name_match.h"
+#include "../pki/verify_name_match.h"
 
-#include "cert_errors.h"
-#include "input.h"
+#include "../pki/cert_errors.h"
+#include "../pki/input.h"
 
 // Entry point for LibFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   bssl::der::Input in(data, size);
   std::string normalized_der;
   bssl::CertErrors errors;
-  bool success = net::NormalizeName(in, &normalized_der, &errors);
+  bool success = bssl::NormalizeName(in, &normalized_der, &errors);
   if (success) {
     // If the input was successfully normalized, re-normalizing it should
     // produce the same output again.
     std::string renormalized_der;
-    bool renormalize_success = net::NormalizeName(
+    bool renormalize_success = bssl::NormalizeName(
         bssl::der::Input(normalized_der), &renormalized_der, &errors);
     if (!renormalize_success) {
       abort();
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/37924c444319c3e53f946bfecb9619f49feac82c b/fuzz/verify_name_match_normalizename_fuzzer_corpus/37924c444319c3e53f946bfecb9619f49feac82c
new file mode 100644
index 0000000..718b01a
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/37924c444319c3e53f946bfecb9619f49feac82c
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/42ddf23c41b1cd18d91ee88cbf4ce16691c26ccf b/fuzz/verify_name_match_normalizename_fuzzer_corpus/42ddf23c41b1cd18d91ee88cbf4ce16691c26ccf
new file mode 100644
index 0000000..758c544
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/42ddf23c41b1cd18d91ee88cbf4ce16691c26ccf
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/471f1dd828dbff86838a550fd418921eb694739b b/fuzz/verify_name_match_normalizename_fuzzer_corpus/471f1dd828dbff86838a550fd418921eb694739b
new file mode 100644
index 0000000..926c6db
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/471f1dd828dbff86838a550fd418921eb694739b
@@ -0,0 +1 @@
+0
00	UUS
\ No newline at end of file
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/50feeb838ca58e5faaba45e34db5ebe95fc79d90 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/50feeb838ca58e5faaba45e34db5ebe95fc79d90
new file mode 100644
index 0000000..879f126
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/50feeb838ca58e5faaba45e34db5ebe95fc79d90
@@ -0,0 +1 @@
+0	10U
\ No newline at end of file
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/7bbf4751b9c581ae33c572f5313728414c598fdf b/fuzz/verify_name_match_normalizename_fuzzer_corpus/7bbf4751b9c581ae33c572f5313728414c598fdf
new file mode 100644
index 0000000..86f406e
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/7bbf4751b9c581ae33c572f5313728414c598fdf
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/81ea9ea4435b0dffc2df539aa81fe1baa9c1bab3 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/81ea9ea4435b0dffc2df539aa81fe1baa9c1bab3
new file mode 100644
index 0000000..c9bf44b
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/81ea9ea4435b0dffc2df539aa81fe1baa9c1bab3
@@ -0,0 +1 @@
+0
11	UUS
\ No newline at end of file
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/897be1df5da3a82bb30a3c3cfe6e737c791e7a64 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/897be1df5da3a82bb30a3c3cfe6e737c791e7a64
new file mode 100644
index 0000000..ca074fd
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/897be1df5da3a82bb30a3c3cfe6e737c791e7a64
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/8c8d92335b0dd8916648af9298a03be29c47cb3b b/fuzz/verify_name_match_normalizename_fuzzer_corpus/8c8d92335b0dd8916648af9298a03be29c47cb3b
new file mode 100644
index 0000000..28fc0fd
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/8c8d92335b0dd8916648af9298a03be29c47cb3b
@@ -0,0 +1 @@
+1
10	UUS
\ No newline at end of file
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/a716b31050528102348026757fa7f5637da9e8b6 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/a716b31050528102348026757fa7f5637da9e8b6
new file mode 100644
index 0000000..fcacff8
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/a716b31050528102348026757fa7f5637da9e8b6
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/f26c509626316176ed2d9ad0d8df8bd53a66f5a1 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/f26c509626316176ed2d9ad0d8df8bd53a66f5a1
new file mode 100644
index 0000000..2c430e9
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/f26c509626316176ed2d9ad0d8df8bd53a66f5a1
@@ -0,0 +1 @@
+0��10	UUS10U  New   York  1_0]UV  ABCDEFGHIJKLMNOPQRSTUVWXYZ   abcdefghijklmnopqrstuvwxyz   0123456789   '()+,-./:=?  
\ No newline at end of file
diff --git a/fuzz/verify_name_match_normalizename_fuzzer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024 b/fuzz/verify_name_match_normalizename_fuzzer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024
new file mode 100644
index 0000000..def7fcb
--- /dev/null
+++ b/fuzz/verify_name_match_normalizename_fuzzer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024
diff --git a/pki/verify_name_match_verifynameinsubtree_fuzzer.cc b/fuzz/verify_name_match_verifynameinsubtree_fuzzer.cc
index bfc70d3..226d23d 100644
--- a/pki/verify_name_match_verifynameinsubtree_fuzzer.cc
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "verify_name_match.h"
+#include "../pki/verify_name_match.h"
 
 #include <stddef.h>
 #include <stdint.h>
@@ -11,7 +11,7 @@
 
 #include <vector>
 
-#include "input.h"
+#include "../pki/input.h"
 
 // Entry point for LibFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
@@ -26,11 +26,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   bssl::der::Input in1(first_part);
   bssl::der::Input in2(second_part);
-  bool match = net::VerifyNameInSubtree(in1, in2);
-  bool reverse_order_match = net::VerifyNameInSubtree(in2, in1);
+  bool match = bssl::VerifyNameInSubtree(in1, in2);
+  bool reverse_order_match = bssl::VerifyNameInSubtree(in2, in1);
   // If both InSubtree matches are true, then in1 == in2 (modulo normalization).
   if (match && reverse_order_match) {
-    if (!net::VerifyNameMatch(in1, in2)) {
+    if (!bssl::VerifyNameMatch(in1, in2)) {
       abort();
     }
   }
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130 b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130
new file mode 100644
index 0000000..c6b3045
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/1b016c1840c8e898f9ff55e637fafb3cf3ead130
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f
new file mode 100644
index 0000000..432b4f4
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/4294e32c0898747dbab77e9305416adb00507c4f
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717 b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717
new file mode 100644
index 0000000..d1517dc
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/8e747a3d570ba8af6fd8a086363be7c7ff129717
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63 b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63
new file mode 100644
index 0000000..5f6a5ee
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/a530be31dc772f5da83827396e2db7f3530dbd63
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6 b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6
new file mode 100644
index 0000000..05dbb52
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/b010e4b4f94f13421176001e854c198d659cdbc6
diff --git a/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c
new file mode 100644
index 0000000..a8af270
--- /dev/null
+++ b/fuzz/verify_name_match_verifynameinsubtree_fuzzer_corpus/c100b87975cddf2b5ba2dc5c79cf19be094ba49c
diff --git a/pki/IMPORT b/pki/IMPORT
index 0ec1b31..986b1d4 100755
--- a/pki/IMPORT
+++ b/pki/IMPORT
@@ -22,3 +22,9 @@ tar -C $CHROMIUM_SRC/net/data -cf -  cert_issuer_source_static_unittest \
     verify_signed_data_unittest | tar -C ./testdata -xf -
 
 go run ./import_tool.go -spec import_spec.json --source-base $CHROMIUM_SRC -dest-base .
+
+sed -i "s/#include \"/#include \"..\/pki\//g" *fuzzer.cc
+mv *fuzzer.cc ../fuzz
+
+
+
diff --git a/pki/asn1_util.cc b/pki/asn1_util.cc
index 8479470..148c39d 100644
--- a/pki/asn1_util.cc
+++ b/pki/asn1_util.cc
@@ -328,4 +328,4 @@ bool ExtractExtensionFromDERCert(std::string_view cert,
   return true;
 }
 
-}  // namespace net::asn1
+}  // namespace bssl::asn1
diff --git a/pki/asn1_util.h b/pki/asn1_util.h
index 758c787..af0b176 100644
--- a/pki/asn1_util.h
+++ b/pki/asn1_util.h
@@ -70,6 +70,6 @@ OPENSSL_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert,
                                             bool* out_extension_critical,
                                             std::string_view* out_contents);
 
-}  // namespace net::asn1
+}  // namespace bssl::asn1
 
 #endif // BSSL_PKI_ASN1_UTIL_H_
diff --git a/pki/cert_status_flags.h b/pki/cert_status_flags.h
index 69ae818..9f7d979 100644
--- a/pki/cert_status_flags.h
+++ b/pki/cert_status_flags.h
@@ -33,9 +33,9 @@ inline bool IsCertStatusError(CertStatus status) {
 
 // Maps a network error code to the equivalent certificate status flag. If
 // the error code is not a certificate error, it is mapped to 0.
-// Note: It is not safe to go net::CertStatus -> net::Error -> net::CertStatus,
+// Note: It is not safe to go bssl::CertStatus -> bssl::Error -> bssl::CertStatus,
 // as the CertStatus contains more information. Conversely, going from
-// net::Error -> net::CertStatus -> net::Error is not a lossy function, for the
+// bssl::Error -> bssl::CertStatus -> bssl::Error is not a lossy function, for the
 // same reason.
 // To avoid incorrect use, this is only exported for unittest helpers.
 OPENSSL_EXPORT CertStatus MapNetErrorToCertStatus(int error);
diff --git a/pki/common_cert_errors.cc b/pki/common_cert_errors.cc
index 4807ae0..b13bc94 100644
--- a/pki/common_cert_errors.cc
+++ b/pki/common_cert_errors.cc
@@ -82,4 +82,4 @@ DEFINE_CERT_ERROR_ID(kDeadlineExceeded, "Deadline exceeded");
 DEFINE_CERT_ERROR_ID(kIterationLimitExceeded, "Iteration limit exceeded");
 DEFINE_CERT_ERROR_ID(kDepthLimitExceeded, "Depth limit exceeded");
 
-}  // namespace net::cert_errors
+}  // namespace bssl::cert_errors
diff --git a/pki/common_cert_errors.h b/pki/common_cert_errors.h
index c6cb337..5e3f1b9 100644
--- a/pki/common_cert_errors.h
+++ b/pki/common_cert_errors.h
@@ -159,6 +159,6 @@ OPENSSL_EXPORT extern const CertErrorId kIterationLimitExceeded;
 // Depth limit was reached during path building.
 OPENSSL_EXPORT extern const CertErrorId kDepthLimitExceeded;
 
-}  // namespace net::cert_errors
+}  // namespace bssl::cert_errors
 
 #endif  // BSSL_PKI_COMMON_CERT_ERRORS_H_
diff --git a/pki/import_spec.json b/pki/import_spec.json
index f6617cd..8fcfa52 100644
--- a/pki/import_spec.json
+++ b/pki/import_spec.json
@@ -189,18 +189,8 @@
      "replace": ""},
     {"match": "friend class base::RefCountedThreadSafe<.+>;",
      "replace": ""},
-    {"match": "net::string_util::",
-     "replace": "bssl::string_util::"},
-    {"match": "net::x509_util::",
-     "replace": "x509_util::"},
-    {"match": " net::der",
-     "replace": " bssl::der"},
-    {"match": "net::ParsedCertificate",
-     "replace": "ParsedCertificate"},
-    {"match": "net::CertPathBuilderResultPath",
-     "replace": "CertPathBuilderResultPath"},
-    {"match": "net::CertErrors",
-     "replace": "bssl::CertErrors"},
+    {"match": "\\bnet::",
+     "replace": "bssl::"},
     {"match": "base::Time::Exploded",
      "replace": "fillins::Exploded",
      "include": "fillins/time.h"},
diff --git a/pki/nist_pkits_unittest.h b/pki/nist_pkits_unittest.h
index c6b91d6..279fb29 100644
--- a/pki/nist_pkits_unittest.h
+++ b/pki/nist_pkits_unittest.h
@@ -90,12 +90,12 @@ class PkitsTest : public ::testing::Test {
                const PkitsTestInfo& info) {
     std::vector<std::string> cert_ders;
     for (const std::string s : cert_names) {
-      cert_ders.push_back(ReadTestFileToString(
+      cert_ders.push_back(bssl::ReadTestFileToString(
           "testdata/nist-pkits/certs/" + s + ".crt"));
     }
     std::vector<std::string> crl_ders;
     for (const std::string s : crl_names) {
-      crl_ders.push_back(ReadTestFileToString(
+      crl_ders.push_back(bssl::ReadTestFileToString(
           "testdata/nist-pkits/crls/" + s + ".crl"));
     }
 
diff --git a/pki/parse_certificate_fuzzer.cc b/pki/parse_certificate_fuzzer.cc
deleted file mode 100644
index caf0c0e..0000000
--- a/pki/parse_certificate_fuzzer.cc
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2016 The Chromium Authors
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "cert_errors.h"
-#include "parsed_certificate.h"
-#include <openssl/pool.h>
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  bssl::CertErrors errors;
-  std::shared_ptr<const ParsedCertificate> cert =
-      ParsedCertificate::Create(
-          bssl::UniquePtr<CRYPTO_BUFFER>(
-              CRYPTO_BUFFER_new(data, size, nullptr)),
-          {}, &errors);
-
-  // Severe errors must be provided iff the parsing failed.
-  CHECK_EQ(errors.ContainsAnyErrorWithSeverity(net::CertError::SEVERITY_HIGH),
-           cert == nullptr);
-
-  return 0;
-}
diff --git a/pki/parsed_certificate.cc b/pki/parsed_certificate.cc
index 5a5039c..028bdad 100644
--- a/pki/parsed_certificate.cc
+++ b/pki/parsed_certificate.cc
@@ -282,7 +282,7 @@ std::shared_ptr<const ParsedCertificate> ParsedCertificate::Create(
 bool ParsedCertificate::CreateAndAddToVector(
     bssl::UniquePtr<CRYPTO_BUFFER> cert_data,
     const ParseCertificateOptions& options,
-    std::vector<std::shared_ptr<const ParsedCertificate>>* chain,
+    std::vector<std::shared_ptr<const bssl::ParsedCertificate>>* chain,
     CertErrors* errors) {
   std::shared_ptr<const ParsedCertificate> cert(
       Create(std::move(cert_data), options, errors));
diff --git a/pki/parsed_certificate.h b/pki/parsed_certificate.h
index 5fbef82..1f2083f 100644
--- a/pki/parsed_certificate.h
+++ b/pki/parsed_certificate.h
@@ -70,7 +70,7 @@ class OPENSSL_EXPORT ParsedCertificate {
   static bool CreateAndAddToVector(
       bssl::UniquePtr<CRYPTO_BUFFER> cert_data,
       const ParseCertificateOptions& options,
-      std::vector<std::shared_ptr<const ParsedCertificate>>* chain,
+      std::vector<std::shared_ptr<const bssl::ParsedCertificate>>* chain,
       CertErrors* errors);
 
   explicit ParsedCertificate(PrivateConstructor);
diff --git a/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch b/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch
index 1917779..e786b3a 100644
--- a/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch
+++ b/pki/patches/0001-Simplify-the-name-constraint-limit-to-resemble-Borin.patch
@@ -1,4 +1,4 @@
-From 6218984931c841f8e2939a94d58e7315a967fe68 Mon Sep 17 00:00:00 2001
+From 78f16e55f9d5cae7cf4b4bcf45c4af53db231cd9 Mon Sep 17 00:00:00 2001
 From: Bob Beck <bbe@google.com>
 Date: Wed, 17 May 2023 10:37:22 -0600
 Subject: [PATCH 1/2] Simplify the name constraint limit to resemble
@@ -45,7 +45,7 @@ index e9d834e1b51fa..ecf528b6e10a5 100644
    "+base/supports_user_data.h",
  ]
 diff --git a/net/cert/pki/name_constraints.cc b/net/cert/pki/name_constraints.cc
-index f6415dfbfec94..27d8638df87a7 100644
+index b1f4aa44e54e1..06703db78fb5b 100644
 --- a/net/cert/pki/name_constraints.cc
 +++ b/net/cert/pki/name_constraints.cc
 @@ -8,7 +8,6 @@
@@ -139,10 +139,10 @@ index f6415dfbfec94..27d8638df87a7 100644
  
    // Subject Alternative Name handling:
 diff --git a/net/cert/pki/verify_certificate_chain_typed_unittest.h b/net/cert/pki/verify_certificate_chain_typed_unittest.h
-index fffb5c0339df9..d4090be9b604c 100644
+index a1af7849ebcc1..32a5be319d00d 100644
 --- a/net/cert/pki/verify_certificate_chain_typed_unittest.h
 +++ b/net/cert/pki/verify_certificate_chain_typed_unittest.h
-@@ -276,10 +276,9 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Policies) {
+@@ -275,10 +275,9 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Policies) {
  }
  
  TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) {
@@ -155,7 +155,7 @@ index fffb5c0339df9..d4090be9b604c 100644
    this->RunTest("many-names/toomany-all-types.test");
    this->RunTest("many-names/toomany-dns-excluded.test");
    this->RunTest("many-names/toomany-dns-permitted.test");
-@@ -287,6 +286,7 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) {
+@@ -286,6 +285,7 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ManyNames) {
    this->RunTest("many-names/toomany-ips-permitted.test");
    this->RunTest("many-names/toomany-dirnames-excluded.test");
    this->RunTest("many-names/toomany-dirnames-permitted.test");
@@ -164,10 +164,10 @@ index fffb5c0339df9..d4090be9b604c 100644
  
  TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetOnly) {
 diff --git a/net/data/test_bundle_data.filelist b/net/data/test_bundle_data.filelist
-index 3eccfcb4a981a..baa64c0a92171 100644
+index a33bdbe30a0eb..00c635befd873 100644
 --- a/net/data/test_bundle_data.filelist
 +++ b/net/data/test_bundle_data.filelist
-@@ -751,12 +751,6 @@ data/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem
+@@ -753,12 +753,6 @@ data/verify_certificate_chain_unittest/key-rollover/rolloverchain.pem
  data/verify_certificate_chain_unittest/key-rollover/rolloverchain.test
  data/verify_certificate_chain_unittest/many-names/ok-all-types.pem
  data/verify_certificate_chain_unittest/many-names/ok-all-types.test
@@ -41105,5 +41105,5 @@ index efdbd5eaca095..56bc9c89c4c42 100644
          Validity
              Not Before: Oct  5 12:00:00 2021 GMT
 -- 
-2.41.0.162.gfafddb0af9-goog
+2.41.0.694.ge786442a9b-goog
 
diff --git a/pki/patches/0002-disable-path-builder-tests-with-unsupported-dependen.patch b/pki/patches/0002-disable-path-builder-tests-with-unsupported-dependen.patch
index 6565afa..6abbe75 100644
--- a/pki/patches/0002-disable-path-builder-tests-with-unsupported-dependen.patch
+++ b/pki/patches/0002-disable-path-builder-tests-with-unsupported-dependen.patch
@@ -1,4 +1,4 @@
-From 0a1d630dbc33f63009aabb4907a1dbeb4c934415 Mon Sep 17 00:00:00 2001
+From 0c4866b5b94854983697ebc362efba8d05e5cb86 Mon Sep 17 00:00:00 2001
 From: Bob Beck <bbe@google.com>
 Date: Fri, 2 Jun 2023 11:08:50 +0200
 Subject: [PATCH 2/2] disable path builder tests with unsupported dependencies
@@ -8,10 +8,10 @@ Subject: [PATCH 2/2] disable path builder tests with unsupported dependencies
  1 file changed, 12 insertions(+)
 
 diff --git a/net/cert/pki/path_builder_unittest.cc b/net/cert/pki/path_builder_unittest.cc
-index d2cf0626cd474..112d0cafd811b 100644
+index 2ee48ce3f5ecc..3a9ead52f0d54 100644
 --- a/net/cert/pki/path_builder_unittest.cc
 +++ b/net/cert/pki/path_builder_unittest.cc
-@@ -34,6 +34,7 @@ namespace net {
+@@ -32,6 +32,7 @@ namespace net {
  
  namespace {
  
@@ -19,7 +19,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  using ::testing::_;
  using ::testing::ElementsAre;
  using ::testing::Exactly;
-@@ -43,6 +44,7 @@ using ::testing::Return;
+@@ -41,6 +42,7 @@ using ::testing::Return;
  using ::testing::SaveArg;
  using ::testing::SetArgPointee;
  using ::testing::StrictMock;
@@ -27,7 +27,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  
  class TestPathBuilderDelegate : public SimplePathBuilderDelegate {
   public:
-@@ -161,6 +163,7 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource {
+@@ -159,6 +161,7 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource {
  }
  
  const void* kKey = &kKey;
@@ -35,7 +35,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  class TrustStoreThatStoresUserData : public TrustStore {
   public:
    class Data : public base::SupportsUserData::Data {
-@@ -202,6 +205,7 @@ TEST(PathBuilderResultUserDataTest, ModifyUserDataInConstructor) {
+@@ -200,6 +203,7 @@ TEST(PathBuilderResultUserDataTest, ModifyUserDataInConstructor) {
    ASSERT_TRUE(data);
    EXPECT_EQ(1234, data->value);
  }
@@ -43,7 +43,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  
  class PathBuilderMultiRootTest : public ::testing::Test {
   public:
-@@ -1566,6 +1570,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) {
+@@ -1564,6 +1568,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) {
    EXPECT_EQ(newroot_->der_cert(), path.certs[2]->der_cert());
  }
  
@@ -51,7 +51,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  class MockCertIssuerSourceRequest : public CertIssuerSource::Request {
   public:
    MOCK_METHOD2(GetNext, void(ParsedCertificateList*, base::SupportsUserData*));
-@@ -1578,6 +1583,7 @@ class MockCertIssuerSource : public CertIssuerSource {
+@@ -1576,6 +1581,7 @@ class MockCertIssuerSource : public CertIssuerSource {
    MOCK_METHOD2(AsyncGetIssuersOf,
                 void(const ParsedCertificate*, std::unique_ptr<Request>*));
  };
@@ -59,7 +59,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  
  // Helper class to pass the Request to the PathBuilder when it calls
  // AsyncGetIssuersOf. (GoogleMock has a ByMove helper, but it apparently can
-@@ -1613,6 +1619,7 @@ class AppendCertToList {
+@@ -1611,6 +1617,7 @@ class AppendCertToList {
    std::shared_ptr<const ParsedCertificate> cert_;
  };
  
@@ -67,7 +67,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  // Test that a single CertIssuerSource returning multiple async batches of
  // issuers is handled correctly. Due to the StrictMocks, it also tests that path
  // builder does not request issuers of certs that it shouldn't.
-@@ -1782,6 +1789,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) {
+@@ -1780,6 +1787,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) {
    EXPECT_EQ(newintermediate_, path1.certs[1]);
    EXPECT_EQ(newroot_, path1.certs[2]);
  }
@@ -75,7 +75,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  
  class PathBuilderSimpleChainTest : public ::testing::Test {
   public:
-@@ -1936,6 +1944,7 @@ class CertPathBuilderDelegateBase : public SimplePathBuilderDelegate {
+@@ -1934,6 +1942,7 @@ class CertPathBuilderDelegateBase : public SimplePathBuilderDelegate {
    }
  };
  
@@ -83,7 +83,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  class MockPathBuilderDelegate : public CertPathBuilderDelegateBase {
   public:
    MOCK_METHOD2(CheckPathAfterVerification,
-@@ -1951,6 +1960,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, NoOpToValidPath) {
+@@ -1949,6 +1958,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, NoOpToValidPath) {
    CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate);
    EXPECT_TRUE(result.HasValidPath());
  }
@@ -91,7 +91,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  
  DEFINE_CERT_ERROR_ID(kWarningFromDelegate, "Warning from delegate");
  
-@@ -2002,6 +2012,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) {
+@@ -2000,6 +2010,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) {
    EXPECT_TRUE(cert2_errors->ContainsError(kErrorFromDelegate));
  }
  
@@ -99,7 +99,7 @@ index d2cf0626cd474..112d0cafd811b 100644
  TEST_F(PathBuilderCheckPathAfterVerificationTest, NoopToAlreadyInvalidPath) {
    StrictMock<MockPathBuilderDelegate> delegate;
    // Just verify that the hook is called (on an invalid path).
-@@ -2034,6 +2045,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, SetsDelegateData) {
+@@ -2032,6 +2043,7 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, SetsDelegateData) {
  
    EXPECT_EQ(0xB33F, data->value);
  }
@@ -108,5 +108,5 @@ index d2cf0626cd474..112d0cafd811b 100644
  TEST(PathBuilderPrioritizationTest, DatePrioritization) {
    std::string test_dir =
 -- 
-2.41.0.162.gfafddb0af9-goog
+2.41.0.694.ge786442a9b-goog
 
diff --git a/pki/path_builder.cc b/pki/path_builder.cc
index 9f4b7e9..2aa1c21 100644
--- a/pki/path_builder.cc
+++ b/pki/path_builder.cc
@@ -32,7 +32,7 @@ namespace {
 using CertIssuerSources = std::vector<CertIssuerSource*>;
 
 // Returns a hex-encoded sha256 of the DER-encoding of |cert|.
-std::string FingerPrintParsedCertificate(const ParsedCertificate* cert) {
+std::string FingerPrintParsedCertificate(const bssl::ParsedCertificate* cert) {
   uint8_t digest[SHA256_DIGEST_LENGTH];
   SHA256(cert->der_cert().UnsafeData(), cert->der_cert().Length(), digest);
   return bssl::string_util::HexEncode(digest, sizeof(digest));
diff --git a/pki/path_builder_pkits_unittest.cc b/pki/path_builder_pkits_unittest.cc
index 620205c..b797cd4 100644
--- a/pki/path_builder_pkits_unittest.cc
+++ b/pki/path_builder_pkits_unittest.cc
@@ -234,7 +234,7 @@ class PathBuilderPkitsTestDelegate {
 
     if (info.should_validate != result.HasValidPath()) {
       for (size_t i = 0; i < result.paths.size(); ++i) {
-        const CertPathBuilderResultPath* result_path =
+        const bssl::CertPathBuilderResultPath* result_path =
             result.paths[i].get();
         LOG(ERROR) << "path " << i << " errors:\n"
                    << result_path->errors.ToDebugString(result_path->certs);
diff --git a/pki/string_util.cc b/pki/string_util.cc
index 9f1b15d..5e97eb5 100644
--- a/pki/string_util.cc
+++ b/pki/string_util.cc
@@ -114,4 +114,4 @@ std::vector<std::string_view> SplitString(std::string_view str,
   return out;
 }
 
-}  // namespace net::string_util
+}  // namespace bssl::string_util
diff --git a/pki/string_util.h b/pki/string_util.h
index 08bb2b7..635f9ea 100644
--- a/pki/string_util.h
+++ b/pki/string_util.h
@@ -60,6 +60,6 @@ OPENSSL_EXPORT std::vector<std::string_view> SplitString(
     std::string_view str,
     char split_char);
 
-}  // namespace net::string_util
+}  // namespace bssl::string_util
 
 #endif  // BSSL_PKI_STRING_UTIL_H_