diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000000..572e03bdf3
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 0000000000..54f7e2156f
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,33 @@
+
+[package]
+name = "ring-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+untrusted = "0.7.1"
+
+[dependencies.ring]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_bit_string_with_no_unused_bits"
+path = "fuzz_targets/fuzz_bit_string_with_no_unused_bits.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "read_tag_and_get_value"
+path = "fuzz_targets/read_tag_and_get_value.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/fuzz_bit_string_with_no_unused_bits.rs b/fuzz/fuzz_targets/fuzz_bit_string_with_no_unused_bits.rs
new file mode 100644
index 0000000000..01efa14af0
--- /dev/null
+++ b/fuzz/fuzz_targets/fuzz_bit_string_with_no_unused_bits.rs
@@ -0,0 +1,7 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    let mut reader = untrusted::Reader::new(untrusted::Input::from(data));
+    let _ = ring::io::der::bit_string_with_no_unused_bits(&mut reader);
+});
diff --git a/fuzz/fuzz_targets/read_tag_and_get_value.rs b/fuzz/fuzz_targets/read_tag_and_get_value.rs
new file mode 100644
index 0000000000..9dc65a876f
--- /dev/null
+++ b/fuzz/fuzz_targets/read_tag_and_get_value.rs
@@ -0,0 +1,7 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    let mut reader = untrusted::Reader::new(untrusted::Input::from(data));
+    let _ = ring::io::der::read_tag_and_get_value(&mut reader);
+});
diff --git a/src/io/der.rs b/src/io/der.rs
index 1a00d85999..51d2eef082 100644
--- a/src/io/der.rs
+++ b/src/io/der.rs
@@ -308,4 +308,46 @@ mod tests {
             });
         }
     }
+
+    fn bytes_reader(bytes: &[u8]) -> untrusted::Reader {
+        return untrusted::Reader::new(untrusted::Input::from(bytes));
+    }
+
+    #[test]
+    fn test_bit_string_with_no_unused_bits() {
+        // Unexpected type
+        assert_eq!(
+            Err(error::Unspecified),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x01, 0x01, 0xff]))
+        );
+
+        // Unexpected nonexistent type
+        assert_eq!(
+            Err(error::Unspecified),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x42, 0xff, 0xff]))
+        );
+
+        // Unexpected empty input
+        assert_eq!(
+            Err(error::Unspecified),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[]))
+        );
+
+        // Valid input with non-zero unused bits
+        assert_eq!(
+            Err(error::Unspecified),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x03, 0x03, 0x04, 0x12, 0x34]))
+        );
+
+        // Valid input
+        assert_eq!(
+            untrusted::Input::from(&[0x12, 0x34]),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x03, 0x03, 0x00, 0x12, 0x34]))
+                .unwrap()
+        );
+    }
+
+    #[test]
+    fn fuzz_bit_string_with_no_unused_bits() {
+    }
 }