diff --git a/tests/fuzzing/sae/Makefile b/tests/fuzzing/sae/Makefile
new file mode 100644
index 000000000..0a56e0628
--- /dev/null
+++ b/tests/fuzzing/sae/Makefile
@@ -0,0 +1,24 @@
+all: sae
+include ../rules.include
+
+CFLAGS += -DCONFIG_SHA256
+CFLAGS += -DCONFIG_ECC
+
+LIBS += $(SRC)/common/libcommon.a
+LIBS += $(SRC)/utils/libutils.a
+
+OBJS += $(SRC)/crypto/crypto_openssl.o
+LIBS += -lcrypto
+OBJS += $(SRC)/crypto/dh_groups.o
+OBJS += $(SRC)/crypto/sha256-prf.o
+OBJS += $(SRC)/crypto/sha256-kdf.o
+OBJS += $(SRC)/common/dragonfly.o
+
+sae: sae.o $(OBJS) $(LIBS)
+	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS)
+
+clean:
+	$(MAKE) -C $(SRC) clean
+	rm -f sae *~ *.o *.d ../*~ ../*.o ../*.d
+
+-include $(OBJS:%.o=%.d)
diff --git a/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat b/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat
new file mode 100644
index 000000000..cd129a474
Binary files /dev/null and b/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat differ
diff --git a/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat b/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat
new file mode 100644
index 000000000..b2886c70d
Binary files /dev/null and b/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat differ
diff --git a/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat b/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat
new file mode 100644
index 000000000..5ca903ed2
Binary files /dev/null and b/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat differ
diff --git a/tests/fuzzing/sae/corpus/sae-commit-token.dat b/tests/fuzzing/sae/corpus/sae-commit-token.dat
new file mode 100644
index 000000000..b25cc49f8
Binary files /dev/null and b/tests/fuzzing/sae/corpus/sae-commit-token.dat differ
diff --git a/tests/fuzzing/sae/corpus/sae-commit-valid.dat b/tests/fuzzing/sae/corpus/sae-commit-valid.dat
new file mode 100644
index 000000000..eadfa4993
Binary files /dev/null and b/tests/fuzzing/sae/corpus/sae-commit-valid.dat differ
diff --git a/tests/fuzzing/sae/sae.c b/tests/fuzzing/sae/sae.c
new file mode 100644
index 000000000..8819a4abb
--- /dev/null
+++ b/tests/fuzzing/sae/sae.c
@@ -0,0 +1,39 @@
+/*
+ * SAE fuzzer
+ * Copyright (c) 2020, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "common/sae.h"
+#include "../fuzzer-common.h"
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	struct sae_data sae;
+	u16 res;
+	const u8 *token = NULL;
+	size_t token_len = 0;
+	int groups[] = { 19, 0 };
+
+	wpa_fuzzer_set_debug_level();
+
+	if (os_program_init())
+		return 0;
+
+	os_memset(&sae, 0, sizeof(sae));
+	res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 0);
+	wpa_printf(MSG_DEBUG, "sae_parse_commit(0): %u", res);
+	sae_clear_data(&sae);
+	res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 1);
+	wpa_printf(MSG_DEBUG, "sae_parse_commit(1): %u", res);
+	sae_clear_data(&sae);
+	os_program_deinit();
+
+	return 0;
+}