Run the fuzzing corpora as tests.

# Executables

/apps/openssl

/fuzz/asn1

/fuzz/asn1-test

/fuzz/asn1parse

/fuzz/asn1parse-test

/fuzz/bignum

/fuzz/bignum-test

/fuzz/bndiv

/fuzz/bndiv-test

/fuzz/conf

/fuzz/conf-test

/fuzz/cms

/fuzz/cms-test

/fuzz/ct

/fuzz/ct-test

/fuzz/server

/fuzz/x509

/fuzz/server-test

/test/sha256t

/test/sha512t

/test/gost2814789t

$config{fips}=0;

# Top level directories to build

$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools" ];

$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools", "fuzz" ];

# crypto/ subdirectories to build

$config{sdirs} = [

    "objects",

}

unless ($disabled{"fuzz-libfuzzer"}) {

    push @{$config{dirs}}, "fuzz";

    $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";

}

unless ($disabled{"fuzz-afl"}) {

    push @{$config{dirs}}, "fuzz";

}

unless ($disabled{asan}) {

    $config{cflags} .= "-fsanitize=address ";

}

    }

    my @build_infos = ( [ ".", "build.info" ] );

    push @build_infos, [ "fuzz", "build.info.fuzz" ]

        unless $disabled{"fuzz-afl"} && $disabled{"fuzz-libfuzzer"};

    foreach (@{$config{dirs}}) {

        push @build_infos, [ $_, "build.info" ]

            if (-f catfile($srcdir, $_, "build.info"));

#include <openssl/x509v3.h>

#include "fuzzer.h"

static const ASN1_ITEM *item_type[] = {

    ASN1_ITEM_rptr(ASN1_SEQUENCE),

    ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),

    ASN1_ITEM_rptr(BIGNUM),

    ASN1_ITEM_rptr(ECPARAMETERS),

    ASN1_ITEM_rptr(ECPKPARAMETERS),

    ASN1_ITEM_rptr(GENERAL_NAME),

    ASN1_ITEM_rptr(GENERAL_SUBTREE),

    ASN1_ITEM_rptr(NAME_CONSTRAINTS),

    ASN1_ITEM_rptr(OCSP_BASICRESP),

    ASN1_ITEM_rptr(OCSP_RESPONSE),

    ASN1_ITEM_rptr(PKCS12),

    ASN1_ITEM_rptr(PKCS12_AUTHSAFES),

    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),

    ASN1_ITEM_rptr(PKCS7),

    ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),

    ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),

    ASN1_ITEM_rptr(PKCS7_DIGEST),

    ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),

    ASN1_ITEM_rptr(PKCS7_ENCRYPT),

    ASN1_ITEM_rptr(PKCS7_ENVELOPE),

    ASN1_ITEM_rptr(PKCS7_RECIP_INFO),

    ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),

    ASN1_ITEM_rptr(PKCS7_SIGNED),

    ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),

    ASN1_ITEM_rptr(POLICY_CONSTRAINTS),

    ASN1_ITEM_rptr(POLICY_MAPPINGS),

    ASN1_ITEM_rptr(SXNET),

    //ASN1_ITEM_rptr(TS_RESP),  want to do this, but type is hidden, however d2i exists...

    ASN1_ITEM_rptr(X509),

    ASN1_ITEM_rptr(X509_CRL),

static ASN1_ITEM_EXP *item_type[] = {

    ASN1_ITEM_ref(ASN1_SEQUENCE),

    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),

    ASN1_ITEM_ref(BIGNUM),

    ASN1_ITEM_ref(ECPARAMETERS),

    ASN1_ITEM_ref(ECPKPARAMETERS),

    ASN1_ITEM_ref(GENERAL_NAME),

    ASN1_ITEM_ref(GENERAL_SUBTREE),

    ASN1_ITEM_ref(NAME_CONSTRAINTS),

    ASN1_ITEM_ref(OCSP_BASICRESP),

    ASN1_ITEM_ref(OCSP_RESPONSE),

    ASN1_ITEM_ref(PKCS12),

    ASN1_ITEM_ref(PKCS12_AUTHSAFES),

    ASN1_ITEM_ref(PKCS12_SAFEBAGS),

    ASN1_ITEM_ref(PKCS7),

    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),

    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),

    ASN1_ITEM_ref(PKCS7_DIGEST),

    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),

    ASN1_ITEM_ref(PKCS7_ENCRYPT),

    ASN1_ITEM_ref(PKCS7_ENVELOPE),

    ASN1_ITEM_ref(PKCS7_RECIP_INFO),

    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),

    ASN1_ITEM_ref(PKCS7_SIGNED),

    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),

    ASN1_ITEM_ref(POLICY_CONSTRAINTS),

    ASN1_ITEM_ref(POLICY_MAPPINGS),

    ASN1_ITEM_ref(SXNET),

    /*ASN1_ITEM_ref(TS_RESP),  want to do this, but type is hidden, however d2i exists... */

    ASN1_ITEM_ref(X509),

    ASN1_ITEM_ref(X509_CRL),

    NULL

};

int FuzzerInitialize(int *argc, char ***argv) {

    return 1;

}

int FuzzerTestOneInput(const uint8_t *buf, size_t len) {

    for (int n = 0; item_type[n] != NULL; ++n) {

    int n;

    for (n = 0; item_type[n] != NULL; ++n) {

        const uint8_t *b = buf;

        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);

        ASN1_item_free(o, item_type[n]);

        const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);

        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);

        ASN1_item_free(o, i);

    }

    return 0;

}

#include <openssl/x509v3.h>

#include "fuzzer.h"

int FuzzerInitialize(int *argc, char ***argv) {

    return 1;

}

int FuzzerTestOneInput(const uint8_t *buf, size_t len) {

    static BIO *bio_out;

#include <openssl/bn.h>

#include "fuzzer.h"

int FuzzerInitialize(int *argc, char ***argv) {

    return 1;

}

int FuzzerTestOneInput(const uint8_t *buf, size_t len) {

    int success = 0;

    static BN_CTX *ctx;

    static BN_MONT_CTX *mont;

    static BIGNUM *b1;

    static BIGNUM *b3;

    static BIGNUM *b4;

    static BIGNUM *b5;

    int success = 0;

    size_t l1 = 0, l2 = 0, l3 = 0;

    int s1 = 0, s2 = 0, s3 = 0;

    if (ctx == NULL) {

        b1 = BN_new();

        ctx = BN_CTX_new();

        mont = BN_MONT_CTX_new();

    }

    // Divide the input into three parts, using the values of the first two

    // bytes to choose lengths, which generate b1, b2 and b3. Use three bits

    // of the third byte to choose signs for the three numbers.

    size_t l1 = 0, l2 = 0, l3 = 0;

    int s1 = 0, s2 = 0, s3 = 0;

    /* Divide the input into three parts, using the values of the first two

     * bytes to choose lengths, which generate b1, b2 and b3. Use three bits

     * of the third byte to choose signs for the three numbers.

     */

    if (len > 2) {

        len -= 3;

        l1 = (buf[0] * len) / 255;

    OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3);

    BN_set_negative(b3, s3);

    // mod 0 is undefined

    /* mod 0 is undefined */

    if (BN_is_zero(b3)) {

        success = 1;

        goto done;