aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/news.rst10
-rw-r--r--src/lib/asn1/ber_dec.cpp12
-rw-r--r--src/lib/filters/codec_filt/b64_filt.cpp5
-rw-r--r--src/lib/filters/data_src.cpp28
-rw-r--r--src/lib/filters/data_src.h4
-rw-r--r--src/lib/filters/pipe.h5
-rw-r--r--src/lib/filters/pipe_rw.cpp10
-rw-r--r--src/lib/filters/secqueue.h2
-rw-r--r--src/tests/data/fuzz/x509/afl_000.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_001.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_002.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_003.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_004.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_005.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_006.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_007.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_008.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_009.pem14
-rw-r--r--src/tests/data/fuzz/x509/afl_010.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_011.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_012.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_013.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_014.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_015.pem5
-rw-r--r--src/tests/data/fuzz/x509/afl_016.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_017.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_018.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_019.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_020.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_021.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_022.pem12
-rw-r--r--src/tests/data/fuzz/x509/afl_023.pem13
-rw-r--r--src/tests/data/fuzz/x509/afl_024.pem3
-rw-r--r--src/tests/data/fuzz/x509/afl_025.pem3
-rw-r--r--src/tests/data/fuzz/x509/afl_026.pembin0 -> 35 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_027.pembin0 -> 10 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_028.pembin0 -> 22 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_029.pembin0 -> 60 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_030.pem1
-rw-r--r--src/tests/data/fuzz/x509/afl_031.pem1
-rw-r--r--src/tests/data/fuzz/x509/afl_032.pembin0 -> 134 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_033.pembin0 -> 134 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_034.pem4
-rw-r--r--src/tests/data/fuzz/x509/afl_035.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_036.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_037.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_038.pembin0 -> 634 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_039.pembin0 -> 631 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_040.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_041.pembin0 -> 637 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_042.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_043.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_044.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_045.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_046.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_047.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_048.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_049.pembin0 -> 639 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_050.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_051.pembin0 -> 624 bytes
-rw-r--r--src/tests/data/fuzz/x509/afl_052.pembin0 -> 624 bytes
-rw-r--r--src/tests/test_fuzz.cpp59
-rw-r--r--src/tests/tests.cpp1
-rw-r--r--src/tests/tests.h2
64 files changed, 448 insertions, 6 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 970af882e..312bfdca6 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -4,6 +4,16 @@ Release Notes
Version 1.11.19, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* SECURIY: The BER decoder would crash due to reading from offset 0 of
+ an empty vector if it encountered a BIT STRING which did not contain
+ any data at all. As the type requires a 1 byte field this is not
+ valid BER but could occur in malformed data. Found with afl.
+
+* SECURITY: The BER decoder would allocate a fairly arbitrary amount
+ of memory in a length field, even if there was no chance the read
+ request would succeed. This might cause the process to run out of
+ memory or invoke the OOM killer. Found with afl.
+
* The TLS heartbeat extension is deprecated and unless strong arguments
are raised in its favor it will be removed in a future release.
Comment at https://github.com/randombit/botan/issues/187
diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp
index 06543d9e7..4267d79dc 100644
--- a/src/lib/asn1/ber_dec.cpp
+++ b/src/lib/asn1/ber_dec.cpp
@@ -1,6 +1,7 @@
+
/*
* BER Decoder
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2008,2015 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -218,7 +219,10 @@ BER_Object BER_Decoder::get_next_object()
if(next.type_tag == NO_OBJECT)
return next;
- size_t length = decode_length(source);
+ const size_t length = decode_length(source);
+ if(!source->check_available(length))
+ throw BER_Decoding_Error("Value truncated");
+
next.value.resize(length);
if(source->read(next.value.data(), length) != length)
throw BER_Decoding_Error("Value truncated");
@@ -526,6 +530,8 @@ BER_Decoder& BER_Decoder::decode(secure_vector<byte>& buffer,
buffer = obj.value;
else
{
+ if(obj.value.empty())
+ throw BER_Decoding_Error("Invalid BIT STRING");
if(obj.value[0] >= 8)
throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
@@ -549,6 +555,8 @@ BER_Decoder& BER_Decoder::decode(std::vector<byte>& buffer,
buffer = unlock(obj.value);
else
{
+ if(obj.value.empty())
+ throw BER_Decoding_Error("Invalid BIT STRING");
if(obj.value[0] >= 8)
throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
diff --git a/src/lib/filters/codec_filt/b64_filt.cpp b/src/lib/filters/codec_filt/b64_filt.cpp
index d9e4a5f8a..df3cad6a4 100644
--- a/src/lib/filters/codec_filt/b64_filt.cpp
+++ b/src/lib/filters/codec_filt/b64_filt.cpp
@@ -126,6 +126,11 @@ void Base64_Decoder::write(const byte input[], size_t length)
while(length)
{
size_t to_copy = std::min<size_t>(length, in.size() - position);
+ if(to_copy == 0)
+ {
+ in.resize(in.size()*2);
+ out.resize(out.size()*2);
+ }
copy_mem(&in[position], input, to_copy);
position += to_copy;
diff --git a/src/lib/filters/data_src.cpp b/src/lib/filters/data_src.cpp
index 7551b0037..4e0725943 100644
--- a/src/lib/filters/data_src.cpp
+++ b/src/lib/filters/data_src.cpp
@@ -34,10 +34,18 @@ size_t DataSource::peek_byte(byte& out) const
*/
size_t DataSource::discard_next(size_t n)
{
+ byte buf[64] = { 0 };
size_t discarded = 0;
- byte dummy;
- for(size_t j = 0; j != n; ++j)
- discarded += read_byte(dummy);
+
+ while(n)
+ {
+ const size_t got = this->read(buf, std::min(n, sizeof(buf)));
+ discarded += got;
+
+ if(got == 0)
+ break;
+ }
+
return discarded;
}
@@ -52,6 +60,11 @@ size_t DataSource_Memory::read(byte out[], size_t length)
return got;
}
+bool DataSource_Memory::check_available(size_t n)
+ {
+ return (n <= (source.size() - offset));
+ }
+
/*
* Peek into a memory buffer
*/
@@ -99,6 +112,15 @@ size_t DataSource_Stream::read(byte out[], size_t length)
return got;
}
+bool DataSource_Stream::check_available(size_t n)
+ {
+ const std::streampos orig_pos = source.tellg();
+ source.seekg(0, std::ios::end);
+ const size_t avail = source.tellg() - orig_pos;
+ source.seekg(orig_pos);
+ return (avail >= n);
+ }
+
/*
* Peek into a stream
*/
diff --git a/src/lib/filters/data_src.h b/src/lib/filters/data_src.h
index 8f6593879..2b6998448 100644
--- a/src/lib/filters/data_src.h
+++ b/src/lib/filters/data_src.h
@@ -32,6 +32,8 @@ class BOTAN_DLL DataSource
*/
virtual size_t read(byte out[], size_t length) = 0;
+ virtual bool check_available(size_t n) = 0;
+
/**
* Read from the source but do not modify the internal
* offset. Consecutive calls to peek() will return portions of
@@ -99,6 +101,7 @@ class BOTAN_DLL DataSource_Memory : public DataSource
public:
size_t read(byte[], size_t) override;
size_t peek(byte[], size_t, size_t) const override;
+ bool check_available(size_t n) override;
bool end_of_data() const override;
/**
@@ -143,6 +146,7 @@ class BOTAN_DLL DataSource_Stream : public DataSource
public:
size_t read(byte[], size_t) override;
size_t peek(byte[], size_t, size_t) const override;
+ bool check_available(size_t n) override;
bool end_of_data() const override;
std::string id() const override;
diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h
index fac8a1ba3..3f8d4d04c 100644
--- a/src/lib/filters/pipe.h
+++ b/src/lib/filters/pipe.h
@@ -224,7 +224,10 @@ class BOTAN_DLL Pipe : public DataSource
/**
* @return the number of bytes read from the specified message.
*/
- size_t get_bytes_read(message_id msg = DEFAULT_MESSAGE) const;
+ size_t get_bytes_read(message_id msg) const;
+
+ bool check_available(size_t n) override;
+ bool check_available_msg(size_t n, message_id msg);
/**
* @return currently set default message
diff --git a/src/lib/filters/pipe_rw.cpp b/src/lib/filters/pipe_rw.cpp
index 077bd93bb..796f9100e 100644
--- a/src/lib/filters/pipe_rw.cpp
+++ b/src/lib/filters/pipe_rw.cpp
@@ -168,4 +168,14 @@ size_t Pipe::get_bytes_read(message_id msg) const
return outputs->get_bytes_read(msg);
}
+bool Pipe::check_available(size_t n)
+ {
+ return (n <= remaining(DEFAULT_MESSAGE));
+ }
+
+bool Pipe::check_available_msg(size_t n, message_id msg)
+ {
+ return (n <= remaining(msg));
+ }
+
}
diff --git a/src/lib/filters/secqueue.h b/src/lib/filters/secqueue.h
index a0164dcf2..b548f367f 100644
--- a/src/lib/filters/secqueue.h
+++ b/src/lib/filters/secqueue.h
@@ -32,6 +32,8 @@ class BOTAN_DLL SecureQueue : public Fanout_Filter, public DataSource
bool empty() const;
+ bool check_available(size_t n) { return n <= size(); }
+
/**
* @return number of bytes available in the queue
*/
diff --git a/src/tests/data/fuzz/x509/afl_000.pem b/src/tests/data/fuzz/x509/afl_000.pem
new file mode 100644
index 000000000..5bd3a97d0
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_000.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIEYMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_001.pem b/src/tests/data/fuzz/x509/afl_001.pem
new file mode 100644
index 000000000..9bf1fcecb
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_001.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MICzAJBGCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_002.pem b/src/tests/data/fuzz/x509/afl_002.pem
new file mode 100644
index 000000000..fbadfd772
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_002.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4EAABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_003.pem b/src/tests/data/fuzz/x509/afl_003.pem
new file mode 100644
index 000000000..86041ccfd
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_003.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgOjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWzXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_004.pem b/src/tests/data/fuzz/x509/afl_004.pem
new file mode 100644
index 000000000..4c818d9c3
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_004.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4EAADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_005.pem b/src/tests/data/fuzz/x509/afl_005.pem
new file mode 100644
index 000000000..fa101ff3a
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_005.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICATECCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1uEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_006.pem b/src/tests/data/fuzz/x509/afl_006.pem
new file mode 100644
index 000000000..af95cabfb
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_006.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCCqGSIb9ycEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG6yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAU4AwAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_007.pem b/src/tests/data/fuzz/x509/afl_007.pem
new file mode 100644
index 000000000..30145a8fa
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_007.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICAIN CAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_008.pem b/src/tests/data/fuzz/x509/afl_008.pem
new file mode 100644
index 000000000..5be654ce4
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_008.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMfAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIEYMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_009.pem b/src/tests/data/fuzz/x509/afl_009.pem
new file mode 100644
index 000000000..7434298ea
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_009.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MICATECCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhUgQ3liZXJU
+cnVzdcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_010.pem b/src/tests/data/fuzz/x509/afl_010.pem
new file mode 100644
index 000000000..2640094e5
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_010.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAAIGHADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwADAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_011.pem b/src/tests/data/fuzz/x509/afl_011.pem
new file mode 100644
index 000000000..176669d6d
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_011.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICATECCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTA0GCSqGSIb3DQEBBAUAMEUxCMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OT1wWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXvcmApy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_012.pem b/src/tests/data/fuzz/x509/afl_012.pem
new file mode 100644
index 000000000..baf1a7786
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_012.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICATECCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OPI2PnPfMD+fQ2qLTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAFMQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_013.pem b/src/tests/data/fuzz/x509/afl_013.pem
new file mode 100644
index 000000000..bbb050f76
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_013.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICATECCAWMCAgGjMA0GCSqGAMTE0dURSBDeWJlcXRydXN0ISIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlcXRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor7M4sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9t1tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_014.pem b/src/tests/data/fuzz/x509/afl_014.pem
new file mode 100644
index 000000000..b68d8c8e2
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_014.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCATDKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_015.pem b/src/tests/data/fuzz/x509/afl_015.pem
new file mode 100644
index 000000000..ea8638e31
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_015.pem
@@ -0,0 +1,5 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVgYD
+VQQKEw9HVEUgQ29ycG9yYX===============================lR===============================ydXN0IFJv
+b3QwHhcNOTYwMY
+-----END CEc \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_016.pem b/src/tests/data/fuzz/x509/afl_016.pem
new file mode 100644
index 000000000..3bd2fc312
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_016.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIBBAUAMEUxCCATEgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBHeFhVYAA1DeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPm1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAO4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1LvZ46WXTeorKeDWanOB5rCJo9Px4KWl
+IjeaY8JIILTbcRPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_017.pem b/src/tests/data/fuzz/x509/afl_017.pem
new file mode 100644
index 000000000..6ec87b82b
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_017.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIBBAUAMEUxCCATEgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMpK+ULjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPm1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAO4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5rCJo9Px4KWl
+IjeaY8JIILTbcRPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_018.pem b/src/tests/data/fuzz/x509/afl_018.pem
new file mode 100644
index 000000000..be7ecaec6
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_018.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKAgQc45k+625h8BSb2
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_019.pem b/src/tests/data/fuzz/x509/afl_019.pem
new file mode 100644
index 000000000..d0603430f
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_019.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xgDCERTNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQA45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_020.pem b/src/tests/data/fuzz/x509/afl_020.pem
new file mode 100644
index 000000000..10cba363d
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_020.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MICfMA0GCSqGSIb3DQEBAQUAA4RHADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_021.pem b/src/tests/data/fuzz/x509/afl_021.pem
new file mode 100644
index 000000000..5e861a5aa
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_021.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCZgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAlWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46-----BKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_022.pem b/src/tests/data/fuzz/x509/afl_022.pem
new file mode 100644
index 000000000..7ffa58208
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_022.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUKQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4BSb2CBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt CERTiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_023.pem b/src/tests/data/fuzz/x509/afl_023.pem
new file mode 100644
index 000000000..ace8de7a1
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_023.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MICAgECCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4RBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_024.pem b/src/tests/data/fuzz/x509/afl_024.pem
new file mode 100644
index 000000000..57243fc2e
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_024.pem
@@ -0,0 +1,3 @@
+0�q�-
+MIIvLmCCAW]C---BE���CERT---
+MIIvcmCCAW]C \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_025.pem b/src/tests/data/fuzz/x509/afl_025.pem
new file mode 100644
index 000000000..f1e877697
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_025.pem
@@ -0,0 +1,3 @@
+0�q�-
+MIIfLm CAW]C--����mCCAW-BE����CERT-#-
+MIIvGmCCAW]C \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_026.pem b/src/tests/data/fuzz/x509/afl_026.pem
new file mode 100644
index 000000000..899e1d71d
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_026.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_027.pem b/src/tests/data/fuzz/x509/afl_027.pem
new file mode 100644
index 000000000..8504c3d8c
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_027.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_028.pem b/src/tests/data/fuzz/x509/afl_028.pem
new file mode 100644
index 000000000..d4f588112
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_028.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_029.pem b/src/tests/data/fuzz/x509/afl_029.pem
new file mode 100644
index 000000000..59591e0b8
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_029.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_030.pem b/src/tests/data/fuzz/x509/afl_030.pem
new file mode 100644
index 000000000..be3106dcc
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_030.pem
@@ -0,0 +1 @@
+0����----BcCAWqG \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_031.pem b/src/tests/data/fuzz/x509/afl_031.pem
new file mode 100644
index 000000000..1bdb26461
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_031.pem
@@ -0,0 +1 @@
+0�q�BEG���II�m8CAW]C \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_032.pem b/src/tests/data/fuzz/x509/afl_032.pem
new file mode 100644
index 000000000..436f7ce70
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_032.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_033.pem b/src/tests/data/fuzz/x509/afl_033.pem
new file mode 100644
index 000000000..f1aa4028e
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_033.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_034.pem b/src/tests/data/fuzz/x509/afl_034.pem
new file mode 100644
index 000000000..11c8448d0
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_034.pem
@@ -0,0 +1,4 @@
+-----BEGIN CERTIFICATE-----
+MIBBAUAMEUxCzAJBgNoBAYTAlVTMRgwFgYT
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHXY
+-----END CERTIFICATE-----DA \ No newline at end of file
diff --git a/src/tests/data/fuzz/x509/afl_035.pem b/src/tests/data/fuzz/x509/afl_035.pem
new file mode 100644
index 000000000..1ff6f1f71
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_035.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_036.pem b/src/tests/data/fuzz/x509/afl_036.pem
new file mode 100644
index 000000000..8171e93c9
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_036.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_037.pem b/src/tests/data/fuzz/x509/afl_037.pem
new file mode 100644
index 000000000..f3f4403b9
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_037.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_038.pem b/src/tests/data/fuzz/x509/afl_038.pem
new file mode 100644
index 000000000..bfdd13e44
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_038.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_039.pem b/src/tests/data/fuzz/x509/afl_039.pem
new file mode 100644
index 000000000..9e888f879
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_039.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_040.pem b/src/tests/data/fuzz/x509/afl_040.pem
new file mode 100644
index 000000000..dbde6a784
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_040.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_041.pem b/src/tests/data/fuzz/x509/afl_041.pem
new file mode 100644
index 000000000..5405ae442
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_041.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_042.pem b/src/tests/data/fuzz/x509/afl_042.pem
new file mode 100644
index 000000000..6862f605a
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_042.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_043.pem b/src/tests/data/fuzz/x509/afl_043.pem
new file mode 100644
index 000000000..56b0ddead
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_043.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_044.pem b/src/tests/data/fuzz/x509/afl_044.pem
new file mode 100644
index 000000000..c250a4c73
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_044.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_045.pem b/src/tests/data/fuzz/x509/afl_045.pem
new file mode 100644
index 000000000..d3d2fbb7f
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_045.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_046.pem b/src/tests/data/fuzz/x509/afl_046.pem
new file mode 100644
index 000000000..0c65e9a45
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_046.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_047.pem b/src/tests/data/fuzz/x509/afl_047.pem
new file mode 100644
index 000000000..9e1ad3030
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_047.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_048.pem b/src/tests/data/fuzz/x509/afl_048.pem
new file mode 100644
index 000000000..e7f577414
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_048.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_049.pem b/src/tests/data/fuzz/x509/afl_049.pem
new file mode 100644
index 000000000..60a5b63bd
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_049.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_050.pem b/src/tests/data/fuzz/x509/afl_050.pem
new file mode 100644
index 000000000..2407ec731
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_050.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_051.pem b/src/tests/data/fuzz/x509/afl_051.pem
new file mode 100644
index 000000000..c6f0bf36f
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_051.pem
Binary files differ
diff --git a/src/tests/data/fuzz/x509/afl_052.pem b/src/tests/data/fuzz/x509/afl_052.pem
new file mode 100644
index 000000000..3f2b126f6
--- /dev/null
+++ b/src/tests/data/fuzz/x509/afl_052.pem
Binary files differ
diff --git a/src/tests/test_fuzz.cpp b/src/tests/test_fuzz.cpp
new file mode 100644
index 000000000..f53994c26
--- /dev/null
+++ b/src/tests/test_fuzz.cpp
@@ -0,0 +1,59 @@
+/*
+* (C) 2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+#include <botan/x509cert.h>
+#include <botan/x509_crl.h>
+#include <botan/internal/filesystem.h>
+#include <botan/base64.h>
+#include <chrono>
+#include <iostream>
+
+namespace {
+
+size_t test_x509_fuzz()
+ {
+ const std::string fuzz_data = TEST_DATA_DIR "/fuzz";
+
+ size_t tests = 0, fails = 0;
+
+ for(auto vec: Botan::get_files_recursive(fuzz_data + "/x509"))
+ {
+ ++tests;
+
+ auto start = std::chrono::system_clock::now();
+ try
+ {
+ // TODO: check for memory consumption?
+ Botan::X509_Certificate cert(vec);
+ }
+ catch(std::exception& e)
+ {
+ //std::cout << e.what() << "\n";
+ }
+ auto end = std::chrono::system_clock::now();
+
+ uint64_t duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start).count();
+
+ if(duration > 100)
+ {
+ std::cout << "Fuzz test " << vec << " took " << duration << " ms\n";
+ }
+ }
+
+ test_report("Fuzz Checks", tests, fails);
+
+ return fails;
+ }
+
+}
+
+size_t test_fuzzer()
+ {
+ size_t fails = 0;
+ fails += test_x509_fuzz();
+ return fails;
+ }
diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp
index a0fd17879..63e6761ac 100644
--- a/src/tests/tests.cpp
+++ b/src/tests/tests.cpp
@@ -312,6 +312,7 @@ int main(int argc, char* argv[])
DEF_TEST(nist_x509);
DEF_TEST(tls);
DEF_TEST(compression);
+ DEF_TEST(fuzzer);
if(tests.empty())
{
diff --git a/src/tests/tests.h b/src/tests/tests.h
index c99adf6b8..88102f289 100644
--- a/src/tests/tests.h
+++ b/src/tests/tests.h
@@ -107,6 +107,8 @@ size_t test_nist_x509();
size_t test_srp6();
size_t test_compression();
+size_t test_fuzzer();
+
#define SKIP_TEST(testname) \
size_t test_ ## testname() { \
std::cout << "Skipping tests: " << # testname << std::endl; \