From 723335243276393bfb33f97cfb13454fbf421637 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 3 May 2018 16:40:24 +0200
Subject: [PATCH] Fuzz testing

Fuzz targets are x509 crt csr and crl parsing
as well as private and public key parsing
and client and server communication

Fuzz targets for DTLS
Simple corpus with valid DTLS connection
Deterministic behavior for fuzzing, ie no timestamps
---
 tests/CMakeLists.txt               |   2 +
 tests/fuzz/CMakeLists.txt          |  38 +++++
 tests/fuzz/corpuses/client         | Bin 0 -> 4037 bytes
 tests/fuzz/corpuses/dtlsclient     | Bin 0 -> 4058 bytes
 tests/fuzz/corpuses/dtlsserver     | Bin 0 -> 1189 bytes
 tests/fuzz/corpuses/server         | Bin 0 -> 675 bytes
 tests/fuzz/fuzz_client.c           | 227 +++++++++++++++++++++++++++
 tests/fuzz/fuzz_client.options     |   2 +
 tests/fuzz/fuzz_dtlsclient.c       | 185 ++++++++++++++++++++++
 tests/fuzz/fuzz_dtlsclient.options |   2 +
 tests/fuzz/fuzz_dtlsserver.c       | 209 +++++++++++++++++++++++++
 tests/fuzz/fuzz_dtlsserver.options |   2 +
 tests/fuzz/fuzz_privkey.c          |  64 ++++++++
 tests/fuzz/fuzz_privkey.options    |   2 +
 tests/fuzz/fuzz_pubkey.c           |  57 +++++++
 tests/fuzz/fuzz_pubkey.options     |   2 +
 tests/fuzz/fuzz_server.c           | 240 +++++++++++++++++++++++++++++
 tests/fuzz/fuzz_server.options     |   2 +
 tests/fuzz/fuzz_x509crl.c          |  22 +++
 tests/fuzz/fuzz_x509crl.options    |   2 +
 tests/fuzz/fuzz_x509crt.c          |  22 +++
 tests/fuzz/fuzz_x509crt.options    |   2 +
 tests/fuzz/fuzz_x509csr.c          |  22 +++
 tests/fuzz/fuzz_x509csr.options    |   2 +
 tests/fuzz/onefile.c               |  50 ++++++
 25 files changed, 1156 insertions(+)
 create mode 100644 tests/fuzz/CMakeLists.txt
 create mode 100644 tests/fuzz/corpuses/client
 create mode 100644 tests/fuzz/corpuses/dtlsclient
 create mode 100644 tests/fuzz/corpuses/dtlsserver
 create mode 100644 tests/fuzz/corpuses/server
 create mode 100644 tests/fuzz/fuzz_client.c
 create mode 100644 tests/fuzz/fuzz_client.options
 create mode 100644 tests/fuzz/fuzz_dtlsclient.c
 create mode 100644 tests/fuzz/fuzz_dtlsclient.options
 create mode 100644 tests/fuzz/fuzz_dtlsserver.c
 create mode 100644 tests/fuzz/fuzz_dtlsserver.options
 create mode 100644 tests/fuzz/fuzz_privkey.c
 create mode 100644 tests/fuzz/fuzz_privkey.options
 create mode 100644 tests/fuzz/fuzz_pubkey.c
 create mode 100644 tests/fuzz/fuzz_pubkey.options
 create mode 100644 tests/fuzz/fuzz_server.c
 create mode 100644 tests/fuzz/fuzz_server.options
 create mode 100644 tests/fuzz/fuzz_x509crl.c
 create mode 100644 tests/fuzz/fuzz_x509crl.options
 create mode 100644 tests/fuzz/fuzz_x509crt.c
 create mode 100644 tests/fuzz/fuzz_x509crt.options
 create mode 100644 tests/fuzz/fuzz_x509csr.c
 create mode 100644 tests/fuzz/fuzz_x509csr.options
 create mode 100644 tests/fuzz/onefile.c

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ecf6f34b2..d060255bd 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -77,3 +77,5 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
     link_to_source(scripts)
     link_to_source(ssl-opt.sh)
 endif()
+
+add_subdirectory(fuzz)
diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
new file mode 100644
index 000000000..1392f63ca
--- /dev/null
+++ b/tests/fuzz/CMakeLists.txt
@@ -0,0 +1,38 @@
+set(libs
+    mbedtls
+)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+    set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+    set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c)
+target_link_libraries(fuzz_x509csr ${libs})
+
+add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c)
+target_link_libraries(fuzz_x509crl ${libs})
+
+add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c)
+target_link_libraries(fuzz_x509crt ${libs})
+
+add_executable(fuzz_privkey fuzz_privkey.c onefile.c)
+target_link_libraries(fuzz_privkey ${libs})
+
+add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c)
+target_link_libraries(fuzz_pubkey ${libs})
+
+add_executable(fuzz_client fuzz_client.c onefile.c)
+target_link_libraries(fuzz_client ${libs})
+
+add_executable(fuzz_server fuzz_server.c onefile.c)
+target_link_libraries(fuzz_server ${libs})
+
+add_executable(fuzz_dtlsclient fuzz_dtlsclient.c onefile.c)
+target_link_libraries(fuzz_dtlsclient ${libs})
+
+add_executable(fuzz_dtlsserver fuzz_dtlsserver.c onefile.c)
+target_link_libraries(fuzz_dtlsserver ${libs})
diff --git a/tests/fuzz/corpuses/client b/tests/fuzz/corpuses/client
new file mode 100644
index 0000000000000000000000000000000000000000..48d0a67c8f36ace60ccf4013a5b985207703ed80
GIT binary patch
literal 4037
zcmeH~c{o)2AIHy`8T&qD>`Tbb8T(Gxk|o8ErjclDkqky<Pbg_@EtHUbNxH&RawA*G
zGPcN)kjTi=O%Yl8jp{x>_x`$1_j$U1{?2p$IG^wNp3n1rKA-RFyx(75I2>?<0l<DZ
z-1D&)(e|_DtSqJa=ECYLv#<vHWkKpx!U>#`t7=xuH8BqrwtHx79!|=M4uzdQ)O)jn
z@;IGr&&3`UxKmtzIJOP~0FKWf00ICC000&M1_HcrIBPWvz<L*8tpwn@P!wDfih_w|
z!(kwdc0+9ROmb(<&wgYBK{`4B(nYgCO!V-52zqYVp516Jh+{Kg=4P}Z_#6(fv)hg4
zhfteCaBj{&hQ#dMiGgCqJ0TGi8yXF%pjFUnYHE-M4#lRjHH6fDm>daleofBgLvTIp
zbA&()grdOhTUQCv0q`i01E7sF!=gYCsJG60F+~yXM)X?*RHc=&2TkbcS$67h^LF7T
zD0#rSqIr>{sYMua@>|7#5Ch3;Yj@R3B^OVQ?Qo0FxGfW&GxR3@b&F8ygN=Fwrc$Ff
z@6*fj69dWhhshoojock}B{u^PF@*C+J(n90%^qYEQnc{+=qN=rqq3ae>&1EpNPamK
z#px0LtGztQJ@`V-_~Ay1kp<)Y5!QF4vpr@HyQ)gK;3B6SiUmYW_&7MukcLPmhsOCH
z<CU8|5<WQ%guj=LlLa3ovl~jkgPvHjzkN2++$?>xnNB~X38r^V*noqocGa<sXoX1~
z;L25qJm;m2d&+Tp<bX0)^T#(x5V`_`(>k7K4Ox9@oG>>61_6*Tt&GC#2wntF0Ugz?
zYIxLz!v<;XQtVb{O)|a&iEh4@K=47lkvwGFL_y_94`%6pUttQzjKPEE_0L-iPTLl=
zf`dSY=RsL)cCcVkjZm?`EPud)5BoAvqhk_fg#>-(%loW`Hi(3isS^)n2l0y1{Kc#T
z`(^!XKR7(dlfiKf$Ys9ZjH!C0J~6XFbmk*03h9}9>Xk&4iK8d_6g~83=0eN`$`i41
zZc3^_L5C06iuyNm*1`L<>q1feLVk~oJZtG*;K2ur8};j=EkTyUsA;P5?py8kfquz1
zl;aCySUHTW@A~)P^%RbxEyqeiht^NZyuRBXG@I$wCs@$wN225(v?pCO<q<t%C>_*!
zuupkhda2MF7uUpQsr~fg)I&8K_oz8@-6wWAm|I@Re$AqI-a_679fDUI)P0?EcM0wS
z;3OJ7u{3%J-{=AUQl@{C9_Y{XK)9bv{v(L$Mm5(^zm2748lD|VRS7pK;LWCpzf0?#
zebW}khh@B6Fq{5}G%6sHrj-^e5?Ys_J*ws87sT-N`rsw%{Q%oX9eEJu#=?}5A5WV}
zZU9Teq|u7OWFdRy%B-bpU6m{ln6Y2CxB!vt|E?x_(C}HoxSm|nTWOcZ$60OFvo7KH
zUdO1^?p?+1*baB>CHJi^zDiZ{tD8`&SyP%H-?^_&O(|S5z^iRnIge3vxaWtnOX!>L
zg7YixC?Qv3P`~2|(gxhva(g!MYedZ)sFQGUcxigA^tqBucLdBzB756{mb)9%8&=;$
zK~%Q?lgjj#o70U8ow2D&kua6(X;?yT-&crEr$DDKLadu`a3km-I0$~;Leh6Zas5it
zK?wJKl5!05^?#~$QQ%*<*%unC*6jxX`(%>TZRr;&l-!Ro48pN-mQ6ui0}OZix7#F|
z&)`E;;%Z%Y*?qoS`%Wp|zAnu$`@W_`fHRxffuw<5lq<Wl7+8^bCLPHMjlpS!A+0Xr
z@x%S~K08S1V|~M(bMZ%2`vbS@?S6hIL9RoAjqv~-6J4QpR;8!lc=Y7UB)cWgOU)~U
z6DC+BRj2pL)O4LeaY%rEtexnjLQKrmwd<!m21U~sxy^4|^K_3?NDc;tFRHg=`MZ14
z-dYovMdNyLU6>B0#d0%SZy-^(o!|-rX>*x{j4l)vzAoYz)_-ua$F4u2t99B*j+xDA
z->kR|iuX0WCFRh_$FXVqAJEA1_gcpKzgouneJ#_3)M=Wfp{@y`H)-4q)xU***V2EM
z{Qorma~l7vWdAyU|EO7;{Qdclu*EXbw%HdNh02;m$b%}ueJWQDJ(Dx2jZ`c-^lH56
zuu@gye8N+aVJ;tyyC=lT3U48A9-~C#+wo^+bp=?~d6-8eLTyU-4L2kqYak~?ZF0U`
zoPK)wr&pP-+l15YwOT!>cHaKoh3kR}BMX^Fy$;GbOJYJEw(eJ7p|2Or*12QV6;PAb
z;@KBH9X}Z?zNa$r(2RywRX*X&ZDfy~6t_wD=L)^C9y@)*8iP>Sg%8YrVcmC`DtH<6
z{1>jyxCa4YvO5$@d{?5E*mA0-;zcsjPfs`!(@Zf^(@T6=$Jk75)E#tn_z-)_qP-pC
z4411#U5CjEx0^m?%831PWqX5i%%_h_?PzlV=0MX$49%1Ef7M1Npx$^q0&m<-g_!9X
zX%4eP9|4C!20wIwLXZIMk4m$b++XY^k?8Z)UYZ*J;V@MpZ51`Nx|+6{)+Uvkp~|=L
zr}Lkn`A>!~tA&B|bn>SWz;-wuKr{}?tL@apD#to(ti@H!8e8od^KE3`Z>Oq_?ZuEU
zq-e89j5?zv@#bp+DY6|3im?snFp*`?yl;xXsCp{oi>+#<R(K`8-+4>6k?efDXcwW6
zUv{6@H9K7~vInn=sz~1HZ0L067OBZRCMIbC8p^i?-Qj-_A=&bLRU-`Y{VFw{kb5N0
z_a@~0l5h006^Po>xIgduEp3E*0gwj_4K$MRL<gA^AUp`UqsKp#fBF1XgNqxg*C&E|
zHbU;j2I|RI^?O}r$@4r}Rax7up+fs)-818|glC;YwUz2N;PI<=G^0WWY3Rmr3FRu8
zsf7$49V75y8EZvn;3+7J(fF1a?f3#-U<JSgIKY1f0nAO!w3fDE_zk6Mi*`QusOPBm
z-IgAKohwYAu0A^d+j^tV`}I|4`6Pmy_)MUfzQL;pSrwn3ceZ+~+NS9Ha8B+3_s(lh
zmD)WL{=ne6M!`F3?(2Tvu+z>E)>L1XYVbjFH9X0!^6LFayjhEnsTQMv&*TjYV%2V&
zEG};=>6`@LWKnvW6^>YUcd$0@nv-`yA31ow#REz*ezN8$al{1d4T}Qrg%x$?3PnXZ
zTd|fddp%b@CwQRx!=jVu1vhe^K!X1M8vVdvBzfZs=S!CB{Fe=Uw576{vRpE$yyi#&
zS@)=0BPRy%ZaUXH*U!J!n!{eme@|)FJEKXMTHSU2jkDIatfwJ~ULOQvoMmGp-?yHc
z%Z|vG%Zc|k%aB(*&Gqs%S<ZhhIJzmKE2V?-So&B}XRBP3K4X9kMVkwWLMo`+wl6Th
zCfBkL1yx#a8@I-RRvnk~OSl&}MoFsv;jv3oF_ngIO>U(;GeaZeTXL6~{1j}g2uDI+
z3P&+E2wKG86mk`4T>%j6v?C@D?EwTgLm681<$}%|>5hE--TDBjbferpg=$#0GKxyL
zC(}}4l=wutqZ~z>{Oh;5;F+vFDNs6U#sRkHEC>H1XDK-^3uTUb-dwys)zv=G8#Zdq
zo}=u}MY@;Y>aL}nNl26FDMnK~D%u5M1!~N&Pz$^%+9Sla(rIsc(~aK*aeWuF->DbY
zxZqY}yMA@QBdOtf^};Jsv2F}CT4~{U*k$Sb21;9!>8RhnF1{6#h%P1obEzSvF~vK<
z)MDW+u7WM+@iKYdq!W=3af-@0Fw02F*iUF|qb*tB+mc~|&77<CT&)Q@&&txM(%Lz{
ImjJ+j04YTqLI3~&

literal 0
HcmV?d00001

diff --git a/tests/fuzz/corpuses/dtlsclient b/tests/fuzz/corpuses/dtlsclient
new file mode 100644
index 0000000000000000000000000000000000000000..87c3ca333a37338f74a136fb4af241f0bbe2f6da
GIT binary patch
literal 4058
zcmeH~cT^ME7sqFk&=Zg%p?8HKWfFSFMWic+77;;0i3k!Pr~w3NiY(Ovh=9^Xlm%%<
zS1}06A{{|GB7%S*F1TQ$Y_PKXbB}wD`{yrbPG;_#ckj%3_kQMnAOFfS@cE|<2LS0$
zhV;s^gyVd+z0b}3R(Z@-yYnW_!yT-27-CC9du>3RYt+2AHUAf15O9M5fCB)2@OD^P
z_QavCV+nbVoAxrH2~*BpSIS%NXH?p9b4CVkmDC%Ik?@<+&)NE9iKGvPr9B_?PEFEu
zlAkHld5<gAwVe?daH2y1z_kjlMMN`#asV(8`1(8;@-7E}tOghl1=h~U3IMJHMZz_p
zNSJsw90tM|2ZUl~lRsg4;x!5cnV0}b2g?DmF~jW;%)GE2mRN3xYt3NiWwj>zxCYqR
zSYibs^x6=dcf;o)30n_JpoGy@NDPg_Vj&zBhgDToh14C<DBOAzQvGgl9%#eI;A}o*
zH&>tiWJ(|u2}-ShOOOeGM}k}cW1Jlp34%baRo>7<i)aU;$1H%BewC9trmbt<rp?RW
z?l{(x2b{b#E9RYg316A~QZXP{U*`N$wdz%wg(D-I-QzRM<U(`$pT|FI6iL0cQj5S>
zsCVVPdvfh?Z*r|`r6*oJce73Ll|W~fP{GIn`CjqtK9q=}ndj?0n<(2SIey;hg{%US
zpY%s=@C^OMc1xT`(5akJ*SZ!%GuGMt$ho)^o!jrU(~7y_V#n-@gv7Q9aB&@v>yO*!
zJSuRXsNCS0@NRE!=quS+40tb@(?E6(`pum4<)h(-23hY0CcWT#nC^K|eXdE>b9<U7
z7WmX&?p%fNlU`bm54p;QcPn!@ynfCDLTNBKqXP1*Ad3%)6Xiv~AOI3&ETbqVf*-+G
zz%=Pj8+^Qv%bLe(Uy*yMRh-coNPO+KG(rI459h0N94n|8?!+(N=q^m*n%2M7u)Ml{
z!5L-2Sa1-?BspOS*+IgWZi^HN%?Jj}`*6OYsJD)zEqFkm*=yYv{VNpmk<_s}m_DMS
ztY8tc*8$_V>ks=|d2){2z4BQ@8=`6V)W)V)C@uoz1rc3Sl5TNWsU&u+ThUW*`bDs*
z(6vNDth<s5mFl{Cm$-k!20FZ3iyngR5%IfcNUC8PB7(OTR%(~U8>!}l=&4C%%aZ2W
zK)>Y6%JGHKNG?OGYX456u7Wq#e55#}fBA^qv+5q|OqN%-a6y}2TuZ)_ZQN;NKJonq
zveY)GZsk$g#X>8`*m{(?*2B{icT^pDADgn%-*L*r-1CARG%m&S7xLd~6+U-Y&DSN@
zMA!s?$1&)MVbDYVL=W({W%@7af&NMl<oIL3zXuWhvBnbm*OAmLgA>E4xX^6{{Mjv%
zbLm|(&zp`45LnL^%w*h)dn_cDu9+Sq7D7+ZdaSwEkIM4!Lf@Im8v(oSwdO(i%kvY4
zetb>aasxQ-jvKz!A1~yrcspb6MyFwbz)T07q5?#+|J?1UK7&UEqq_1*FJ<@D-M`p$
zb7o)Y^=Hwznw{?no2B4;x+=ThFFZ|E@}rL_-Ck0f9o=e2S5*p?3Giw%xyEN06-xT!
z#3J^}Tu^>_l@ia}X!P$yvaCKY;hHT<@;pT&2Wlgq9$cJSx;mgF*AWJ@kj~yXuj%2=
z_8jS(D2&eb|E(gU@yb-)d|OOvQaB8EA)P?Z?fwW+L<$sf8bYqY!HZym;2^lVj-+pb
z;`WgwC&=;JB;^?7>-|vbBEi3x*#{bF%eK9MZF1bEGTEV&mfY9TETS>7=JizWUY4pJ
zDeFYjX<{%gw#LoGX0^IzPAT4&o^FtRLqj^i1+{&5Qm;u%n&m|nBoC2ITV_nXZ%UzG
zvz>CtwWro+b6mzq_aNy-ythhEpp>rVKvjZ#s{)F3HxnCEq1MF;lJIEM_>&}?Mbepu
zx8%dy2t1S8U1<|jbp4{>0KFI+@o|Od=!x?ej(PTpXDslVmRa$2442FFQ9~EhnhAm(
zo#`*FC~w4LyByo`t!xX|w(mLsB<eJi-9RAyMOGo}z80K7J7t96-#6ZA)05EtU}~>C
zJ8G}pjHET1{~5D+i}Ud7kty5n(8%%6y$t!ky$t#7UZw%5F?yD|ng)bjqjAkt`(*x8
zO8;H(|I_&IY5dyB{&W8RRkGIj`|B5Bon&H^*#{a$N*lx~`*1<sxHRWS^7=L5ip9=P
zN9$dcXmzs*55)$#eblQDOOzIt@LW0A5=Cq#9-q+>;#lTmAC?ZWzG^pkH;Lyqv=>p6
zoG%}%mvQag(=4}*q8YZD4?HJr4)}KzE(<FR&u4jiImx@o;Dhfxa8P^8Tq~TdU1iZ8
za67$`)EzYyKOQ8xqax9HT3wTtPd;A8(`mDbcU#A5x$a1(jh?}6{SerxKiK__c2u*K
z^Rwvs&!3z2paMrRn-z<F-$pH>a%dCrVwo8cV|ys+#`sNBivkx9qKvK8>~*vS5Iahv
z4(y3Fcym+SZLm_Ito~h=oWxIQQg@Z3-@RUJ#+m{!dq!WxGc;Mx$KJ>W)EbS35sjKB
zA$Dd~hQe&sL%?B>{&y9i2qeV#qB7(q?+1BFq4<21m&Qh)6{ZTLg;T|<scNZeu2H#W
z;y#%_9RDywf3kddTNud9v?T%oNWqB!qOO07>Q)Vca*X}TQtVBPk;RS?-#ShQ8x<`=
z7rydTiWZ0TV;8gx(R4{D1=Fga7<2a|KD_kNfh&?jw1*<T1lohia<9Z!TT3u?l`e-a
znUK2$F?L?(ZFD3mJ^A;kh~-6OLlIf)T20nL2^llcU`rFVO7K>gOyj_N^`nsQ$5umv
zJi__DH6iDxe8V4Ifyi}<`)k#&OC#J1fIMMXpstcgv6o8$La98PJN-ih-~4<||MZH=
zg|VQ{mEh|!fx260Jzi%y@<>N$6*V2|IEKqIDf6r}iEe+>LS-Xx|7kOpRUtF3|MDSe
zWt!Z?d?uf^A?Q?!EN=@u23=$|Dv|iQoq>btNB~R#82c}PafSne#}QyIzvg&*gpZ<b
zN6S@XOc{>Y?z2OC<VKGrCZ(h)z7s5uSDA}bIin=uUQ)mpg6u#^HO6{mF5U1mv^NN-
zF%d8alU{Xfb-6yR?k&;7%1N%+nZEH7Uql*g-ng=I>}lrfz~-I%7h;?HH9Qr(Ce0p%
z3B>1^CB4`g6lf-gcar>7?YCFV3~3xw<nudA;!(+;#=&~S%a6x9Pu@6)(#Bf{O}%q2
zo0}~(t)GpqZY^6e_=PC#Wwk2I+y3a3GtYqm_5BGLREbcyGV=@L%hZj08*Vx8+#TK@
zl<%3zg(cio;%^oSBegEj$b&4Ufz@_TJv>k@cLp32i*v}n@bfjlI#|nl_X_j>GIZjs
zL8y3#t=^&JqLtxeHZwpeM*GeI*70XMOyN%1bgjL<EjrMllq7}BRm)tD`4A=cO-qY=
zA`9)BYJ!V&4GuUQ7p<Wk3L7xLX{rCpUT-LfYRFk|hTF_Sq~ZdTlb>&J59Q9r;pzKr
z+tFE@3vcUOL_|cLtxR}caLOCda^CedO9%kTxt1Wr+8+S$ecAmo0U)?G?c?qj0HDuT
z&id`LQeE9i24*F2(or_*bb*l=?CqOIPo8kfl`;WYrX043LSQ8p{lyssBtJQWzgvJC
zhKOEO_gDrr)8x+554UKhgz`QyZrJ!`HVhE@G#l1lH6pcBTeNsq{uxgX9PgCc`zK~=
B`4|8I

literal 0
HcmV?d00001

diff --git a/tests/fuzz/corpuses/dtlsserver b/tests/fuzz/corpuses/dtlsserver
new file mode 100644
index 0000000000000000000000000000000000000000..7a7a117900781be46a5b985b275d625ef98b8c96
GIT binary patch
literal 1189
zcmeHGYfQ~y9Dd&OKed!oraGZql5k2FMY=IQC>?!Zlr0-G3@h3y2VpKLUDct`kxFiL
zI@MfO(=3nsd|;W|T-LITvM_BKnvOSJKKta8=gaT;-S+<8-}AoOek+C`jthv~K}Y2F
z|JrnKOX_l~zFYUOxwfaTBWlmBmEYYvKNJ`e{MQFpJTL*mma`a$3f8fL(>N1}w5JQg
z*ub+q%slR8DtF)xvgykJl+(g;dT|CeaTJ{q%z9Qai@Dsx6dKTi#kAvCXi>|H48;|O
zz(^xc@dRsO<^|5fWzIzri+G$SnmGrBIL*_TkGTw@51r`G>9pY)?gnv)1>D6PZbuo*
z5QzZJrjCyEqc_#8WICF$i22;fY^K4U8Y-wm6H0iDrLdq8#XQQBIEEUYM*|92$P(6|
zn&(iDd>&yjtC0t*021Wh95EUgm6W`GUDD>{)HG=1O<ZghTVbQv2(_XXilPXWq7tyj
zIGGy{4{6=uCiw)o!UfJ43kS#o8G(!gUXqSTBt)Z>$PAg6%QydpL{k!aD&v!y&pq<d
zS>jC5YuX;$QKk01-+D78Z(T-D;xh4H!ha&+uK~#<R5&^Y$dYydS($1PAMNDV`6ax`
z(fjq?Z!C`W?)rFpyjM_LerEp<-wl^yHCJ2o-9~Hh;};RRH!frw?2OM%k*!g2i4N(V
zm!~|hdI;@K$Db(&3v>s{3VYWqz0{Yv%U$#2?KR;OS5)KIu)%fV2}8-ZCHmf{)6Q&l
z`Wj@ezdduJ@=~YnePn8R7weHT)un%UJOx5%rT6EB$pHh0nOm69Ps&R#Ee{{vl#uQa
z6*IZLyl+*;oW>RLapA2+_O`~3lWiL}zj7OC7VsQu7N0X?t_LSahlF-py54Bl1}u2i
nv9Hu>xftj=Qmv9dVDL~?`zO!puqtOwgrV+z*#6Zm+cJIwp9Z@o

literal 0
HcmV?d00001

diff --git a/tests/fuzz/corpuses/server b/tests/fuzz/corpuses/server
new file mode 100644
index 0000000000000000000000000000000000000000..fbeb019f200a63d8f40815551f07375c0265c4e6
GIT binary patch
literal 675
zcmXYsSxD4z6ot>v|0wF@SUPGhQKaUUySADrl!Z=#p*;u%p=F^VsJTZNxsH>2mbq6h
z<AxeaKG-2EC{T+^v!IlM)C4h7Dk1w9-j{ng_j~xRwIqa2Kom(*{IiQGk?Y}$Zezop
z-`75e<vfo1X+QT>mlop{>)-gi7Q%?T>4Qdgvyo18MFLH!#(wtlE(@sT6{av9Pf$n?
zdZU3|Y@j1u5Kj|Y!k;~CVLpqQ!(^sm1V?C03s|F*ZQO?e?m;=rd51OZgr2S3i+%>8
zjAgvZTIv~qQq;2^hY(0Vy3?Fq+(kn+GaJNp>X^wQUPc}35Cm`f(v2#5(wPc2F$=>8
zWeGD_$W)lpj1syrglbmuHo7o~Dpv3oD$&9F=!K4@tY!z=c@I4(;SE-?9a^jlAO?U6
zn*fu<q}a2G7m`v^VJ3f~Hj<2lp=2l&l0rz5Bn%`20aI+1Z?<rdw>@m+YzHf-VF?Q;
zAp>#)xd$BOC`l;Z4CLo2#Hpj^o^wkFhE&cUp02V=<2=7GYU}9tu_W)$FORrBjoE{d
z@Wt|V|5sB7iyyTXrWuz{)&{){i%w8x&Gqk?Y#D=fhU$0nHJw{-UFpi1h`zPFOnbA}
zvk!%PbXkXIZ=6*~O<MKpvGA2QPR*Chm;LlTqpsVeX*b2nc<sm+jYH8+wX7q=KPgw)
z@BgqX<HSU$SJ8Xr&Gg=7pWy&br#cAjaMZ+Azu-^Dl{PZ$zQKw%U#}^{fuV}rrMKS(
zw=8JGevC&3t7_iO&qg@t(_b{XY`2neyA9mHryzUgu(RfL^U3ow^&#g>#{2OX(K-Ys

literal 0
HcmV?d00001

diff --git a/tests/fuzz/fuzz_client.c b/tests/fuzz/fuzz_client.c
new file mode 100644
index 000000000..aee9946d9
--- /dev/null
+++ b/tests/fuzz/fuzz_client.c
@@ -0,0 +1,227 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+const char *alpn_list[3];
+
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+const char *pers = "fuzz_client";
+
+
+typedef struct fuzzBufferOffset
+{
+    const uint8_t *Data;
+    size_t Size;
+    size_t Offset;
+} fuzzBufferOffset_t;
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    //silence warning about unused parameter
+    (void) ctx;
+    (void) buf;
+
+    //pretends we wrote everything ok
+    return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    //reads from the buffer from fuzzer
+    fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+    if (biomemfuzz->Offset == biomemfuzz->Size) {
+        //EOF
+        return (0);
+    }
+    if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+        //do not overflow
+        len = biomemfuzz->Size - biomemfuzz->Offset;
+    }
+    memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+    biomemfuzz->Offset += len;
+    return( len );
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_ctr_drbg_random to find bugs in it
+    ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+    for (i=0; i<output_len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_entropy_func to find bugs in it
+    ret = mbedtls_entropy_func(data, output, len);
+    for (i=0; i<len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    int ret;
+    size_t len;
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+    unsigned char buf[4096];
+    fuzzBufferOffset_t biomemfuzz;
+    uint16_t options;
+
+    if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        mbedtls_x509_crt_init( &cacert );
+        if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+                                   mbedtls_test_cas_pem_len ) != 0)
+            return 1;
+#endif
+
+        alpn_list[0] = "HTTP";
+        alpn_list[1] = "fuzzalpn";
+        alpn_list[2] = NULL;
+
+        initialized = 1;
+    }
+
+    //we take 1 byte as options input
+    if (Size < 2) {
+        return 0;
+    }
+    options = (Data[Size - 2] << 8) | Data[Size - 1];
+    //Avoid warnings if compile options imply no options
+    (void) options;
+
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+    mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_entropy_init( &entropy );
+
+    if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+                              (const unsigned char *) pers, strlen( pers ) ) != 0 )
+        goto exit;
+
+    if( mbedtls_ssl_config_defaults( &conf,
+                                    MBEDTLS_SSL_IS_CLIENT,
+                                    MBEDTLS_SSL_TRANSPORT_STREAM,
+                                    MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+        goto exit;
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if (options & 2) {
+        mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+                             (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+    }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if (options & 4) {
+        mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+        mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+    } else
+#endif
+    {
+        mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+    }
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+    if (options & 0x200) {
+        mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+    }
+#endif
+    //There may be other options to add :
+    // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
+
+    srandom(1);
+    mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+    if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+        goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if ((options & 1) == 0) {
+        if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+            goto exit;
+    }
+#endif
+
+    biomemfuzz.Data = Data;
+    biomemfuzz.Size = Size-2;
+    biomemfuzz.Offset = 0;
+    mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+    ret = mbedtls_ssl_handshake( &ssl );
+    if( ret == 0 )
+    {
+        //keep reading data from server until the end
+        do
+        {
+            len = sizeof( buf ) - 1;
+            ret = mbedtls_ssl_read( &ssl, buf, len );
+
+            if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+                continue;
+            else if( ret <= 0 )
+                //EOF or error
+                break;
+        }
+        while( 1 );
+    }
+
+exit:
+    mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
+    mbedtls_ssl_config_free( &conf );
+    mbedtls_ssl_free( &ssl );
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_client.options b/tests/fuzz/fuzz_client.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_client.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_dtlsclient.c b/tests/fuzz/fuzz_dtlsclient.c
new file mode 100644
index 000000000..b1465f06c
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsclient.c
@@ -0,0 +1,185 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+
+
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+
+
+const char *pers = "fuzz_dtlsclient";
+
+
+typedef struct fuzzBufferOffset
+{
+    const uint8_t *Data;
+    size_t Size;
+    size_t Offset;
+} fuzzBufferOffset_t;
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    //silence warning about unused parameter
+    (void) ctx;
+    (void) buf;
+
+    //pretends we wrote everything ok
+    return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    //reads from the buffer from fuzzer
+    fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+    if (biomemfuzz->Offset == biomemfuzz->Size) {
+        //EOF
+        return (0);
+    }
+    if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+        //do not overflow
+        len = biomemfuzz->Size - biomemfuzz->Offset;
+    }
+    memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+    biomemfuzz->Offset += len;
+    return( len );
+}
+
+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                             uint32_t timeout )
+{
+    (void) timeout;
+
+    return fuzz_recv(ctx, buf, len);
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_ctr_drbg_random to find bugs in it
+    ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+    for (i=0; i<output_len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_entropy_func to find bugs in it
+    ret = mbedtls_entropy_func(data, output, len);
+    for (i=0; i<len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+#endif
+
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    int ret;
+    size_t len;
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+    mbedtls_timing_delay_context timer;
+    unsigned char buf[4096];
+    fuzzBufferOffset_t biomemfuzz;
+
+    if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        mbedtls_x509_crt_init( &cacert );
+        if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+                                   mbedtls_test_cas_pem_len ) != 0)
+            return 1;
+#endif
+        initialized = 1;
+    }
+
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+    mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_entropy_init( &entropy );
+
+    srandom(1);
+    if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+                              (const unsigned char *) pers, strlen( pers ) ) != 0 )
+        goto exit;
+
+    if( mbedtls_ssl_config_defaults( &conf,
+                                    MBEDTLS_SSL_IS_CLIENT,
+                                    MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                    MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+        goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+#endif
+    mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+    mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+    if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+        goto exit;
+
+    mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+                             mbedtls_timing_get_delay );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+        goto exit;
+#endif
+
+    biomemfuzz.Data = Data;
+    biomemfuzz.Size = Size;
+    biomemfuzz.Offset = 0;
+    mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+
+    ret = mbedtls_ssl_handshake( &ssl );
+    if( ret == 0 )
+    {
+        //keep reading data from server until the end
+        do
+        {
+            len = sizeof( buf ) - 1;
+            ret = mbedtls_ssl_read( &ssl, buf, len );
+
+            if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+                continue;
+            else if( ret <= 0 )
+                //EOF or error
+                break;
+        }
+        while( 1 );
+    }
+
+exit:
+    mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
+    mbedtls_ssl_config_free( &conf );
+    mbedtls_ssl_free( &ssl );
+
+#else
+    (void) Data;
+    (void) Size;
+#endif
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_dtlsclient.options b/tests/fuzz/fuzz_dtlsclient.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsclient.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_dtlsserver.c b/tests/fuzz/fuzz_dtlsserver.c
new file mode 100644
index 000000000..23116aea0
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsserver.c
@@ -0,0 +1,209 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/ssl_cookie.h"
+
+
+const char *pers = "fuzz_dtlsserver";
+const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+
+typedef struct fuzzBufferOffset
+{
+    const uint8_t *Data;
+    size_t Size;
+    size_t Offset;
+} fuzzBufferOffset_t;
+
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    //silence warning about unused parameter
+    (void) ctx;
+    (void) buf;
+
+    //pretends we wrote everything ok
+    return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    //reads from the buffer from fuzzer
+    fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+    if (biomemfuzz->Offset == biomemfuzz->Size) {
+        //EOF
+        return (0);
+    }
+    if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+        //do not overflow
+        len = biomemfuzz->Size - biomemfuzz->Offset;
+    }
+    memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+    biomemfuzz->Offset += len;
+    return( len );
+}
+
+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout )
+{
+    (void) timeout;
+
+    return fuzz_recv(ctx, buf, len);
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_ctr_drbg_random to find bugs in it
+    ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+    for (i=0; i<output_len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_entropy_func to find bugs in it
+    ret = mbedtls_entropy_func(data, output, len);
+    for (i=0; i<len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+#endif
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    int ret;
+    size_t len;
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+    mbedtls_timing_delay_context timer;
+    mbedtls_ssl_cookie_ctx cookie_ctx;
+    unsigned char buf[4096];
+    fuzzBufferOffset_t biomemfuzz;
+
+    if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        mbedtls_x509_crt_init( &srvcert );
+        mbedtls_pk_init( &pkey );
+        if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+                                   mbedtls_test_srv_crt_len ) != 0)
+            return 1;
+        if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+                                   mbedtls_test_cas_pem_len ) != 0)
+            return 1;
+        if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+                                 mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+            return 1;
+#endif
+        initialized = 1;
+    }
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+    mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_entropy_init( &entropy );
+    mbedtls_ssl_cookie_init( &cookie_ctx );
+
+    if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+                              (const unsigned char *) pers, strlen( pers ) ) != 0 )
+        goto exit;
+
+
+    if( mbedtls_ssl_config_defaults( &conf,
+                                    MBEDTLS_SSL_IS_SERVER,
+                                    MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                    MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+        goto exit;
+
+
+    srandom(1);
+    mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+    if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+        goto exit;
+#endif
+
+    if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
+        goto exit;
+
+    mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
+
+    if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+        goto exit;
+
+    mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+                             mbedtls_timing_get_delay );
+
+    biomemfuzz.Data = Data;
+    biomemfuzz.Size = Size;
+    biomemfuzz.Offset = 0;
+    mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+    if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+        goto exit;
+
+    ret = mbedtls_ssl_handshake( &ssl );
+
+    if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+        biomemfuzz.Offset = ssl.next_record_offset;
+        mbedtls_ssl_session_reset( &ssl );
+        mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+        if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+            goto exit;
+
+        ret = mbedtls_ssl_handshake( &ssl );
+
+        if( ret == 0 )
+        {
+            //keep reading data from server until the end
+            do
+            {
+                len = sizeof( buf ) - 1;
+                ret = mbedtls_ssl_read( &ssl, buf, len );
+                if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+                    continue;
+                else if( ret <= 0 )
+                    //EOF or error
+                    break;
+            }
+            while( 1 );
+        }
+    }
+
+exit:
+    mbedtls_ssl_cookie_free( &cookie_ctx );
+    mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
+    mbedtls_ssl_config_free( &conf );
+    mbedtls_ssl_free( &ssl );
+
+#else
+    (void) Data;
+    (void) Size;
+#endif
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_dtlsserver.options b/tests/fuzz/fuzz_dtlsserver.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsserver.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_privkey.c b/tests/fuzz/fuzz_privkey.c
new file mode 100644
index 000000000..533a647dc
--- /dev/null
+++ b/tests/fuzz/fuzz_privkey.c
@@ -0,0 +1,64 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+//4 Kb should be enough for every bug ;-)
+#define MAX_LEN 0x1000
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+    int ret;
+    mbedtls_pk_context pk;
+
+    if (Size > MAX_LEN) {
+        //only work on small inputs
+        Size = MAX_LEN;
+    }
+
+    mbedtls_pk_init( &pk );
+    ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
+    if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+        if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+        {
+            mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+            mbedtls_rsa_context *rsa;
+
+            mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+            mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+            mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+            rsa = mbedtls_pk_rsa( pk );
+            mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+            mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+            mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+            mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+            mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+        }
+        else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+        {
+            mbedtls_ecp_keypair *ecp;
+
+            ecp = mbedtls_pk_ec( pk );
+            if (ecp) {
+                ret = 0;
+            }
+        }
+        else
+#endif
+            {
+                ret = 0;
+            }
+    }
+    mbedtls_pk_free( &pk );
+#else
+    (void) Data;
+    (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_privkey.options b/tests/fuzz/fuzz_privkey.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_privkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_pubkey.c b/tests/fuzz/fuzz_pubkey.c
new file mode 100644
index 000000000..df42f7d53
--- /dev/null
+++ b/tests/fuzz/fuzz_pubkey.c
@@ -0,0 +1,57 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+    int ret;
+    mbedtls_pk_context pk;
+
+    mbedtls_pk_init( &pk );
+    ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
+    if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+        if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+        {
+            mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+            mbedtls_rsa_context *rsa;
+
+            mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+            mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+            mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+            rsa = mbedtls_pk_rsa( pk );
+            ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+            ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+            mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+            mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+            mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+
+        }
+        else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+        {
+            mbedtls_ecp_keypair *ecp;
+
+            ecp = mbedtls_pk_ec( pk );
+            //dummy use of value
+            if (ecp) {
+                ret = 0;
+            }
+        }
+        else
+#endif
+        {
+            ret = 0;
+        }
+    }
+    mbedtls_pk_free( &pk );
+#else
+    (void) Data;
+    (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_pubkey.options b/tests/fuzz/fuzz_pubkey.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_pubkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_server.c b/tests/fuzz/fuzz_server.c
new file mode 100644
index 000000000..5a9510dda
--- /dev/null
+++ b/tests/fuzz/fuzz_server.c
@@ -0,0 +1,240 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/ssl_ticket.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+
+const char *pers = "fuzz_server";
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+const char *alpn_list[3];
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+
+typedef struct fuzzBufferOffset
+{
+    const uint8_t *Data;
+    size_t Size;
+    size_t Offset;
+} fuzzBufferOffset_t;
+
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    //silence warning about unused parameter
+    (void) ctx;
+    (void) buf;
+
+    //pretends we wrote everything ok
+    return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    //reads from the buffer from fuzzer
+    fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+    if (biomemfuzz->Offset == biomemfuzz->Size) {
+        //EOF
+        return (0);
+    }
+    if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+        //do not overflow
+        len = biomemfuzz->Size - biomemfuzz->Offset;
+    }
+    memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+    biomemfuzz->Offset += len;
+    return( len );
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_ctr_drbg_random to find bugs in it
+    ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+    for (i=0; i<output_len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+    int ret;
+    size_t i;
+
+    //use mbedtls_entropy_func to find bugs in it
+    ret = mbedtls_entropy_func(data, output, len);
+    for (i=0; i<len; i++) {
+        //replace result with pseudo random
+        output[i] = (unsigned char) random();
+    }
+    return( ret );
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    int ret;
+    size_t len;
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_context ticket_ctx;
+#endif
+    unsigned char buf[4096];
+    fuzzBufferOffset_t biomemfuzz;
+    uint8_t options;
+
+    //we take 1 byte as options input
+    if (Size < 1) {
+        return 0;
+    }
+    options = Data[Size - 1];
+
+    if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        mbedtls_x509_crt_init( &srvcert );
+        mbedtls_pk_init( &pkey );
+        if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+                                   mbedtls_test_srv_crt_len ) != 0)
+            return 1;
+        if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+                                   mbedtls_test_cas_pem_len ) != 0)
+            return 1;
+        if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+                                 mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+            return 1;
+#endif
+
+        alpn_list[0] = "HTTP";
+        alpn_list[1] = "fuzzalpn";
+        alpn_list[2] = NULL;
+
+        initialized = 1;
+    }
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+    mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_entropy_init( &entropy );
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
+
+    if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+                              (const unsigned char *) pers, strlen( pers ) ) != 0 )
+        goto exit;
+
+
+    if( mbedtls_ssl_config_defaults( &conf,
+                                    MBEDTLS_SSL_IS_SERVER,
+                                    MBEDTLS_SSL_TRANSPORT_STREAM,
+                                    MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+        goto exit;
+
+    srandom(1);
+    mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+    if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+        goto exit;
+#endif
+
+    mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
+#if defined(MBEDTLS_SSL_ALPN)
+    if (options & 0x2) {
+        mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+    }
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    if( options & 0x4 )
+    {
+        if( mbedtls_ssl_ticket_setup( &ticket_ctx,
+                                     dummy_random, &ctr_drbg,
+                                     MBEDTLS_CIPHER_AES_256_GCM,
+                                     86400 ) != 0 )
+            goto exit;
+
+        mbedtls_ssl_conf_session_tickets_cb( &conf,
+                                            mbedtls_ssl_ticket_write,
+                                            mbedtls_ssl_ticket_parse,
+                                            &ticket_ctx );
+    }
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if (options & 0x40) {
+        mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+                             (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+    }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+
+    if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+        goto exit;
+
+    biomemfuzz.Data = Data;
+    biomemfuzz.Size = Size-1;
+    biomemfuzz.Offset = 0;
+    mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+    mbedtls_ssl_session_reset( &ssl );
+    ret = mbedtls_ssl_handshake( &ssl );
+    if( ret == 0 )
+    {
+        //keep reading data from server until the end
+        do
+        {
+            len = sizeof( buf ) - 1;
+            ret = mbedtls_ssl_read( &ssl, buf, len );
+
+            if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+                continue;
+            else if( ret <= 0 )
+                //EOF or error
+                break;
+        }
+        while( 1 );
+    }
+
+exit:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
+    mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
+    mbedtls_ssl_config_free( &conf );
+    mbedtls_ssl_free( &ssl );
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_server.options b/tests/fuzz/fuzz_server.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_server.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_x509crl.c b/tests/fuzz/fuzz_x509crl.c
new file mode 100644
index 000000000..02f521cc8
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crl.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crl.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRL_PARSE_C
+    int ret;
+    mbedtls_x509_crl crl;
+    unsigned char buf[4096];
+
+    mbedtls_x509_crl_init( &crl );
+    ret = mbedtls_x509_crl_parse( &crl, Data, Size );
+    if (ret == 0) {
+        ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
+    }
+    mbedtls_x509_crl_free( &crl );
+#else
+    (void) Data;
+    (void) Size;
+#endif
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_x509crl.options b/tests/fuzz/fuzz_x509crl.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crl.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_x509crt.c b/tests/fuzz/fuzz_x509crt.c
new file mode 100644
index 000000000..8f593a141
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crt.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crt.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRT_PARSE_C
+    int ret;
+    mbedtls_x509_crt crt;
+    unsigned char buf[4096];
+
+    mbedtls_x509_crt_init( &crt );
+    ret = mbedtls_x509_crt_parse( &crt, Data, Size );
+    if (ret == 0) {
+        ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
+    }
+    mbedtls_x509_crt_free( &crt );
+#else
+    (void) Data;
+    (void) Size;
+#endif
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_x509crt.options b/tests/fuzz/fuzz_x509crt.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crt.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_x509csr.c b/tests/fuzz/fuzz_x509csr.c
new file mode 100644
index 000000000..3cf28a6fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509csr.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_csr.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CSR_PARSE_C
+    int ret;
+    mbedtls_x509_csr csr;
+    unsigned char buf[4096];
+
+    mbedtls_x509_csr_init( &csr );
+    ret = mbedtls_x509_csr_parse( &csr, Data, Size );
+    if (ret == 0) {
+        ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
+    }
+    mbedtls_x509_csr_free( &csr );
+#else
+    (void) Data;
+    (void) Size;
+#endif
+
+    return 0;
+}
diff --git a/tests/fuzz/fuzz_x509csr.options b/tests/fuzz/fuzz_x509csr.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509csr.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/onefile.c b/tests/fuzz/onefile.c
new file mode 100644
index 000000000..caf3ca565
--- /dev/null
+++ b/tests/fuzz/onefile.c
@@ -0,0 +1,50 @@
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+int main(int argc, char** argv)
+{
+    FILE * fp;
+    uint8_t *Data;
+    size_t Size;
+
+    if (argc != 2) {
+        return 1;
+    }
+    //opens the file, get its size, and reads it into a buffer
+    fp = fopen(argv[1], "rb");
+    if (fp == NULL) {
+        return 2;
+    }
+    if (fseek(fp, 0L, SEEK_END) != 0) {
+        fclose(fp);
+        return 2;
+    }
+    Size = ftell(fp);
+    if (Size == (size_t) -1) {
+        fclose(fp);
+        return 2;
+    }
+    if (fseek(fp, 0L, SEEK_SET) != 0) {
+        fclose(fp);
+        return 2;
+    }
+    Data = malloc(Size);
+    if (Data == NULL) {
+        fclose(fp);
+        return 2;
+    }
+    if (fread(Data, Size, 1, fp) != 1) {
+        fclose(fp);
+        return 2;
+    }
+
+    //lauch fuzzer
+    LLVMFuzzerTestOneInput(Data, Size);
+    fclose(fp);
+    return 0;
+}
+