// Copyright 2022 The BoringSSL Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/bio.h>
#include <openssl/conf.h>
#include <openssl/x509.h>

#include <algorithm>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
  // The string-based extensions APIs routinely produce output quadratic in
  // their input. Cap the input size to mitigate this. See also
  // https://crbug.com/boringssl/611.
  len = std::min(len, size_t{8 * 1024});

  bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(buf, len));
  bssl::UniquePtr<CONF> conf(NCONF_new(nullptr));
  if (NCONF_load_bio(conf.get(), bio.get(), nullptr)) {
    // Run with and without |X509V3_CTX| information.
    bssl::UniquePtr<X509> cert(X509_new());
    X509V3_CTX ctx;
    X509V3_set_ctx(&ctx, /*subject=*/cert.get(), /*issuer=*/cert.get(), nullptr,
                   nullptr, 0);
    X509V3_EXT_add_nconf(conf.get(), &ctx, "default", cert.get());

    cert.reset(X509_new());
    X509V3_EXT_add_nconf(conf.get(), nullptr, "default", cert.get());
  }
  return 0;
}