From 424d1ac258aa8eb15922f382c94e2cb4419e95ed Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 19:26:23 +0000
Subject: [PATCH 01/53] test in CI

---
 CMakeLists.txt                 | 116 +++++++++++++++++++++++++++++++++
 codebuild/bin/s2n_codebuild.sh |  13 +++-
 2 files changed, 128 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cbce0740781..43ba20b7ef3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -607,6 +607,122 @@ if (BUILD_TESTING)
             set_property(TEST ${test_target} PROPERTY TIMEOUT 7200)
         endforeach()
     endif()
+
+    option(FUZZ "Enable Fuzz Testing with libFuzzer" OFF)
+    if(FUZZ)
+        set(CMAKE_C_COMPILER clang)
+        set(CMAKE_CXX_COMPILER clang)
+
+        set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
+        file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
+
+        # local
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        
+        # Set default values for fuzzing if not defined
+        if(NOT DEFINED FUZZ_TIMEOUT_SEC)
+            set(FUZZ_TIMEOUT_SEC 60)
+        endif()
+
+        if(NOT DEFINED CORPUS_UPLOAD_LOC)
+            set(CORPUS_UPLOAD_LOC "none")
+        endif()
+
+        if(NOT DEFINED ARTIFACT_UPLOAD_LOC)
+            set(ARTIFACT_UPLOAD_LOC "none")
+        endif()
+
+        if(NOT DEFINED FUZZ_TESTS)
+            set(FUZZ_TESTS "${TESTS}")
+        endif()
+
+        # Build LD_PRELOAD shared libraries (need to add other preloads as well)
+        file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
+
+        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
+
+        # Ensure the overriding library is stored in the expected directory without "lib" prefix
+        set_target_properties(global_overrides PROPERTIES
+            PREFIX ""
+            LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD
+            POSITION_INDEPENDENT_CODE ON
+        )
+
+        target_compile_options(global_overrides PRIVATE
+            -Wno-unreachable-code
+            -O0
+            -I${LIBCRYPTO_ROOT}/include
+            -I${CMAKE_CURRENT_SOURCE_DIR}
+            -I${CMAKE_CURRENT_SOURCE_DIR}/api
+        )
+
+        target_link_libraries(global_overrides PRIVATE testss2n -ldl)
+
+        foreach(src ${FUZZ_TEST_SRCS})
+            get_filename_component(TEST_NAME ${src} NAME_WE)
+
+            add_executable(${TEST_NAME} ${src})
+
+            # automatically link libFuzzer that comes with clang
+            # target_compile_options(${TEST_NAME} PRIVATE 
+            #     -g -O0 -fsanitize=fuzzer,address,undefined,leak
+            # )
+            # target_link_libraries(${TEST_NAME} PRIVATE 
+            #     testss2n  
+            #     -fsanitize=fuzzer,address,undefined,leak
+            # )
+
+            target_compile_options(${TEST_NAME} PRIVATE 
+                -g -O0
+                -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
+            )
+            
+            # Link with testss2n and manually link libFuzzer.a
+            target_link_libraries(${TEST_NAME} PRIVATE 
+                testss2n  
+                ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a
+                global_overrides
+                -lstdc++
+                -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak
+            )
+
+            # Set the output directory for the fuzzing binaries
+            set(FUZZ_BIN_DIR "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz")
+            set_target_properties(${TEST_NAME} PROPERTIES
+                RUNTIME_OUTPUT_DIRECTORY ${FUZZ_BIN_DIR}
+            )
+
+            list(APPEND EXECUTABLE_TARGETS ${TEST_NAME})
+        endforeach()
+
+        foreach(TEST_NAME ${EXECUTABLE_TARGETS})
+            add_custom_command(
+                OUTPUT ${TEST_NAME}_result
+                COMMAND ${CMAKE_COMMAND} -E env
+                    bash ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh
+                    ${TEST_NAME}
+                    ${FUZZ_TIMEOUT_SEC}
+                    ${CORPUS_UPLOAD_LOC}
+                    ${ARTIFACT_UPLOAD_LOC}
+                WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz
+                COMMENT "Running fuzz test ${TEST_NAME}"
+            )
+
+            add_custom_target(run_${TEST_NAME}
+                DEPENDS ${TEST_NAME}_result
+                COMMENT "Fuzz test ${TEST_NAME} completed"
+            )
+
+            list(APPEND FUZZ_TEST_TARGETS run_${TEST_NAME})
+        endforeach()
+
+        # This will run all fuzz tests
+        add_custom_target(run_fuzz
+            DEPENDS ${FUZZ_TEST_TARGETS}
+            COMMENT "Running all fuzz tests"
+        )
+    endif()
 endif()
 
 #install the s2n files
diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 06f8bf41d72..14a18275dbe 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -115,6 +115,16 @@ run_unit_tests() {
     cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)"
 }
 
+run_fuzz_tests() {
+    cmake . -Bbuild \
+            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
+            -DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True \
+            -DBUILD_SHARED_LIBS=on \
+            -DFUZZ=on
+    cmake --build ./build -- -j $(nproc)
+    cmake --build build --target run_fuzz 
+}
+
 # Run Multiple tests on one flag.
 if [[ "$TESTS" == "ALL" || "$TESTS" == "sawHMACPlus" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw tmp/verify_HMAC.log tmp/verify_drbg.log failure-tests; fi
 
@@ -127,7 +137,8 @@ if [[ "$TESTS" == "ALL" || "$TESTS" == "integrationv2" ]]; then run_integration_
 if [[ "$TESTS" == "ALL" || "$TESTS" == "crt" ]]; then ./codebuild/bin/build_aws_crt_cpp.sh $(mktemp -d) $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bin/test_install_shared_and_static.sh $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
+# if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
+if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then run_fuzz_tests ; fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "benchmark" ]]; then (make clean && make benchmark) ; fi
 if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
 if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi

From 4e87522711cd0d910716a9021bd44c5ccdf016a5 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 19:52:25 +0000
Subject: [PATCH 02/53] address CI error - suppress cast-qual warning

---
 CMakeLists.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 92bcd8a4de3..f88900b91f5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -597,8 +597,8 @@ if (BUILD_TESTING)
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         # local
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
@@ -656,8 +656,9 @@ if (BUILD_TESTING)
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
+                -Wno-cast-qual  # Suppress the cast-qual warning
             )
-            
+
             # Link with testss2n and manually link libFuzzer.a
             target_link_libraries(${TEST_NAME} PRIVATE 
                 testss2n  

From 68cf9a2a1ad5bd35f92f698c18808d0b5ee04dc4 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 19:52:54 +0000
Subject: [PATCH 03/53] use venv path

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f88900b91f5..8bbe4385a72 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -597,8 +597,8 @@ if (BUILD_TESTING)
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         # local
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)

From cb0c656a82705578e7296fb4323b8474b06a8d0f Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 20:45:25 +0000
Subject: [PATCH 04/53] mirror compile options from unit tests

---
 CMakeLists.txt | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8bbe4385a72..8340ccc952d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -597,8 +597,8 @@ if (BUILD_TESTING)
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         # local
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
@@ -657,6 +657,10 @@ if (BUILD_TESTING)
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
                 -Wno-cast-qual  # Suppress the cast-qual warning
+                -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
+                -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
+                -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99
             )
 
             # Link with testss2n and manually link libFuzzer.a

From 56d1b9f12a02a0f2d72b3addbf5590665415333f Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 23:11:03 +0000
Subject: [PATCH 05/53] modify cmake build options

---
 CMakeLists.txt                 | 21 +++++----------------
 codebuild/bin/s2n_codebuild.sh |  5 ++---
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8340ccc952d..e7727843fac 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -590,15 +590,12 @@ if (BUILD_TESTING)
 
     option(FUZZ "Enable Fuzz Testing with libFuzzer" OFF)
     if(FUZZ)
-        set(CMAKE_C_COMPILER clang)
-        set(CMAKE_CXX_COMPILER clang)
-
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         # local
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
@@ -629,16 +626,11 @@ if (BUILD_TESTING)
             POSITION_INDEPENDENT_CODE ON
         )
 
-        target_compile_options(global_overrides PRIVATE
-            -Wno-unreachable-code
-            -O0
-            -I${LIBCRYPTO_ROOT}/include
-            -I${CMAKE_CURRENT_SOURCE_DIR}
-            -I${CMAKE_CURRENT_SOURCE_DIR}/api
-        )
-
         target_link_libraries(global_overrides PRIVATE testss2n -ldl)
 
+        set(CMAKE_C_COMPILER clang)
+        set(CMAKE_CXX_COMPILER clang)
+
         foreach(src ${FUZZ_TEST_SRCS})
             get_filename_component(TEST_NAME ${src} NAME_WE)
 
@@ -657,8 +649,6 @@ if (BUILD_TESTING)
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
                 -Wno-cast-qual  # Suppress the cast-qual warning
-                -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
-                -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
                 -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
                 -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99
             )
@@ -667,7 +657,6 @@ if (BUILD_TESTING)
             target_link_libraries(${TEST_NAME} PRIVATE 
                 testss2n  
                 ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a
-                global_overrides
                 -lstdc++
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak
             )
diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 14a18275dbe..c08af820eca 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -117,9 +117,8 @@ run_unit_tests() {
 
 run_fuzz_tests() {
     cmake . -Bbuild \
-            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True \
-            -DBUILD_SHARED_LIBS=on \
+            -DCMAKE_BUILD_TYPE=Release \
+            -DCMAKE_INSTALL_PREFIX=./s2n-tls-install \
             -DFUZZ=on
     cmake --build ./build -- -j $(nproc)
     cmake --build build --target run_fuzz 

From 2563678addb28bccedd5b8fc22a8321b4b61ba00 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 19 Aug 2024 23:13:02 +0000
Subject: [PATCH 06/53] resolve merge conflict

---
 codebuild/bin/s2n_codebuild.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index c08af820eca..898113edc5c 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -138,7 +138,6 @@ if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
 # if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then run_fuzz_tests ; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "benchmark" ]]; then (make clean && make benchmark) ; fi
 if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
 if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "tls" ]]; then make -C tests/saw tmp/verify_handshake.log ; fi

From 8dfb77f27d30a798fbbc70820e6a3ae8f672779a Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 00:55:11 +0000
Subject: [PATCH 07/53] disable -Wcast-qual when fuzz testing

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e7727843fac..5d2284e92f1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -209,7 +209,7 @@ endif()
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
 
-if (NOT $ENV{S2N_LIBCRYPTO} MATCHES "awslc")
+if (NOT $ENV{S2N_LIBCRYPTO} MATCHES "awslc" AND NOT FUZZ)
     # add cast-qual back in for non AWS-LC
     target_compile_options(${PROJECT_NAME} PRIVATE -Wcast-qual)
 endif()

From c8f48f159dc655c1660c6bb55ac5aa360edf56c2 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 01:01:14 +0000
Subject: [PATCH 08/53] fix libFuzzer path

---
 CMakeLists.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5d2284e92f1..95e81f519ff 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -595,7 +595,8 @@ if (BUILD_TESTING)
 
         # local
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies")
+        # venv
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies/libFuzzer.a")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)

From 50502867f1a2710e0f9db0f69873db4e3d0f2f30 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 01:20:23 +0000
Subject: [PATCH 09/53] fix path

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 95e81f519ff..580eeb54344 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -596,7 +596,7 @@ if (BUILD_TESTING)
         # local
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
         # venv
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies/lib/libFuzzer.a")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)

From 3011893e5e44963a63d87f3f7ccca533a2f02710 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 01:26:25 +0000
Subject: [PATCH 10/53] fix path

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 580eeb54344..d72ed1e9bb9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -596,7 +596,7 @@ if (BUILD_TESTING)
         # local
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
         # venv
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz_dependencies/lib/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/fuzz_dependencies/lib/libFuzzer.a")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)

From 1015d0f975f2741194a5e999bc30b68ebc401833 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 18:08:07 +0000
Subject: [PATCH 11/53] fix path

---
 CMakeLists.txt | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d72ed1e9bb9..e2a6b1fecb4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -594,9 +594,9 @@ if (BUILD_TESTING)
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         # local
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libFuzzer.a")
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libfuzzer/lib/libFuzzer.a")
         # venv
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/fuzz_dependencies/lib/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/../libfuzzer/lib/libFuzzer.a")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
@@ -645,7 +645,8 @@ if (BUILD_TESTING)
             #     testss2n  
             #     -fsanitize=fuzzer,address,undefined,leak
             # )
-
+            
+            # Link with testss2n and manually link libFuzzer.a
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
@@ -653,8 +654,6 @@ if (BUILD_TESTING)
                 -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
                 -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99
             )
-
-            # Link with testss2n and manually link libFuzzer.a
             target_link_libraries(${TEST_NAME} PRIVATE 
                 testss2n  
                 ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a

From 3148e8a1db89953ac609ca98cb2ddce8d66beefd Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 18:14:25 +0000
Subject: [PATCH 12/53] fix path

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e2a6b1fecb4..6ba6b8ce464 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -596,7 +596,7 @@ if (BUILD_TESTING)
         # local
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libfuzzer/lib/libFuzzer.a")
         # venv
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/../libfuzzer/lib/libFuzzer.a")
+        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/libfuzzer/lib/libFuzzer.a")
         
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)

From 219519e51cdf8eee2103235f13c755b4ecbe7cf3 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 20 Aug 2024 18:26:11 +0000
Subject: [PATCH 13/53] use absolute path for testing

---
 CMakeLists.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6ba6b8ce464..ee894745511 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -596,8 +596,9 @@ if (BUILD_TESTING)
         # local
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libfuzzer/lib/libFuzzer.a")
         # venv
-        set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/libfuzzer/lib/libFuzzer.a")
-        
+        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/libfuzzer/lib/libFuzzer.a")
+        set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
+        message("Current CMake Source Path: ${CMAKE_CURRENT_SOURCE_DIR}")
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
             set(FUZZ_TIMEOUT_SEC 60)

From 67adc102caad07937f37bb828fd62de7fbf590de Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 22 Aug 2024 23:43:18 +0000
Subject: [PATCH 14/53] fuzz with cmake

---
 CMakeLists.txt                           | 62 ++++++++++++-------
 tests/fuzz/LD_PRELOAD/global_overrides.c | 14 ++++-
 tests/fuzz/runFuzzTest.sh                | 76 ++++++++++++------------
 3 files changed, 91 insertions(+), 61 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ee894745511..55e3aacb8c2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -184,7 +184,8 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_UNSAFE_FUZZING_MODE)
-    target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak -fuse-ld=gold -DS2N_ADDRESS_SANITIZER=1)
+    target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
+    target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
 endif()
 
 if(TSAN)
@@ -209,7 +210,7 @@ endif()
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
 
-if (NOT $ENV{S2N_LIBCRYPTO} MATCHES "awslc" AND NOT FUZZ)
+if (NOT $ENV{S2N_LIBCRYPTO} MATCHES "awslc")
     # add cast-qual back in for non AWS-LC
     target_compile_options(${PROJECT_NAME} PRIVATE -Wcast-qual)
 endif()
@@ -588,20 +589,27 @@ if (BUILD_TESTING)
         endforeach()
     endif()
 
-    option(FUZZ "Enable Fuzz Testing with libFuzzer" OFF)
     if(FUZZ)
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
-        # local
+        file(GLOB TESTLIB_SRC "tests/testlib/*.c")
+        file(GLOB TESTLIB_HEADERS "tests/testlib/*.h" "tests/s2n_test.h")
+
+        add_library(fuzztest STATIC ${TESTLIB_HEADERS} ${TESTLIB_SRC})
+        target_include_directories(fuzztest PUBLIC tests)
+        target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
+
+        # if linking libfuzzer locally:
         # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libfuzzer/lib/libFuzzer.a")
-        # venv
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/libfuzzer/lib/libFuzzer.a")
-        set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
-        message("Current CMake Source Path: ${CMAKE_CURRENT_SOURCE_DIR}")
+        set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
+        # if linking libfuzzer in CI:
+        # set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
+
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
-            set(FUZZ_TIMEOUT_SEC 60)
+            # choose shorter duration for testing
+            set(FUZZ_TIMEOUT_SEC 30)
         endif()
 
         if(NOT DEFINED CORPUS_UPLOAD_LOC)
@@ -618,33 +626,46 @@ if (BUILD_TESTING)
 
         # Build LD_PRELOAD shared libraries (need to add other preloads as well)
         file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
-
         add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
 
+        target_compile_options(global_overrides PRIVATE 
+            -Wno-unreachable-code -O0 -shared -fPIC
+        )   
+
         # Ensure the overriding library is stored in the expected directory without "lib" prefix
         set_target_properties(global_overrides PROPERTIES
             PREFIX ""
             LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD
-            POSITION_INDEPENDENT_CODE ON
         )
 
-        target_link_libraries(global_overrides PRIVATE testss2n -ldl)
+        target_include_directories(global_overrides PRIVATE ./)
+        # target_include_directories(global_overrides PRIVATE utils)
+        # target_include_directories(global_overrides PRIVATE api)
+
+        # target_link_libraries(global_overrides PRIVATE ${UTILS_SRC})
+        target_link_libraries(global_overrides PRIVATE fuzztest)
 
         set(CMAKE_C_COMPILER clang)
-        set(CMAKE_CXX_COMPILER clang)
 
         foreach(src ${FUZZ_TEST_SRCS})
             get_filename_component(TEST_NAME ${src} NAME_WE)
 
             add_executable(${TEST_NAME} ${src})
+            target_include_directories(${TEST_NAME} PRIVATE ./)
+            # target_link_libraries(${TEST_NAME} PRIVATE fuzztest)
+
+            # target_include_directories(${TEST_NAME} PRIVATE ./)
+            # target_include_directories(${TEST_NAME} PRIVATE tests)
+            # target_include_directories(${TEST_NAME} PRIVATE tests/testlib)
+            # target_include_directories(${TEST_NAME} PRIVATE api)
 
             # automatically link libFuzzer that comes with clang
-            # target_compile_options(${TEST_NAME} PRIVATE 
-            #     -g -O0 -fsanitize=fuzzer,address,undefined,leak
+            # target_compile_options(${TEST_NAME} PUBLIC 
+            #     -g -fsanitize=fuzzer
             # )
-            # target_link_libraries(${TEST_NAME} PRIVATE 
-            #     testss2n  
-            #     -fsanitize=fuzzer,address,undefined,leak
+            # target_link_libraries(${TEST_NAME} PUBLIC 
+            #     fuzztest
+            #     -fsanitize=fuzzer
             # )
             
             # Link with testss2n and manually link libFuzzer.a
@@ -652,11 +673,10 @@ if (BUILD_TESTING)
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
                 -Wno-cast-qual  # Suppress the cast-qual warning
-                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
-                -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
-                testss2n  
+                fuzztest
                 ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a
                 -lstdc++
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak
diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c
index 83a826556b1..1e5d7e14dda 100644
--- a/tests/fuzz/LD_PRELOAD/global_overrides.c
+++ b/tests/fuzz/LD_PRELOAD/global_overrides.c
@@ -28,7 +28,8 @@
 #include "utils/s2n_random.h"
 
 S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
-
+    // printf("Overloaded drbg generate!");
+    exit(1);
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -40,6 +41,8 @@ S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
 
 int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent)
 {
+    // printf("Overloaded stuffer send!");
+    exit(2);
     /* Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip
      * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read.
      */
@@ -58,7 +61,8 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
 }
 
 S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
-
+    // printf("Overloaded random data!");
+    exit(3);
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -68,3 +72,9 @@ S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
     }
     return S2N_RESULT_OK;
 }
+
+struct s2n_connection *s2n_connection_new(s2n_mode mode)
+{
+    printf("Debugging!!!");
+    exit(2);
+}
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 79a275defc5..8bfb5bff508 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -99,43 +99,43 @@ else
     cp -r ./corpus/${TEST_NAME}/. "${TEMP_CORPUS_DIR}"
 fi
 
-# Run AFL instead of libfuzzer if AFL_FUZZ is set. Not compatible with fuzz coverage.
-if [[ ${AFL_FUZZ} == "true" && ${FUZZ_COVERAGE} != "true" ]]; then
-    unset LD_PRELOAD
-    # See https://aflplus.plus/docs/env_variables/
-    export AFL_NO_UI=true
-    export AFL_HARDEN=true
-    printf "Running AFL %-s %-40s for %5d sec... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC}
-    mkdir -p results/${TEST_NAME}
-    set +e
-    timeout ${FUZZ_TIMEOUT_SEC} ${LIBFUZZER_INSTALL_DIR}/afl-fuzz -i corpus/${TEST_NAME} -o results/${TEST_NAME} -m none ./${TEST_NAME}  2>&1> ./results/${TEST_NAME}/console_output.log
-    returncode=$?
-    # See the timeout man page for specifics
-    if [[ ${returncode} -ne 124 ]]; then
-        printf "\033[33;1mWARNING!\033[0m AFL exited with an unexpected return value: %8d" ${returncode}
-    fi
-    set -e
-    CRASH_COUNT=$(sed -n -e 's/^unique_crashes *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-    TEST_COUNT=$(sed -n -e 's/^execs_done *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-    FLOAT_TESTS_PER_SEC=$(sed -n -e 's/^execs_per_sec *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-    TESTS_PER_SEC=$(echo "($FLOAT_TESTS_PER_SEC+.5)/1"|bc)
-
-    if [[ ${TESTS_PER_SEC} -lt 10 ]]; then
-        printf "\033[33;1mWARNING!\033[0m %10d tests, only %6d tests per second; test is too slow.\n" ${TEST_COUNT} ${TESTS_PER_SEC}
-    fi
-    if [[ ${CRASH_COUNT} -gt 0 ]]; then
-        ACTUAL_TEST_FAILURE=1
-    fi
-    if [[ ${ACTUAL_TEST_FAILURE} == ${EXPECTED_TEST_FAILURE} ]]; then
-        printf "\033[32;1mPASSED\033[0m %8d tests, %.1f test/sec\n" ${TEST_COUNT} ${TESTS_PER_SEC}
-        exit 0
-    else
-        printf "\033[31;1mFAILED\033[0m %10d tests, %6d unique crashes\n" ${TEST_COUNT} ${CRASH_COUNT}
-        exit -1
-    fi
-else
-    printf "Running %-s %-40s for %5d sec with %2d threads... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} ${NUM_CPU_THREADS}
-fi
+# # Run AFL instead of libfuzzer if AFL_FUZZ is set. Not compatible with fuzz coverage.
+# if [[ ${AFL_FUZZ} == "true" && ${FUZZ_COVERAGE} != "true" ]]; then
+#     unset LD_PRELOAD
+#     # See https://aflplus.plus/docs/env_variables/
+#     export AFL_NO_UI=true
+#     export AFL_HARDEN=true
+#     printf "Running AFL %-s %-40s for %5d sec... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC}
+#     mkdir -p results/${TEST_NAME}
+#     set +e
+#     timeout ${FUZZ_TIMEOUT_SEC} ${LIBFUZZER_INSTALL_DIR}/afl-fuzz -i corpus/${TEST_NAME} -o results/${TEST_NAME} -m none ./${TEST_NAME}  2>&1> ./results/${TEST_NAME}/console_output.log
+#     returncode=$?
+#     # See the timeout man page for specifics
+#     if [[ ${returncode} -ne 124 ]]; then
+#         printf "\033[33;1mWARNING!\033[0m AFL exited with an unexpected return value: %8d" ${returncode}
+#     fi
+#     set -e
+#     CRASH_COUNT=$(sed -n -e 's/^unique_crashes *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+#     TEST_COUNT=$(sed -n -e 's/^execs_done *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+#     FLOAT_TESTS_PER_SEC=$(sed -n -e 's/^execs_per_sec *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+#     TESTS_PER_SEC=$(echo "($FLOAT_TESTS_PER_SEC+.5)/1"|bc)
+
+#     if [[ ${TESTS_PER_SEC} -lt 10 ]]; then
+#         printf "\033[33;1mWARNING!\033[0m %10d tests, only %6d tests per second; test is too slow.\n" ${TEST_COUNT} ${TESTS_PER_SEC}
+#     fi
+#     if [[ ${CRASH_COUNT} -gt 0 ]]; then
+#         ACTUAL_TEST_FAILURE=1
+#     fi
+#     if [[ ${ACTUAL_TEST_FAILURE} == ${EXPECTED_TEST_FAILURE} ]]; then
+#         printf "\033[32;1mPASSED\033[0m %8d tests, %.1f test/sec\n" ${TEST_COUNT} ${TESTS_PER_SEC}
+#         exit 0
+#     else
+#         printf "\033[31;1mFAILED\033[0m %10d tests, %6d unique crashes\n" ${TEST_COUNT} ${CRASH_COUNT}
+#         exit -1
+#     fi
+# else
+#     printf "Running %-s %-40s for %5d sec with %2d threads... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} ${NUM_CPU_THREADS}
+# fi
 
 # Setup and clean profile structure if FUZZ_COVERAGE is enabled, otherwise run as normal
 if [[ "$FUZZ_COVERAGE" == "true" ]]; then
@@ -143,7 +143,7 @@ if [[ "$FUZZ_COVERAGE" == "true" ]]; then
     rm -f ./profiles/${TEST_NAME}/*.profraw
     LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 else
-    ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
+    ./${TEST_NAME} ${LIBFUZZER_ARGS} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 fi
 
 TEST_INFO=$(

From fe8ca3a57f3a72aaa6ea355bad30503264a9bf54 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Mon, 26 Aug 2024 17:33:35 +0000
Subject: [PATCH 15/53] start fuzzing with existing  corpus

---
 CMakeLists.txt                           | 22 +++++++++-------------
 tests/fuzz/LD_PRELOAD/global_overrides.c | 19 ++++++++-----------
 tests/fuzz/runFuzzTest.sh                |  2 +-
 3 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 55e3aacb8c2..0a5e036c034 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -186,6 +186,7 @@ endif()
 if(S2N_UNSAFE_FUZZING_MODE)
     target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
     target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
+    # -fuse-ld=gold -DS2N_ADDRESS_SANITIZER=1
 endif()
 
 if(TSAN)
@@ -628,23 +629,23 @@ if (BUILD_TESTING)
         file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
         add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
 
-        target_compile_options(global_overrides PRIVATE 
+        target_compile_options(global_overrides PRIVATE
+            # -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
             -Wno-unreachable-code -O0 -shared -fPIC
         )   
 
+        target_include_directories(global_overrides PRIVATE ./)
+
+        target_link_libraries(global_overrides PRIVATE 
+            fuzztest
+        )
+
         # Ensure the overriding library is stored in the expected directory without "lib" prefix
         set_target_properties(global_overrides PROPERTIES
             PREFIX ""
             LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD
         )
 
-        target_include_directories(global_overrides PRIVATE ./)
-        # target_include_directories(global_overrides PRIVATE utils)
-        # target_include_directories(global_overrides PRIVATE api)
-
-        # target_link_libraries(global_overrides PRIVATE ${UTILS_SRC})
-        target_link_libraries(global_overrides PRIVATE fuzztest)
-
         set(CMAKE_C_COMPILER clang)
 
         foreach(src ${FUZZ_TEST_SRCS})
@@ -654,11 +655,6 @@ if (BUILD_TESTING)
             target_include_directories(${TEST_NAME} PRIVATE ./)
             # target_link_libraries(${TEST_NAME} PRIVATE fuzztest)
 
-            # target_include_directories(${TEST_NAME} PRIVATE ./)
-            # target_include_directories(${TEST_NAME} PRIVATE tests)
-            # target_include_directories(${TEST_NAME} PRIVATE tests/testlib)
-            # target_include_directories(${TEST_NAME} PRIVATE api)
-
             # automatically link libFuzzer that comes with clang
             # target_compile_options(${TEST_NAME} PUBLIC 
             #     -g -fsanitize=fuzzer
diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c
index 1e5d7e14dda..91f39788ce2 100644
--- a/tests/fuzz/LD_PRELOAD/global_overrides.c
+++ b/tests/fuzz/LD_PRELOAD/global_overrides.c
@@ -28,8 +28,7 @@
 #include "utils/s2n_random.h"
 
 S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
-    // printf("Overloaded drbg generate!");
-    exit(1);
+    // exit(2);
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -41,8 +40,7 @@ S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
 
 int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent)
 {
-    // printf("Overloaded stuffer send!");
-    exit(2);
+    // exit(2);
     /* Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip
      * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read.
      */
@@ -61,8 +59,7 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
 }
 
 S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
-    // printf("Overloaded random data!");
-    exit(3);
+    // exit(2);
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -73,8 +70,8 @@ S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
     return S2N_RESULT_OK;
 }
 
-struct s2n_connection *s2n_connection_new(s2n_mode mode)
-{
-    printf("Debugging!!!");
-    exit(2);
-}
+// struct s2n_connection *s2n_connection_new(s2n_mode mode)
+// {
+//     printf("Debugging!!!");
+//     exit(2);
+// }
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 8bfb5bff508..54921bb8a1c 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -143,7 +143,7 @@ if [[ "$FUZZ_COVERAGE" == "true" ]]; then
     rm -f ./profiles/${TEST_NAME}/*.profraw
     LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 else
-    ./${TEST_NAME} ${LIBFUZZER_ARGS} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
+    ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 fi
 
 TEST_INFO=$(

From 5a38fdf7834a46fd7f7488f4a5dac494fe6506a1 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 27 Aug 2024 00:09:35 +0000
Subject: [PATCH 16/53] add LD_LIBRARY paths

---
 CMakeLists.txt | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0a5e036c034..d8f576dc888 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,6 +39,7 @@ option(S2N_INSTALL_S2NC_S2ND "Install the binaries s2nc and s2nd" OFF)
 option(S2N_USE_CRYPTO_SHARED_LIBS "For S2N to use shared libs in Findcrypto" OFF)
 option(TSAN "Enable ThreadSanitizer to test thread safety" OFF)
 option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
+option(FUZZ "Build fuzz test" OFF)
 
 # Turn BUILD_TESTING=ON by default
 include(CTest)
@@ -625,21 +626,29 @@ if (BUILD_TESTING)
             set(FUZZ_TESTS "${TESTS}")
         endif()
 
-        # Build LD_PRELOAD shared libraries (need to add other preloads as well)
+        # Build LD_PRELOAD shared libraries
+        # file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
         file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
-        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
 
-        target_compile_options(global_overrides PRIVATE
-            # -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
-            -Wno-unreachable-code -O0 -shared -fPIC
-        )   
-
-        target_include_directories(global_overrides PRIVATE ./)
+        # adding the source files will cause multiple definition error
+        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS} ${S2N_HEADERS} ${S2N_SRC})
+        # not adding the source file will cause undefined symbol error
+        # add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
 
-        target_link_libraries(global_overrides PRIVATE 
-            fuzztest
+        target_include_directories(global_overrides PRIVATE
+            ${CMAKE_CURRENT_SOURCE_DIR}
+            ${CMAKE_CURRENT_SOURCE_DIR}/api
+            # ${LIBCRYPTO_ROOT}/include
         )
 
+        # Set the link options, ignoring duplicate definitions. Not recommended
+        # target_link_options(global_overrides PRIVATE -Wl,--allow-multiple-definition)
+        # -ldl doesn't seem to be used by fuzz test
+        # target_link_options(global_overrides PRIVATE -ldl)
+        target_compile_options(global_overrides PRIVATE
+            -Wno-unreachable-code -O0 -fPIC -Wno-deprecated-declarations
+        )   
+
         # Ensure the overriding library is stored in the expected directory without "lib" prefix
         set_target_properties(global_overrides PROPERTIES
             PREFIX ""
@@ -691,6 +700,9 @@ if (BUILD_TESTING)
             add_custom_command(
                 OUTPUT ${TEST_NAME}_result
                 COMMAND ${CMAKE_COMMAND} -E env
+                    DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
+                    LD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{LD_LIBRARY_PATH}
+                    # what is Cmake equivalent of $(LIBCRYPTO_ROOT)?
                     bash ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh
                     ${TEST_NAME}
                     ${FUZZ_TIMEOUT_SEC}

From ae440d3d72b67d89f18d54c0e0542cffb5a1aa1e Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 27 Aug 2024 20:01:08 +0000
Subject: [PATCH 17/53] set visibility to default if fuzzing

---
 CMakeLists.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d8f576dc888..62ca16d3ca6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -146,7 +146,7 @@ elseif (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
     target_compile_options(${PROJECT_NAME} PRIVATE -Werror )
 endif ()
 
-if(BUILD_TESTING AND BUILD_SHARED_LIBS)
+if(BUILD_TESTING AND BUILD_SHARED_LIBS OR S2N_UNSAFE_FUZZING_MODE)
     target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=default)
 else()
     target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=hidden -DS2N_EXPORTS)
@@ -591,7 +591,7 @@ if (BUILD_TESTING)
         endforeach()
     endif()
 
-    if(FUZZ)
+    if(S2N_UNSAFE_FUZZING_MODE)
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
@@ -603,7 +603,6 @@ if (BUILD_TESTING)
         target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
 
         # if linking libfuzzer locally:
-        # set(LIBFUZZER_LIB "${CMAKE_CURRENT_SOURCE_DIR}/test-deps/libfuzzer/lib/libFuzzer.a")
         set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
         # if linking libfuzzer in CI:
         # set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
@@ -628,12 +627,13 @@ if (BUILD_TESTING)
 
         # Build LD_PRELOAD shared libraries
         # file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
+        # build just the global one first
         file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
 
         # adding the source files will cause multiple definition error
-        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS} ${S2N_HEADERS} ${S2N_SRC})
+        # add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS} ${S2N_HEADERS} ${S2N_SRC})
         # not adding the source file will cause undefined symbol error
-        # add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
+        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
 
         target_include_directories(global_overrides PRIVATE
             ${CMAKE_CURRENT_SOURCE_DIR}

From a99f12cb2d255e778355827f803ce3675dccbbed Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 27 Aug 2024 20:35:33 +0000
Subject: [PATCH 18/53] apply correct Wno flags

---
 CMakeLists.txt | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 62ca16d3ca6..6760885aef7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -187,7 +187,6 @@ endif()
 if(S2N_UNSAFE_FUZZING_MODE)
     target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
     target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
-    # -fuse-ld=gold -DS2N_ADDRESS_SANITIZER=1
 endif()
 
 if(TSAN)
@@ -677,8 +676,7 @@ if (BUILD_TESTING)
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
-                -Wno-cast-qual  # Suppress the cast-qual warning
-                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest

From 52a531b989796f3883fe52871e9c6c4641236f1a Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 28 Aug 2024 19:56:46 +0000
Subject: [PATCH 19/53] make function format consistent

---
 tests/fuzz/LD_PRELOAD/global_overrides.c | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c
index 91f39788ce2..ca12925bf84 100644
--- a/tests/fuzz/LD_PRELOAD/global_overrides.c
+++ b/tests/fuzz/LD_PRELOAD/global_overrides.c
@@ -27,8 +27,8 @@
 #include "utils/s2n_safety.h"
 #include "utils/s2n_random.h"
 
-S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
-    // exit(2);
+S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
+{
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -40,7 +40,6 @@ S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
 
 int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent)
 {
-    // exit(2);
     /* Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip
      * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read.
      */
@@ -58,8 +57,8 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
     return S2N_SUCCESS;
 }
 
-S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
-    // exit(2);
+S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob)
+{
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -69,9 +68,3 @@ S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
     }
     return S2N_RESULT_OK;
 }
-
-// struct s2n_connection *s2n_connection_new(s2n_mode mode)
-// {
-//     printf("Debugging!!!");
-//     exit(2);
-// }

From 2827df1d8b89800553ccb118da31f570bc427243 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 28 Aug 2024 22:41:33 +0000
Subject: [PATCH 20/53] limit scope of LD_PRELOAD path for cmake

---
 tests/fuzz/runFuzzTest.sh | 80 +++++++++++++++++++--------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 54921bb8a1c..e0fe246c057 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -54,9 +54,9 @@ FUZZCOV_SOURCES="${S2N_ROOT}/api ${S2N_ROOT}/bin ${S2N_ROOT}/crypto ${S2N_ROOT}/
 
 if [ -e $TEST_SPECIFIC_OVERRIDES ];
 then
-    export LD_PRELOAD="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES"
+    export LD_PRELOAD_="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES"
 else
-    export LD_PRELOAD="$GLOBAL_OVERRIDES"
+    export LD_PRELOAD_="$GLOBAL_OVERRIDES"
 fi
 
 FIPS_TEST_MSG=""
@@ -99,43 +99,43 @@ else
     cp -r ./corpus/${TEST_NAME}/. "${TEMP_CORPUS_DIR}"
 fi
 
-# # Run AFL instead of libfuzzer if AFL_FUZZ is set. Not compatible with fuzz coverage.
-# if [[ ${AFL_FUZZ} == "true" && ${FUZZ_COVERAGE} != "true" ]]; then
-#     unset LD_PRELOAD
-#     # See https://aflplus.plus/docs/env_variables/
-#     export AFL_NO_UI=true
-#     export AFL_HARDEN=true
-#     printf "Running AFL %-s %-40s for %5d sec... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC}
-#     mkdir -p results/${TEST_NAME}
-#     set +e
-#     timeout ${FUZZ_TIMEOUT_SEC} ${LIBFUZZER_INSTALL_DIR}/afl-fuzz -i corpus/${TEST_NAME} -o results/${TEST_NAME} -m none ./${TEST_NAME}  2>&1> ./results/${TEST_NAME}/console_output.log
-#     returncode=$?
-#     # See the timeout man page for specifics
-#     if [[ ${returncode} -ne 124 ]]; then
-#         printf "\033[33;1mWARNING!\033[0m AFL exited with an unexpected return value: %8d" ${returncode}
-#     fi
-#     set -e
-#     CRASH_COUNT=$(sed -n -e 's/^unique_crashes *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-#     TEST_COUNT=$(sed -n -e 's/^execs_done *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-#     FLOAT_TESTS_PER_SEC=$(sed -n -e 's/^execs_per_sec *: //p' ./results/${TEST_NAME}/fuzzer_stats)
-#     TESTS_PER_SEC=$(echo "($FLOAT_TESTS_PER_SEC+.5)/1"|bc)
-
-#     if [[ ${TESTS_PER_SEC} -lt 10 ]]; then
-#         printf "\033[33;1mWARNING!\033[0m %10d tests, only %6d tests per second; test is too slow.\n" ${TEST_COUNT} ${TESTS_PER_SEC}
-#     fi
-#     if [[ ${CRASH_COUNT} -gt 0 ]]; then
-#         ACTUAL_TEST_FAILURE=1
-#     fi
-#     if [[ ${ACTUAL_TEST_FAILURE} == ${EXPECTED_TEST_FAILURE} ]]; then
-#         printf "\033[32;1mPASSED\033[0m %8d tests, %.1f test/sec\n" ${TEST_COUNT} ${TESTS_PER_SEC}
-#         exit 0
-#     else
-#         printf "\033[31;1mFAILED\033[0m %10d tests, %6d unique crashes\n" ${TEST_COUNT} ${CRASH_COUNT}
-#         exit -1
-#     fi
-# else
-#     printf "Running %-s %-40s for %5d sec with %2d threads... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} ${NUM_CPU_THREADS}
-# fi
+# Run AFL instead of libfuzzer if AFL_FUZZ is set. Not compatible with fuzz coverage.
+if [[ ${AFL_FUZZ} == "true" && ${FUZZ_COVERAGE} != "true" ]]; then
+    unset LD_PRELOAD
+    # See https://aflplus.plus/docs/env_variables/
+    export AFL_NO_UI=true
+    export AFL_HARDEN=true
+    printf "Running AFL %-s %-40s for %5d sec... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC}
+    mkdir -p results/${TEST_NAME}
+    set +e
+    timeout ${FUZZ_TIMEOUT_SEC} ${LIBFUZZER_INSTALL_DIR}/afl-fuzz -i corpus/${TEST_NAME} -o results/${TEST_NAME} -m none ./${TEST_NAME}  2>&1> ./results/${TEST_NAME}/console_output.log
+    returncode=$?
+    # See the timeout man page for specifics
+    if [[ ${returncode} -ne 124 ]]; then
+        printf "\033[33;1mWARNING!\033[0m AFL exited with an unexpected return value: %8d" ${returncode}
+    fi
+    set -e
+    CRASH_COUNT=$(sed -n -e 's/^unique_crashes *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+    TEST_COUNT=$(sed -n -e 's/^execs_done *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+    FLOAT_TESTS_PER_SEC=$(sed -n -e 's/^execs_per_sec *: //p' ./results/${TEST_NAME}/fuzzer_stats)
+    TESTS_PER_SEC=$(echo "($FLOAT_TESTS_PER_SEC+.5)/1"|bc)
+
+    if [[ ${TESTS_PER_SEC} -lt 10 ]]; then
+        printf "\033[33;1mWARNING!\033[0m %10d tests, only %6d tests per second; test is too slow.\n" ${TEST_COUNT} ${TESTS_PER_SEC}
+    fi
+    if [[ ${CRASH_COUNT} -gt 0 ]]; then
+        ACTUAL_TEST_FAILURE=1
+    fi
+    if [[ ${ACTUAL_TEST_FAILURE} == ${EXPECTED_TEST_FAILURE} ]]; then
+        printf "\033[32;1mPASSED\033[0m %8d tests, %.1f test/sec\n" ${TEST_COUNT} ${TESTS_PER_SEC}
+        exit 0
+    else
+        printf "\033[31;1mFAILED\033[0m %10d tests, %6d unique crashes\n" ${TEST_COUNT} ${CRASH_COUNT}
+        exit -1
+    fi
+else
+    printf "Running %-s %-40s for %5d sec with %2d threads... " "${FIPS_TEST_MSG}" ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} ${NUM_CPU_THREADS}
+fi
 
 # Setup and clean profile structure if FUZZ_COVERAGE is enabled, otherwise run as normal
 if [[ "$FUZZ_COVERAGE" == "true" ]]; then
@@ -143,7 +143,7 @@ if [[ "$FUZZ_COVERAGE" == "true" ]]; then
     rm -f ./profiles/${TEST_NAME}/*.profraw
     LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 else
-    ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
+    env LD_PRELOAD="$LD_PRELOAD_" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 fi
 
 TEST_INFO=$(

From 2d5d8f203c8e67fa3639460c2d946ccb3bc64d1d Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 28 Aug 2024 22:48:10 +0000
Subject: [PATCH 21/53] cleanup output

---
 CMakeLists.txt | 49 ++++++++++++++++++-------------------------------
 1 file changed, 18 insertions(+), 31 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6760885aef7..35ac8f5c581 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -185,6 +185,7 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_UNSAFE_FUZZING_MODE)
+    # set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
     target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
     target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
 endif()
@@ -597,7 +598,7 @@ if (BUILD_TESTING)
         file(GLOB TESTLIB_SRC "tests/testlib/*.c")
         file(GLOB TESTLIB_HEADERS "tests/testlib/*.h" "tests/s2n_test.h")
 
-        add_library(fuzztest STATIC ${TESTLIB_HEADERS} ${TESTLIB_SRC})
+        add_library(fuzztest SHARED ${TESTLIB_HEADERS} ${TESTLIB_SRC})
         target_include_directories(fuzztest PUBLIC tests)
         target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
 
@@ -608,7 +609,6 @@ if (BUILD_TESTING)
 
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
-            # choose shorter duration for testing
             set(FUZZ_TIMEOUT_SEC 30)
         endif()
 
@@ -625,34 +625,25 @@ if (BUILD_TESTING)
         endif()
 
         # Build LD_PRELOAD shared libraries
-        # file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
-        # build just the global one first
-        file(GLOB GLOBAL_OVERRIDES_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/global_overrides.c")
-
-        # adding the source files will cause multiple definition error
-        # add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS} ${S2N_HEADERS} ${S2N_SRC})
-        # not adding the source file will cause undefined symbol error
-        add_library(global_overrides SHARED ${GLOBAL_OVERRIDES_SRCS})
-
-        target_include_directories(global_overrides PRIVATE
+        include_directories(
             ${CMAKE_CURRENT_SOURCE_DIR}
             ${CMAKE_CURRENT_SOURCE_DIR}/api
-            # ${LIBCRYPTO_ROOT}/include
-        )
-
-        # Set the link options, ignoring duplicate definitions. Not recommended
-        # target_link_options(global_overrides PRIVATE -Wl,--allow-multiple-definition)
-        # -ldl doesn't seem to be used by fuzz test
-        # target_link_options(global_overrides PRIVATE -ldl)
-        target_compile_options(global_overrides PRIVATE
-            -Wno-unreachable-code -O0 -fPIC -Wno-deprecated-declarations
-        )   
-
-        # Ensure the overriding library is stored in the expected directory without "lib" prefix
-        set_target_properties(global_overrides PROPERTIES
-            PREFIX ""
-            LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD
         )
+        set(LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD)
+        file(GLOB LIBRARY_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
+        foreach(SRC ${LIBRARY_SRCS})
+            get_filename_component(LIB_NAME ${SRC} NAME_WE)
+            add_library(${LIB_NAME} SHARED ${SRC})
+
+            # Set the output directory and remove the default "lib" prefix
+            set_target_properties(${LIB_NAME} PROPERTIES
+                PREFIX ""
+                LIBRARY_OUTPUT_DIRECTORY ${LIBRARY_OUTPUT_DIRECTORY}
+            )
+            target_compile_options(${LIB_NAME} PRIVATE
+                -Wno-unreachable-code -O0 -fPIC -Wno-deprecated-declarations -fvisibility=default
+            )
+        endforeach()
 
         set(CMAKE_C_COMPILER clang)
 
@@ -672,7 +663,6 @@ if (BUILD_TESTING)
             #     -fsanitize=fuzzer
             # )
             
-            # Link with testss2n and manually link libFuzzer.a
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
                 -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
@@ -700,7 +690,6 @@ if (BUILD_TESTING)
                 COMMAND ${CMAKE_COMMAND} -E env
                     DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
                     LD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{LD_LIBRARY_PATH}
-                    # what is Cmake equivalent of $(LIBCRYPTO_ROOT)?
                     bash ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh
                     ${TEST_NAME}
                     ${FUZZ_TIMEOUT_SEC}
@@ -712,7 +701,6 @@ if (BUILD_TESTING)
 
             add_custom_target(run_${TEST_NAME}
                 DEPENDS ${TEST_NAME}_result
-                COMMENT "Fuzz test ${TEST_NAME} completed"
             )
 
             list(APPEND FUZZ_TEST_TARGETS run_${TEST_NAME})
@@ -721,7 +709,6 @@ if (BUILD_TESTING)
         # This will run all fuzz tests
         add_custom_target(run_fuzz
             DEPENDS ${FUZZ_TEST_TARGETS}
-            COMMENT "Running all fuzz tests"
         )
     endif()
 endif()

From 46650fe83ab3a4e406b105962b4df70846ffeb1b Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 28 Aug 2024 22:48:32 +0000
Subject: [PATCH 22/53] address symbol undefined error

---
 utils/s2n_result.c |  6 ------
 utils/s2n_result.h | 12 +++++++++++-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/utils/s2n_result.c b/utils/s2n_result.c
index 47d53f27fbd..b1dc8966e39 100644
--- a/utils/s2n_result.c
+++ b/utils/s2n_result.c
@@ -82,12 +82,6 @@
 
 #include "api/s2n.h"
 
-/* returns true when the result is S2N_RESULT_OK */
-inline bool s2n_result_is_ok(s2n_result result)
-{
-    return result.__error_signal == S2N_SUCCESS;
-}
-
 /* returns true when the result is S2N_RESULT_ERROR */
 inline bool s2n_result_is_error(s2n_result result)
 {
diff --git a/utils/s2n_result.h b/utils/s2n_result.h
index 32120a88478..5f6374356d3 100644
--- a/utils/s2n_result.h
+++ b/utils/s2n_result.h
@@ -36,8 +36,18 @@ typedef struct {
     #define S2N_RESULT_MUST_USE
 #endif
 
+#ifdef S2N_DIAGNOSTICS_PUSH_SUPPORTED
+    #pragma GCC diagnostic push
+    #pragma GCC diagnostic ignored "-Wunused-function"
+#endif
 /* returns true when the result is S2N_RESULT_OK */
-S2N_RESULT_MUST_USE bool s2n_result_is_ok(s2n_result result);
+S2N_RESULT_MUST_USE static bool s2n_result_is_ok(s2n_result result)
+{
+    return result.__error_signal == S2N_SUCCESS;
+}
+#ifdef S2N_DIAGNOSTICS_POP_SUPPORTED
+    #pragma GCC diagnostic pop
+#endif
 
 /* returns true when the result is S2N_RESULT_ERROR */
 S2N_RESULT_MUST_USE bool s2n_result_is_error(s2n_result result);

From 64942e39111289a017600150b41b03fc448fdfb2 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 28 Aug 2024 23:57:30 +0000
Subject: [PATCH 23/53] cleanup

---
 CMakeLists.txt | 26 ++++----------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35ac8f5c581..24a8d020abe 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -185,7 +185,6 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_UNSAFE_FUZZING_MODE)
-    # set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
     target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
     target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
 endif()
@@ -602,14 +601,12 @@ if (BUILD_TESTING)
         target_include_directories(fuzztest PUBLIC tests)
         target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
 
-        # if linking libfuzzer locally:
-        set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
-        # if linking libfuzzer in CI:
-        # set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
+        # linking libfuzzer in CI:
+        set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
 
         # Set default values for fuzzing if not defined
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
-            set(FUZZ_TIMEOUT_SEC 30)
+            set(FUZZ_TIMEOUT_SEC 120)
         endif()
 
         if(NOT DEFINED CORPUS_UPLOAD_LOC)
@@ -652,16 +649,6 @@ if (BUILD_TESTING)
 
             add_executable(${TEST_NAME} ${src})
             target_include_directories(${TEST_NAME} PRIVATE ./)
-            # target_link_libraries(${TEST_NAME} PRIVATE fuzztest)
-
-            # automatically link libFuzzer that comes with clang
-            # target_compile_options(${TEST_NAME} PUBLIC 
-            #     -g -fsanitize=fuzzer
-            # )
-            # target_link_libraries(${TEST_NAME} PUBLIC 
-            #     fuzztest
-            #     -fsanitize=fuzzer
-            # )
             
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
@@ -696,14 +683,9 @@ if (BUILD_TESTING)
                     ${CORPUS_UPLOAD_LOC}
                     ${ARTIFACT_UPLOAD_LOC}
                 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz
-                COMMENT "Running fuzz test ${TEST_NAME}"
             )
 
-            add_custom_target(run_${TEST_NAME}
-                DEPENDS ${TEST_NAME}_result
-            )
-
-            list(APPEND FUZZ_TEST_TARGETS run_${TEST_NAME})
+            list(APPEND FUZZ_TEST_TARGETS ${TEST_NAME}_result)
         endforeach()
 
         # This will run all fuzz tests

From d733dbee2abeefa32853966cc17f23174dcc7450 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 00:10:18 +0000
Subject: [PATCH 24/53] cleanup PR diff

---
 CMakeLists.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 24a8d020abe..af539de8e6b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,7 +39,6 @@ option(S2N_INSTALL_S2NC_S2ND "Install the binaries s2nc and s2nd" OFF)
 option(S2N_USE_CRYPTO_SHARED_LIBS "For S2N to use shared libs in Findcrypto" OFF)
 option(TSAN "Enable ThreadSanitizer to test thread safety" OFF)
 option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
-option(FUZZ "Build fuzz test" OFF)
 
 # Turn BUILD_TESTING=ON by default
 include(CTest)

From 333359a6d92a9a8ff38367e354bac78c9dc7f1b4 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 00:12:22 +0000
Subject: [PATCH 25/53] remove unused option

---
 tests/fuzz/LD_PRELOAD/global_overrides.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c
index ca12925bf84..81fd8c1cade 100644
--- a/tests/fuzz/LD_PRELOAD/global_overrides.c
+++ b/tests/fuzz/LD_PRELOAD/global_overrides.c
@@ -27,8 +27,7 @@
 #include "utils/s2n_safety.h"
 #include "utils/s2n_random.h"
 
-S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
-{
+S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -57,8 +56,7 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
     return S2N_SUCCESS;
 }
 
-S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob)
-{
+S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob) {
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.

From dbb74c223571d4f72031c03e7210ab1e27a06755 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 00:30:33 +0000
Subject: [PATCH 26/53] fix cmake argument

---
 codebuild/bin/s2n_codebuild.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 898113edc5c..13fcc7e560d 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -117,9 +117,9 @@ run_unit_tests() {
 
 run_fuzz_tests() {
     cmake . -Bbuild \
-            -DCMAKE_BUILD_TYPE=Release \
-            -DCMAKE_INSTALL_PREFIX=./s2n-tls-install \
-            -DFUZZ=on
+            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
+            -DBUILD_SHARED_LIBS=on \
+            -DS2N_UNSAFE_FUZZING_MODE=on
     cmake --build ./build -- -j $(nproc)
     cmake --build build --target run_fuzz 
 }

From 4ec27adcb4e81f4ebac1252d29ca8fb8a4a694be Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 17:34:40 +0000
Subject: [PATCH 27/53] fix cmake command

---
 codebuild/bin/s2n_codebuild.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 13fcc7e560d..911b65c75ba 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -118,7 +118,6 @@ run_unit_tests() {
 run_fuzz_tests() {
     cmake . -Bbuild \
             -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DBUILD_SHARED_LIBS=on \
             -DS2N_UNSAFE_FUZZING_MODE=on
     cmake --build ./build -- -j $(nproc)
     cmake --build build --target run_fuzz 

From caa19335380a6b1419f3178c18ebd3e9b342590a Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 17:34:50 +0000
Subject: [PATCH 28/53] add buildspec for fuzz

---
 codebuild/spec/buildspec_fuzz.yml | 87 +++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 codebuild/spec/buildspec_fuzz.yml

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
new file mode 100644
index 00000000000..5bdfb2f798f
--- /dev/null
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -0,0 +1,87 @@
+---
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
+# this file except in compliance with the License. A copy of the License is
+# located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing permissions and
+# limitations under the License.
+version: 0.2
+
+# This buildspec runs on an Ubuntu22 image. That configuration is a property of
+# the codebuild job itself.
+
+# Codebuild's matrix jobs have non-differentiated names so use batch-list
+# instead.
+
+# Parameter motivation
+
+# COMPILERS
+# We run asan on both gcc and clang because of different features sets for their
+# address sanitizers. Specifically there was a case where GCC was able to detect
+# a memcpy-param-overlap that Clang did not.
+
+# LIBCRYPTOS
+# awslc: happy path libcrypto for s2n-tls
+# openssl 3: s2n-tls takes different code paths for ossl3, so make sure we run 
+#            asan on it. See pr 4033 for a historical motivating example.
+# openssl 1.1.1: a widely deployed version of openssl.
+# openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed.
+
+# CMAKE_BUILD_TYPE
+# RelWithDebInfo: This instructs CMake to do all optimizations (Rel -> Release)
+# along with debug info (DebInfo). Debug info is necessary to get line numbers 
+# in the stack traces that ASAN reports.
+batch:
+  build-list:
+    - identifier: clang_awslc
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: awslc
+          COMPILER: clang
+    - identifier: clang_openssl_3_0
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-3.0
+          COMPILER: clang
+    - identifier: clang_openssl_1_1_1
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-1.1.1
+          COMPILER: clang
+    - identifier: clang_openssl_1_0_2
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-1.0.2
+          COMPILER: clang
+
+phases:
+  pre_build:
+    commands:
+      - |
+        if [ -d "third-party-src" ]; then
+          cd third-party-src;
+          ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
+        fi
+      - /usr/bin/$COMPILER --version
+  build:
+    on-failure: ABORT
+    commands:
+      - |
+            cmake . -Bbuild \
+            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
+            -DS2N_UNSAFE_FUZZING_MODE=on
+      - cmake --build ./build -- -j $(nproc)
+  post_build:
+    on-failure: ABORT
+    commands:
+      - cmake --build build --target run_fuzz 

From 1ff829631abbff862eeccef7c7fa50672fbcaeaa Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 17:39:10 +0000
Subject: [PATCH 29/53] cleanup file diff

---
 tests/fuzz/LD_PRELOAD/global_overrides.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c
index 81fd8c1cade..83a826556b1 100644
--- a/tests/fuzz/LD_PRELOAD/global_overrides.c
+++ b/tests/fuzz/LD_PRELOAD/global_overrides.c
@@ -28,6 +28,7 @@
 #include "utils/s2n_random.h"
 
 S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) {
+
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.
@@ -56,7 +57,8 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
     return S2N_SUCCESS;
 }
 
-S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob) {
+S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob){
+
     /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable.
      * This function should generate non-zero values since this function may be called repeatedly at startup until a
      * non-zero value is generated.

From f15f35401b3f668466d15e627d14d67bdb8d340c Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 17:45:50 +0000
Subject: [PATCH 30/53] remove failing command

---
 codebuild/spec/buildspec_fuzz.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 5bdfb2f798f..2ca3c2704a2 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -72,7 +72,6 @@ phases:
           cd third-party-src;
           ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
         fi
-      - /usr/bin/$COMPILER --version
   build:
     on-failure: ABORT
     commands:

From e0477ef593c5ddb65d15b46afd725adee4c667be Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 18:15:13 +0000
Subject: [PATCH 31/53] use correct docker img

---
 codebuild/spec/buildspec_fuzz.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 2ca3c2704a2..a664121a001 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -41,25 +41,29 @@ batch:
   build-list:
     - identifier: clang_awslc
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
+        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         variables:
           S2N_LIBCRYPTO: awslc
           COMPILER: clang
     - identifier: clang_openssl_3_0
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
+        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         variables:
           S2N_LIBCRYPTO: openssl-3.0
           COMPILER: clang
     - identifier: clang_openssl_1_1_1
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
+        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         variables:
           S2N_LIBCRYPTO: openssl-1.1.1
           COMPILER: clang
     - identifier: clang_openssl_1_0_2
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
+        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         variables:
           S2N_LIBCRYPTO: openssl-1.0.2
           COMPILER: clang
@@ -72,6 +76,7 @@ phases:
           cd third-party-src;
           ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
         fi
+      - /usr/bin/$COMPILER --version
   build:
     on-failure: ABORT
     commands:

From 629c46efe1acd61d62997da32f4aa955326b4bd9 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 19:00:50 +0000
Subject: [PATCH 32/53] remove commented out code

---
 codebuild/bin/s2n_codebuild.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 911b65c75ba..d425d5a87d9 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -135,7 +135,6 @@ if [[ "$TESTS" == "ALL" || "$TESTS" == "integrationv2" ]]; then run_integration_
 if [[ "$TESTS" == "ALL" || "$TESTS" == "crt" ]]; then ./codebuild/bin/build_aws_crt_cpp.sh $(mktemp -d) $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bin/test_install_shared_and_static.sh $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
-# if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then run_fuzz_tests ; fi
 if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
 if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi

From 57eb6fdc4fde915d10f85bc0faa15bf9ba71c2d7 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 21:56:02 +0000
Subject: [PATCH 33/53] change to privileged-mode to true

---
 codebuild/spec/buildspec_fuzz.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index a664121a001..49aaff091fc 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -43,6 +43,7 @@ batch:
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
+        privileged-mode: true
         variables:
           S2N_LIBCRYPTO: awslc
           COMPILER: clang
@@ -50,6 +51,7 @@ batch:
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
+        privileged-mode: true
         variables:
           S2N_LIBCRYPTO: openssl-3.0
           COMPILER: clang
@@ -57,6 +59,7 @@ batch:
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
+        privileged-mode: true
         variables:
           S2N_LIBCRYPTO: openssl-1.1.1
           COMPILER: clang
@@ -64,6 +67,7 @@ batch:
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
+        privileged-mode: true
         variables:
           S2N_LIBCRYPTO: openssl-1.0.2
           COMPILER: clang
@@ -77,6 +81,7 @@ phases:
           ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
         fi
       - /usr/bin/$COMPILER --version
+      - ls /usr/local/libfuzzer/lib/libFuzzer.a && echo "Libfuzzer File exists" || echo "Libfuzzer File does not exist"
   build:
     on-failure: ABORT
     commands:

From 2f01cd6fb0d01f0ec7b33c73f6e23a8e01082c68 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 22:11:45 +0000
Subject: [PATCH 34/53] use verbose for debugging

---
 codebuild/spec/buildspec_fuzz.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 49aaff091fc..24133e9a4c3 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -93,4 +93,4 @@ phases:
   post_build:
     on-failure: ABORT
     commands:
-      - cmake --build build --target run_fuzz 
+      - cmake --build build --target run_fuzz --verbose

From d8ac8d91c4fff9b289d04a704227250040d8f007 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 22:21:36 +0000
Subject: [PATCH 35/53] debug with script output

---
 tests/fuzz/runFuzzTest.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index e0fe246c057..2713c416a2f 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -16,6 +16,7 @@
 # The timeout command sends a TERM and under normal circumstances returns
 # exit code 124. We'll undo this later. 
 set -e
+set -x
 
 usage() {
     echo "Usage: runFuzzTest.sh TEST_NAME FUZZ_TIMEOUT_SEC"

From 69aec894a2a7b1d1d1b065356220a4c817f280d3 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 22:32:33 +0000
Subject: [PATCH 36/53] reduce thread count

---
 tests/fuzz/runFuzzTest.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 2713c416a2f..72eca27f565 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -45,7 +45,7 @@ fi
 ASAN_OPTIONS+="symbolize=1"
 LSAN_OPTIONS+="log_threads=1"
 UBSAN_OPTIONS+="print_stacktrace=1"
-NUM_CPU_THREADS=$(nproc)
+NUM_CPU_THREADS=16
 LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -print_final_stats=1 -jobs=${NUM_CPU_THREADS} -workers=${NUM_CPU_THREADS} -max_total_time=${FUZZ_TIMEOUT_SEC}"
 
 TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so"

From fb1f75030f963ed5b11c489a1632555182294189 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 22:46:17 +0000
Subject: [PATCH 37/53] attempt to run without LD_PRELOAD

---
 tests/fuzz/runFuzzTest.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 72eca27f565..958b3c7bb2d 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -144,7 +144,7 @@ if [[ "$FUZZ_COVERAGE" == "true" ]]; then
     rm -f ./profiles/${TEST_NAME}/*.profraw
     LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 else
-    env LD_PRELOAD="$LD_PRELOAD_" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
+    ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 fi
 
 TEST_INFO=$(

From 496d133aa04c0ac2ab27580d3029b00dcd2b8de4 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 23:17:23 +0000
Subject: [PATCH 38/53] add breakpoint in buildspec for debugging

---
 codebuild/spec/buildspec_fuzz.yml | 5 +++++
 tests/fuzz/runFuzzTest.sh         | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 24133e9a4c3..31507eea81f 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -40,6 +40,7 @@ version: 0.2
 batch:
   build-list:
     - identifier: clang_awslc
+      debug-session: true
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
@@ -48,6 +49,7 @@ batch:
           S2N_LIBCRYPTO: awslc
           COMPILER: clang
     - identifier: clang_openssl_3_0
+      debug-session: true
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
@@ -56,6 +58,7 @@ batch:
           S2N_LIBCRYPTO: openssl-3.0
           COMPILER: clang
     - identifier: clang_openssl_1_1_1
+      debug-session: true
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
@@ -64,6 +67,7 @@ batch:
           S2N_LIBCRYPTO: openssl-1.1.1
           COMPILER: clang
     - identifier: clang_openssl_1_0_2
+      debug-session: true
       env:
         compute-type: BUILD_GENERAL1_2XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
@@ -90,6 +94,7 @@ phases:
             -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
             -DS2N_UNSAFE_FUZZING_MODE=on
       - cmake --build ./build -- -j $(nproc)
+      - codebuild-breakpoint
   post_build:
     on-failure: ABORT
     commands:
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 958b3c7bb2d..2713c416a2f 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -45,7 +45,7 @@ fi
 ASAN_OPTIONS+="symbolize=1"
 LSAN_OPTIONS+="log_threads=1"
 UBSAN_OPTIONS+="print_stacktrace=1"
-NUM_CPU_THREADS=16
+NUM_CPU_THREADS=$(nproc)
 LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -print_final_stats=1 -jobs=${NUM_CPU_THREADS} -workers=${NUM_CPU_THREADS} -max_total_time=${FUZZ_TIMEOUT_SEC}"
 
 TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so"
@@ -144,7 +144,7 @@ if [[ "$FUZZ_COVERAGE" == "true" ]]; then
     rm -f ./profiles/${TEST_NAME}/*.profraw
     LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 else
-    ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
+    env LD_PRELOAD="$LD_PRELOAD_" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1
 fi
 
 TEST_INFO=$(

From 83da56814c47d16f9708772f4d7cdab9e93165fc Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 29 Aug 2024 23:34:47 +0000
Subject: [PATCH 39/53] use single thread for fuzz

---
 tests/fuzz/runFuzzTest.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 2713c416a2f..dd69f0b8bda 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -45,7 +45,7 @@ fi
 ASAN_OPTIONS+="symbolize=1"
 LSAN_OPTIONS+="log_threads=1"
 UBSAN_OPTIONS+="print_stacktrace=1"
-NUM_CPU_THREADS=$(nproc)
+NUM_CPU_THREADS=1
 LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -print_final_stats=1 -jobs=${NUM_CPU_THREADS} -workers=${NUM_CPU_THREADS} -max_total_time=${FUZZ_TIMEOUT_SEC}"
 
 TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so"

From 7ed678ca63637948df2dc288cbc6293690d27e18 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Fri, 30 Aug 2024 00:46:24 +0000
Subject: [PATCH 40/53] use prlimit

---
 codebuild/spec/buildspec_fuzz.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 31507eea81f..a2e619c71a5 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -86,6 +86,8 @@ phases:
         fi
       - /usr/bin/$COMPILER --version
       - ls /usr/local/libfuzzer/lib/libFuzzer.a && echo "Libfuzzer File exists" || echo "Libfuzzer File does not exist"
+      - which prlimit
+      - prlimit --memlock=unlimited:unlimited
   build:
     on-failure: ABORT
     commands:

From 308b2bebe62c28f23f59752da69b6322f76adac9 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Fri, 30 Aug 2024 18:10:43 +0000
Subject: [PATCH 41/53] run fuzz without asan and ubsan

---
 CMakeLists.txt                    | 11 ++++++-----
 codebuild/spec/buildspec_fuzz.yml |  6 +++---
 tests/fuzz/runFuzzTest.sh         |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index af539de8e6b..5ec5b7b4ca0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -184,8 +184,8 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_UNSAFE_FUZZING_MODE)
-    target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
-    target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak)
+    target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
+    target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
 endif()
 
 if(TSAN)
@@ -599,7 +599,8 @@ if (BUILD_TESTING)
         add_library(fuzztest SHARED ${TESTLIB_HEADERS} ${TESTLIB_SRC})
         target_include_directories(fuzztest PUBLIC tests)
         target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
-
+        # if linking libfuzzer locally:
+        # set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
         # linking libfuzzer in CI:
         set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
 
@@ -651,14 +652,14 @@ if (BUILD_TESTING)
             
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
-                -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak 
+                -fsanitize-coverage=trace-pc-guard -fsanitize=leak 
                 -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest
                 ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a
                 -lstdc++
-                -fsanitize-coverage=trace-pc-guard -fsanitize=address,undefined,leak
+                -fsanitize-coverage=trace-pc-guard -fsanitize=leak
             )
 
             # Set the output directory for the fuzzing binaries
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index a2e619c71a5..3ffcf6a53ba 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -92,9 +92,9 @@ phases:
     on-failure: ABORT
     commands:
       - |
-            cmake . -Bbuild \
-            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DS2N_UNSAFE_FUZZING_MODE=on
+        cmake . -Bbuild \
+        -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
+        -DS2N_UNSAFE_FUZZING_MODE=on
       - cmake --build ./build -- -j $(nproc)
       - codebuild-breakpoint
   post_build:
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index dd69f0b8bda..2713c416a2f 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -45,7 +45,7 @@ fi
 ASAN_OPTIONS+="symbolize=1"
 LSAN_OPTIONS+="log_threads=1"
 UBSAN_OPTIONS+="print_stacktrace=1"
-NUM_CPU_THREADS=1
+NUM_CPU_THREADS=$(nproc)
 LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -print_final_stats=1 -jobs=${NUM_CPU_THREADS} -workers=${NUM_CPU_THREADS} -max_total_time=${FUZZ_TIMEOUT_SEC}"
 
 TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so"

From 871f0e43ad0daa8a5176806cda9a25401c7a7467 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Fri, 30 Aug 2024 18:45:05 +0000
Subject: [PATCH 42/53] remove debugging options

---
 codebuild/spec/buildspec_fuzz.yml | 3 +--
 tests/fuzz/runFuzzTest.sh         | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 3ffcf6a53ba..89c29a64399 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -96,8 +96,7 @@ phases:
         -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
         -DS2N_UNSAFE_FUZZING_MODE=on
       - cmake --build ./build -- -j $(nproc)
-      - codebuild-breakpoint
   post_build:
     on-failure: ABORT
     commands:
-      - cmake --build build --target run_fuzz --verbose
+      - cmake --build build --target run_fuzz
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index 2713c416a2f..e0fe246c057 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -16,7 +16,6 @@
 # The timeout command sends a TERM and under normal circumstances returns
 # exit code 124. We'll undo this later. 
 set -e
-set -x
 
 usage() {
     echo "Usage: runFuzzTest.sh TEST_NAME FUZZ_TIMEOUT_SEC"

From b614f45fa8b4c4001f3b6b57d1350f3a4a21b5a5 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Fri, 30 Aug 2024 20:55:37 +0000
Subject: [PATCH 43/53] cleanup

---
 CMakeLists.txt                    | 14 +++++++-------
 codebuild/bin/s2n_codebuild.sh    |  3 ++-
 codebuild/spec/buildspec_fuzz.yml | 25 +------------------------
 3 files changed, 10 insertions(+), 32 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5ec5b7b4ca0..0e9b43af1c9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -145,7 +145,7 @@ elseif (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
     target_compile_options(${PROJECT_NAME} PRIVATE -Werror )
 endif ()
 
-if(BUILD_TESTING AND BUILD_SHARED_LIBS OR S2N_UNSAFE_FUZZING_MODE)
+if(BUILD_TESTING AND BUILD_SHARED_LIBS OR S2N_FUZZ_TEST)
     target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=default)
 else()
     target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=hidden -DS2N_EXPORTS)
@@ -183,7 +183,7 @@ if(NO_STACK_PROTECTOR)
     target_compile_options(${PROJECT_NAME} PRIVATE -Wstack-protector -fstack-protector-all)
 endif()
 
-if(S2N_UNSAFE_FUZZING_MODE)
+if(S2N_FUZZ_TEST)
     target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
     target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
 endif()
@@ -589,7 +589,7 @@ if (BUILD_TESTING)
         endforeach()
     endif()
 
-    if(S2N_UNSAFE_FUZZING_MODE)
+    if(S2N_FUZZ_TEST)
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
@@ -599,12 +599,12 @@ if (BUILD_TESTING)
         add_library(fuzztest SHARED ${TESTLIB_HEADERS} ${TESTLIB_SRC})
         target_include_directories(fuzztest PUBLIC tests)
         target_link_libraries(fuzztest PUBLIC ${PROJECT_NAME})
-        # if linking libfuzzer locally:
-        # set(LIBFUZZER_LIB "/home/ubuntu/libFuzzer/lib/lib/libFuzzer.a")
-        # linking libfuzzer in CI:
-        set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
 
         # Set default values for fuzzing if not defined
+        if(NOT DEFINED LIBFUZZER_LIB)
+            set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
+        endif()
+        
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
             set(FUZZ_TIMEOUT_SEC 120)
         endif()
diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index d425d5a87d9..93ebac209cc 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -115,10 +115,11 @@ run_unit_tests() {
     cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)"
 }
 
+# This can be removed after CI migration from make to cmake is done
 run_fuzz_tests() {
     cmake . -Bbuild \
             -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DS2N_UNSAFE_FUZZING_MODE=on
+            -DS2N_FUZZ_TEST=on
     cmake --build ./build -- -j $(nproc)
     cmake --build build --target run_fuzz 
 }
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 89c29a64399..385258321a8 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -30,8 +30,6 @@ version: 0.2
 # awslc: happy path libcrypto for s2n-tls
 # openssl 3: s2n-tls takes different code paths for ossl3, so make sure we run 
 #            asan on it. See pr 4033 for a historical motivating example.
-# openssl 1.1.1: a widely deployed version of openssl.
-# openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed.
 
 # CMAKE_BUILD_TYPE
 # RelWithDebInfo: This instructs CMake to do all optimizations (Rel -> Release)
@@ -57,24 +55,6 @@ batch:
         variables:
           S2N_LIBCRYPTO: openssl-3.0
           COMPILER: clang
-    - identifier: clang_openssl_1_1_1
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_2XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          COMPILER: clang
-    - identifier: clang_openssl_1_0_2
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_2XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2
-          COMPILER: clang
 
 phases:
   pre_build:
@@ -85,16 +65,13 @@ phases:
           ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
         fi
       - /usr/bin/$COMPILER --version
-      - ls /usr/local/libfuzzer/lib/libFuzzer.a && echo "Libfuzzer File exists" || echo "Libfuzzer File does not exist"
-      - which prlimit
-      - prlimit --memlock=unlimited:unlimited
   build:
     on-failure: ABORT
     commands:
       - |
         cmake . -Bbuild \
         -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-        -DS2N_UNSAFE_FUZZING_MODE=on
+        -DS2N_FUZZ_TEST=on
       - cmake --build ./build -- -j $(nproc)
   post_build:
     on-failure: ABORT

From 661e57589a305b6c65ec0340a807e77a2b07ffc6 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 3 Sep 2024 17:40:16 +0000
Subject: [PATCH 44/53] inherit compile/link option

---
 CMakeLists.txt | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0e9b43af1c9..f16a0dbc191 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -184,8 +184,8 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_FUZZ_TEST)
-    target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
-    target_link_libraries(${PROJECT_NAME} PRIVATE -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
+    target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard)
+    target_link_libraries(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard)
 endif()
 
 if(TSAN)
@@ -652,14 +652,12 @@ if (BUILD_TESTING)
             
             target_compile_options(${TEST_NAME} PRIVATE 
                 -g -O0
-                -fsanitize-coverage=trace-pc-guard -fsanitize=leak 
                 -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest
                 ${LIBFUZZER_LIB}  # Manually link old libFuzzer.a
                 -lstdc++
-                -fsanitize-coverage=trace-pc-guard -fsanitize=leak
             )
 
             # Set the output directory for the fuzzing binaries

From 7f75e390d702050a044b6b8182f265854ce18a78 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Tue, 3 Sep 2024 23:55:23 +0000
Subject: [PATCH 45/53] address PR feedbacks - change link option to public -
 move libfuzzer path definition to buildspec - use target_include_directories
 instead - comment to explain LD_PRELOAD issue - address nits

---
 CMakeLists.txt                    | 25 ++++++++++++-------------
 codebuild/spec/buildspec_fuzz.yml | 12 ++----------
 tests/fuzz/runFuzzTest.sh         |  1 +
 3 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f16a0dbc191..7dc0a223044 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -184,8 +184,8 @@ if(NO_STACK_PROTECTOR)
 endif()
 
 if(S2N_FUZZ_TEST)
-    target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard)
-    target_link_libraries(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard)
+    target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
+    target_link_libraries(${PROJECT_NAME} PUBLIC -fsanitize-coverage=trace-pc-guard -fsanitize=leak)
 endif()
 
 if(TSAN)
@@ -602,7 +602,7 @@ if (BUILD_TESTING)
 
         # Set default values for fuzzing if not defined
         if(NOT DEFINED LIBFUZZER_LIB)
-            set(LIBFUZZER_LIB "/usr/local/libfuzzer/lib/libFuzzer.a")
+            message(FATAL_ERROR "LIBFUZZER_LIB is not defined. Please set it to the path of your libFuzzer.a.")
         endif()
         
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
@@ -622,16 +622,15 @@ if (BUILD_TESTING)
         endif()
 
         # Build LD_PRELOAD shared libraries
-        include_directories(
-            ${CMAKE_CURRENT_SOURCE_DIR}
-            ${CMAKE_CURRENT_SOURCE_DIR}/api
-        )
         set(LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD)
         file(GLOB LIBRARY_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
         foreach(SRC ${LIBRARY_SRCS})
             get_filename_component(LIB_NAME ${SRC} NAME_WE)
             add_library(${LIB_NAME} SHARED ${SRC})
-
+            target_include_directories(${LIB_NAME} PRIVATE 
+                ${CMAKE_CURRENT_SOURCE_DIR}
+                ${CMAKE_CURRENT_SOURCE_DIR}/api
+            )
             # Set the output directory and remove the default "lib" prefix
             set_target_properties(${LIB_NAME} PROPERTIES
                 PREFIX ""
@@ -666,12 +665,12 @@ if (BUILD_TESTING)
                 RUNTIME_OUTPUT_DIRECTORY ${FUZZ_BIN_DIR}
             )
 
-            list(APPEND EXECUTABLE_TARGETS ${TEST_NAME})
+            list(APPEND FUZZ_TEST_EXECUTABLES ${TEST_NAME})
         endforeach()
 
-        foreach(TEST_NAME ${EXECUTABLE_TARGETS})
+        foreach(TEST_NAME ${FUZZ_TEST_EXECUTABLES})
             add_custom_command(
-                OUTPUT ${TEST_NAME}_result
+                OUTPUT ${TEST_NAME}_script
                 COMMAND ${CMAKE_COMMAND} -E env
                     DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
                     LD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{LD_LIBRARY_PATH}
@@ -683,12 +682,12 @@ if (BUILD_TESTING)
                 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz
             )
 
-            list(APPEND FUZZ_TEST_TARGETS ${TEST_NAME}_result)
+            list(APPEND FUZZ_TEST_SCRIPTS ${TEST_NAME}_script)
         endforeach()
 
         # This will run all fuzz tests
         add_custom_target(run_fuzz
-            DEPENDS ${FUZZ_TEST_TARGETS}
+            DEPENDS ${FUZZ_TEST_SCRIPTS}
         )
     endif()
 endif()
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 385258321a8..3359c927ba3 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -21,20 +21,11 @@ version: 0.2
 
 # Parameter motivation
 
-# COMPILERS
-# We run asan on both gcc and clang because of different features sets for their
-# address sanitizers. Specifically there was a case where GCC was able to detect
-# a memcpy-param-overlap that Clang did not.
-
 # LIBCRYPTOS
 # awslc: happy path libcrypto for s2n-tls
 # openssl 3: s2n-tls takes different code paths for ossl3, so make sure we run 
 #            asan on it. See pr 4033 for a historical motivating example.
 
-# CMAKE_BUILD_TYPE
-# RelWithDebInfo: This instructs CMake to do all optimizations (Rel -> Release)
-# along with debug info (DebInfo). Debug info is necessary to get line numbers 
-# in the stack traces that ASAN reports.
 batch:
   build-list:
     - identifier: clang_awslc
@@ -71,7 +62,8 @@ phases:
       - |
         cmake . -Bbuild \
         -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-        -DS2N_FUZZ_TEST=on
+        -DS2N_FUZZ_TEST=on \
+        -DLIBFUZZER_LIB=/usr/local/libfuzzer/lib/libFuzzer.a
       - cmake --build ./build -- -j $(nproc)
   post_build:
     on-failure: ABORT
diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh
index e0fe246c057..58517ea302f 100755
--- a/tests/fuzz/runFuzzTest.sh
+++ b/tests/fuzz/runFuzzTest.sh
@@ -52,6 +52,7 @@ GLOBAL_OVERRIDES="${PWD}/LD_PRELOAD/global_overrides.so"
 
 FUZZCOV_SOURCES="${S2N_ROOT}/api ${S2N_ROOT}/bin ${S2N_ROOT}/crypto ${S2N_ROOT}/error ${S2N_ROOT}/stuffer ${S2N_ROOT}/tls ${S2N_ROOT}/utils"
 
+# Use LD_PRELOAD_ to prevent symbol lookup errors in commands like mkdir.
 if [ -e $TEST_SPECIFIC_OVERRIDES ];
 then
     export LD_PRELOAD_="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES"

From 944dae4e366fdf238159fd984a09225f9c2e0659 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 4 Sep 2024 19:25:44 +0000
Subject: [PATCH 46/53] address PR feedback - remove -O0 and
 -fvisibility=default - remove make specific logic in buildspec

---
 CMakeLists.txt                    | 5 ++---
 codebuild/spec/buildspec_fuzz.yml | 5 -----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7dc0a223044..0372e3859b4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -637,7 +637,7 @@ if (BUILD_TESTING)
                 LIBRARY_OUTPUT_DIRECTORY ${LIBRARY_OUTPUT_DIRECTORY}
             )
             target_compile_options(${LIB_NAME} PRIVATE
-                -Wno-unreachable-code -O0 -fPIC -Wno-deprecated-declarations -fvisibility=default
+                -Wno-unreachable-code -fPIC -Wno-deprecated-declarations
             )
         endforeach()
 
@@ -650,8 +650,7 @@ if (BUILD_TESTING)
             target_include_directories(${TEST_NAME} PRIVATE ./)
             
             target_compile_options(${TEST_NAME} PRIVATE 
-                -g -O0
-                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
+                -g -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index 3359c927ba3..ddbfd87510a 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -50,11 +50,6 @@ batch:
 phases:
   pre_build:
     commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-          ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
-        fi
       - /usr/bin/$COMPILER --version
   build:
     on-failure: ABORT

From 54a3b738ccb23466a31ae0a0c16a8676fabf3457 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 00:34:30 +0000
Subject: [PATCH 47/53] address PR feedback - use ctest to run fuzz tests -
 remove unnecessary compiler options

---
 CMakeLists.txt                    | 32 +++++++++----------------------
 codebuild/spec/buildspec_fuzz.yml |  6 +++++-
 2 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0372e3859b4..5526410fc4c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -637,7 +637,7 @@ if (BUILD_TESTING)
                 LIBRARY_OUTPUT_DIRECTORY ${LIBRARY_OUTPUT_DIRECTORY}
             )
             target_compile_options(${LIB_NAME} PRIVATE
-                -Wno-unreachable-code -fPIC -Wno-deprecated-declarations
+                -fPIC
             )
         endforeach()
 
@@ -650,7 +650,7 @@ if (BUILD_TESTING)
             target_include_directories(${TEST_NAME} PRIVATE ./)
             
             target_compile_options(${TEST_NAME} PRIVATE 
-                -g -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -Wno-unused-result
+                -g -Wno-unknown-pragmas
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest
@@ -665,29 +665,15 @@ if (BUILD_TESTING)
             )
 
             list(APPEND FUZZ_TEST_EXECUTABLES ${TEST_NAME})
-        endforeach()
-
-        foreach(TEST_NAME ${FUZZ_TEST_EXECUTABLES})
-            add_custom_command(
-                OUTPUT ${TEST_NAME}_script
-                COMMAND ${CMAKE_COMMAND} -E env
-                    DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
-                    LD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{LD_LIBRARY_PATH}
-                    bash ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh
-                    ${TEST_NAME}
-                    ${FUZZ_TIMEOUT_SEC}
-                    ${CORPUS_UPLOAD_LOC}
-                    ${ARTIFACT_UPLOAD_LOC}
-                WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz
-            )
 
-            list(APPEND FUZZ_TEST_SCRIPTS ${TEST_NAME}_script)
+            add_test(NAME ${TEST_NAME}
+                    COMMAND ${CMAKE_COMMAND} -E env
+                        DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
+                        LD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{LD_LIBRARY_PATH}
+                        bash ${SCRIPT_PATH} ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} ${CORPUS_UPLOAD_LOC} ${ARTIFACT_UPLOAD_LOC}
+                    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz)
+            set_property(TEST ${TEST_NAME} PROPERTY LABELS "fuzz")
         endforeach()
-
-        # This will run all fuzz tests
-        add_custom_target(run_fuzz
-            DEPENDS ${FUZZ_TEST_SCRIPTS}
-        )
     endif()
 endif()
 
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index ddbfd87510a..c435be2f2d4 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -50,6 +50,10 @@ batch:
 phases:
   pre_build:
     commands:
+      - |
+        if [ -d "third-party-src" ]; then
+          cd third-party-src;
+        fi
       - /usr/bin/$COMPILER --version
   build:
     on-failure: ABORT
@@ -63,4 +67,4 @@ phases:
   post_build:
     on-failure: ABORT
     commands:
-      - cmake --build build --target run_fuzz
+      - cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure"

From 004081d422c60c9dbe8319930884344d116d1bc9 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 00:36:43 +0000
Subject: [PATCH 48/53] remove unused var

---
 CMakeLists.txt | 2 --
 1 file changed, 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5526410fc4c..feae87ceec6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -664,8 +664,6 @@ if (BUILD_TESTING)
                 RUNTIME_OUTPUT_DIRECTORY ${FUZZ_BIN_DIR}
             )
 
-            list(APPEND FUZZ_TEST_EXECUTABLES ${TEST_NAME})
-
             add_test(NAME ${TEST_NAME}
                     COMMAND ${CMAKE_COMMAND} -E env
                         DYLD_LIBRARY_PATH=${CMAKE_CURRENT_BINARY_DIR}/lib:${CMAKE_CURRENT_BINARY_DIR}/tests/testlib:${CMAKE_CURRENT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}

From 15db3df7ea0cf6ce077b029379b37d69b8cb9ccd Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 00:42:11 +0000
Subject: [PATCH 49/53] add -Wno-unused-result back to compile option

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index feae87ceec6..9ffccb332dd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -650,7 +650,7 @@ if (BUILD_TESTING)
             target_include_directories(${TEST_NAME} PRIVATE ./)
             
             target_compile_options(${TEST_NAME} PRIVATE 
-                -g -Wno-unknown-pragmas
+                -g -Wno-unknown-pragmas -Wno-unused-result
             )
             target_link_libraries(${TEST_NAME} PRIVATE 
                 fuzztest

From fb950c6d8e1d7d983c8917ab4eb9e32c4218b285 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 16:59:42 +0000
Subject: [PATCH 50/53] address PR feedback - change compute type - add comment
 explaining cmake arg - revert inline changes to better handle merge conflict

---
 codebuild/spec/buildspec_fuzz.yml |  5 +++--
 utils/s2n_result.c                |  6 ++++++
 utils/s2n_result.h                | 12 +-----------
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
index c435be2f2d4..40031a6b569 100644
--- a/codebuild/spec/buildspec_fuzz.yml
+++ b/codebuild/spec/buildspec_fuzz.yml
@@ -31,7 +31,7 @@ batch:
     - identifier: clang_awslc
       debug-session: true
       env:
-        compute-type: BUILD_GENERAL1_2XLARGE
+        compute-type: BUILD_GENERAL1_XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         privileged-mode: true
         variables:
@@ -40,7 +40,7 @@ batch:
     - identifier: clang_openssl_3_0
       debug-session: true
       env:
-        compute-type: BUILD_GENERAL1_2XLARGE
+        compute-type: BUILD_GENERAL1_XLARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
         privileged-mode: true
         variables:
@@ -67,4 +67,5 @@ phases:
   post_build:
     on-failure: ABORT
     commands:
+      # -L: Restrict tests to names matching the pattern 'fuzz'
       - cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure"
diff --git a/utils/s2n_result.c b/utils/s2n_result.c
index b1dc8966e39..47d53f27fbd 100644
--- a/utils/s2n_result.c
+++ b/utils/s2n_result.c
@@ -82,6 +82,12 @@
 
 #include "api/s2n.h"
 
+/* returns true when the result is S2N_RESULT_OK */
+inline bool s2n_result_is_ok(s2n_result result)
+{
+    return result.__error_signal == S2N_SUCCESS;
+}
+
 /* returns true when the result is S2N_RESULT_ERROR */
 inline bool s2n_result_is_error(s2n_result result)
 {
diff --git a/utils/s2n_result.h b/utils/s2n_result.h
index 5f6374356d3..32120a88478 100644
--- a/utils/s2n_result.h
+++ b/utils/s2n_result.h
@@ -36,18 +36,8 @@ typedef struct {
     #define S2N_RESULT_MUST_USE
 #endif
 
-#ifdef S2N_DIAGNOSTICS_PUSH_SUPPORTED
-    #pragma GCC diagnostic push
-    #pragma GCC diagnostic ignored "-Wunused-function"
-#endif
 /* returns true when the result is S2N_RESULT_OK */
-S2N_RESULT_MUST_USE static bool s2n_result_is_ok(s2n_result result)
-{
-    return result.__error_signal == S2N_SUCCESS;
-}
-#ifdef S2N_DIAGNOSTICS_POP_SUPPORTED
-    #pragma GCC diagnostic pop
-#endif
+S2N_RESULT_MUST_USE bool s2n_result_is_ok(s2n_result result);
 
 /* returns true when the result is S2N_RESULT_ERROR */
 S2N_RESULT_MUST_USE bool s2n_result_is_error(s2n_result result);

From ea4df6474b1e1d2c235cab3baf5c4f47f6d00aaf Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 22:10:41 +0000
Subject: [PATCH 51/53] address PR feedback - fix cmake command for
 codebuild.sh - new message to indicate when fuzz is enabled

---
 CMakeLists.txt                 | 1 +
 codebuild/bin/s2n_codebuild.sh | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9ffccb332dd..7764f8a497e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -590,6 +590,7 @@ if (BUILD_TESTING)
     endif()
 
     if(S2N_FUZZ_TEST)
+        message(STATUS "Fuzz build enabled")
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 93ebac209cc..2803529de71 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -118,10 +118,11 @@ run_unit_tests() {
 # This can be removed after CI migration from make to cmake is done
 run_fuzz_tests() {
     cmake . -Bbuild \
-            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DS2N_FUZZ_TEST=on
+        -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
+        -DS2N_FUZZ_TEST=on \
+        -DLIBFUZZER_LIB=/usr/local/libfuzzer/lib/libFuzzer.a
     cmake --build ./build -- -j $(nproc)
-    cmake --build build --target run_fuzz 
+    cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure"
 }
 
 # Run Multiple tests on one flag.

From 442668c7d4dce70b8d423fcad8d2771cb63cca14 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 22:15:00 +0000
Subject: [PATCH 52/53] reduce fuzz time to 120 to 60 to match current fuzz CI
 duration

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7764f8a497e..66c2580ae90 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -607,7 +607,7 @@ if (BUILD_TESTING)
         endif()
         
         if(NOT DEFINED FUZZ_TIMEOUT_SEC)
-            set(FUZZ_TIMEOUT_SEC 120)
+            set(FUZZ_TIMEOUT_SEC 60)
         endif()
 
         if(NOT DEFINED CORPUS_UPLOAD_LOC)

From 7a2b7b25a9de96fcd67f46c4e1f5cd9bcc41209d Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Thu, 5 Sep 2024 22:30:12 +0000
Subject: [PATCH 53/53] revert script changes

---
 codebuild/bin/s2n_codebuild.sh | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
index 2803529de71..64a53a57b12 100755
--- a/codebuild/bin/s2n_codebuild.sh
+++ b/codebuild/bin/s2n_codebuild.sh
@@ -115,16 +115,6 @@ run_unit_tests() {
     cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)"
 }
 
-# This can be removed after CI migration from make to cmake is done
-run_fuzz_tests() {
-    cmake . -Bbuild \
-        -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-        -DS2N_FUZZ_TEST=on \
-        -DLIBFUZZER_LIB=/usr/local/libfuzzer/lib/libFuzzer.a
-    cmake --build ./build -- -j $(nproc)
-    cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure"
-}
-
 # Run Multiple tests on one flag.
 if [[ "$TESTS" == "ALL" || "$TESTS" == "sawHMACPlus" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw tmp/verify_HMAC.log tmp/verify_drbg.log failure-tests; fi
 
@@ -137,7 +127,8 @@ if [[ "$TESTS" == "ALL" || "$TESTS" == "integrationv2" ]]; then run_integration_
 if [[ "$TESTS" == "ALL" || "$TESTS" == "crt" ]]; then ./codebuild/bin/build_aws_crt_cpp.sh $(mktemp -d) $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bin/test_install_shared_and_static.sh $(mktemp -d); fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then run_fuzz_tests ; fi
+# This can be removed after CI starts using buildspec_fuzz.yml
+if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
 if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
 if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi
 if [[ "$TESTS" == "ALL" || "$TESTS" == "tls" ]]; then make -C tests/saw tmp/verify_handshake.log ; fi