From 600b085a588f2d642b5856d03936f0ebb566659e Mon Sep 17 00:00:00 2001
From: tbnz <norbert@doyensec.com>
Date: Tue, 14 Jun 2022 15:28:20 +0200
Subject: [PATCH 01/10] oss fuzz integration

---
 api/types/fuzz_test.go                        |  32 ++++
 api/utils/aws/fuzz_test.go                    |  52 +++++++
 fuzz/corpora/fuzz_mongo_read/1                |   1 +
 fuzz/corpora/fuzz_mssql_login/1               | Bin 0 -> 126 bytes
 fuzz/corpora/fuzz_mssql_login/2               | Bin 0 -> 120 bytes
 fuzz/corpora/fuzz_mssql_login/3               | Bin 0 -> 120 bytes
 fuzz/corpora/fuzz_mssql_login/4               | Bin 0 -> 120 bytes
 fuzz/corpora/fuzz_mssql_login/5               | Bin 0 -> 120 bytes
 fuzz/corpora/fuzz_mssql_login/6               | Bin 0 -> 120 bytes
 fuzz/corpora/fuzz_mssql_login/7               | Bin 0 -> 120 bytes
 .../saml_okta_response                        |  33 ++++
 .../saml_response                             |  37 +++++
 .../saml_response_encrypted_assertion         |  13 ++
 ...ml_response_signed_and_encrypted_assertion |  13 ++
 .../saml_response_signed_assertion            |  41 +++++
 .../saml_response_signed_message              |  42 +++++
 ...saml_response_signed_message_and_assertion |  46 ++++++
 ...nse_signed_message_and_encrypted_assertion |  18 +++
 ..._signed_message_signed_encrypted_assertion |  18 +++
 fuzz/oss-fuzz-build.sh                        | 144 ++++++++++++++++++
 lib/auth/fuzz_test.go                         |  48 ++++++
 lib/auth/webauthn/fuzz_test.go                |  48 ++++++
 lib/client/fuzz_test.go                       |  52 +++++++
 lib/kube/proxy/fuzz_test.go                   |  35 +++++
 lib/restrictedsession/fuzz_test.go            |  34 +++++
 lib/services/fuzz_test.go                     |  62 ++++++++
 lib/srv/db/redis/fuzz_test.go                 |  34 +++++
 lib/srv/regular/fuzz_test.go                  |  43 ++++++
 lib/sshutils/x11/fuzz_test.go                 |  34 +++++
 lib/utils/fuzz_test.go                        |  64 ++++++++
 lib/utils/parse/fuzz_test.go                  |  43 ++++++
 lib/web/fuzz_test.go                          |  35 +++++
 32 files changed, 1022 insertions(+)
 create mode 100644 api/types/fuzz_test.go
 create mode 100644 api/utils/aws/fuzz_test.go
 create mode 100644 fuzz/corpora/fuzz_mongo_read/1
 create mode 100644 fuzz/corpora/fuzz_mssql_login/1
 create mode 100644 fuzz/corpora/fuzz_mssql_login/2
 create mode 100644 fuzz/corpora/fuzz_mssql_login/3
 create mode 100644 fuzz/corpora/fuzz_mssql_login/4
 create mode 100644 fuzz/corpora/fuzz_mssql_login/5
 create mode 100644 fuzz/corpora/fuzz_mssql_login/6
 create mode 100644 fuzz/corpora/fuzz_mssql_login/7
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
 create mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion
 create mode 100755 fuzz/oss-fuzz-build.sh
 create mode 100644 lib/auth/fuzz_test.go
 create mode 100644 lib/auth/webauthn/fuzz_test.go
 create mode 100644 lib/client/fuzz_test.go
 create mode 100644 lib/kube/proxy/fuzz_test.go
 create mode 100644 lib/restrictedsession/fuzz_test.go
 create mode 100644 lib/services/fuzz_test.go
 create mode 100644 lib/srv/db/redis/fuzz_test.go
 create mode 100644 lib/srv/regular/fuzz_test.go
 create mode 100644 lib/sshutils/x11/fuzz_test.go
 create mode 100644 lib/utils/fuzz_test.go
 create mode 100644 lib/utils/parse/fuzz_test.go
 create mode 100644 lib/web/fuzz_test.go

diff --git a/api/types/fuzz_test.go b/api/types/fuzz_test.go
new file mode 100644
index 0000000000000..75c76fe760084
--- /dev/null
+++ b/api/types/fuzz_test.go
@@ -0,0 +1,32 @@
+/*
+Copyright 2020 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseDuration(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, s string) {
+		require.NotPanics(t, func() {
+			parseDuration(s)
+		})
+	})
+}
diff --git a/api/utils/aws/fuzz_test.go b/api/utils/aws/fuzz_test.go
new file mode 100644
index 0000000000000..f2041f295d7a9
--- /dev/null
+++ b/api/utils/aws/fuzz_test.go
@@ -0,0 +1,52 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package aws
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseRDSEndpoint(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseRDSEndpoint(endpoint)
+		})
+	})
+}
+
+func FuzzParseRedshiftEndpoint(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseRedshiftEndpoint(endpoint)
+		})
+	})
+}
+
+func FuzzParseElastiCacheEndpoint(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseElastiCacheEndpoint(endpoint)
+		})
+	})
+}
\ No newline at end of file
diff --git a/fuzz/corpora/fuzz_mongo_read/1 b/fuzz/corpora/fuzz_mongo_read/1
new file mode 100644
index 0000000000000..f55ebebee62b6
--- /dev/null
+++ b/fuzz/corpora/fuzz_mongo_read/1
@@ -0,0 +1 @@
+000¤000000000000
\ No newline at end of file
diff --git a/fuzz/corpora/fuzz_mssql_login/1 b/fuzz/corpora/fuzz_mssql_login/1
new file mode 100644
index 0000000000000000000000000000000000000000..244c4866a0b9662c98a803e9e0b3a1071cfb7c1f
GIT binary patch
literal 126
OcmWeIV5l${FaQA9kr$Z&

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/2 b/fuzz/corpora/fuzz_mssql_login/2
new file mode 100644
index 0000000000000000000000000000000000000000..24cf31a26ef6227bdaa1c608c25eb010ff258b56
GIT binary patch
literal 120
bcmWeIV5l%40sQ}O(124pg8~CiIW!3X#GDuR

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/3 b/fuzz/corpora/fuzz_mssql_login/3
new file mode 100644
index 0000000000000000000000000000000000000000..fcb36690da39fe5f07aa2e343c7a5eb9b8246d0b
GIT binary patch
literal 120
bcmWeIV5l%40VpsiG~iUu@c%zfIW!3Xh&UJL

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/4 b/fuzz/corpora/fuzz_mssql_login/4
new file mode 100644
index 0000000000000000000000000000000000000000..204f5f05994a2ec064bb1e7a28adeb945dc026dc
GIT binary patch
literal 120
VcmWeIV5l%41u!TykfI!yS^!b27Ks1=

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/5 b/fuzz/corpora/fuzz_mssql_login/5
new file mode 100644
index 0000000000000000000000000000000000000000..bd7881085aa9cd30bc9f6be463dbd8a188e4b3ad
GIT binary patch
literal 120
acmWeIV5l%41u!Ty;8f1=|36MSGzkEVxEJ>T

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/6 b/fuzz/corpora/fuzz_mssql_login/6
new file mode 100644
index 0000000000000000000000000000000000000000..dbd5de9990e57c7fcaa451d6186e60ba8811a16f
GIT binary patch
literal 120
acmWeIV5l%41u*>ok5f5=0s~GtGzkEnfERZF

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_mssql_login/7 b/fuzz/corpora/fuzz_mssql_login/7
new file mode 100644
index 0000000000000000000000000000000000000000..ff88f8381f51d2d50301f557332f205c1da470ce
GIT binary patch
literal 120
acmWeIV5l%41u!r);8f1=|36MSGzkEM_!rjz

literal 0
HcmV?d00001

diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
new file mode 100644
index 0000000000000..e0b20053c492d
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><saml2p:Response Destination="https://boson.tener.io:3080/v1/webapi/saml/acs" ID="id336368461455218662129342736" InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id336368461455218662129342736"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>uBRfvYvl5C/LPCh36uAmRLHW76+aDP3ngChtIwP3/Fc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>M1VfkOOBH6r7niHhfGvf4OJ1HH5QJl83aD/b+mTDUUnXzHXgXlkb0BGQkSFn6ixojwCoXchpxCNzVLPN/tvfyY1dxP4MO8b+/07bGuVD2yTNlhN43/FFcDpmZ1ZDW8w2nPF1E5gy1lR8Wx2NgT3kQ2Ui1vRNX/KeX/P9NnABj4AjcshyHK2e49WLM/D4U84XOl7ODtzS7PTvtB0SGIwRE25G//8AsAv81eBfHL54Nz1HAqinMhxQtz32ZDXpKaAV6GypyBTvk6vo7Pkk4OiL6G9VIGC8Bd/gnavsc+Ickfuo7KTq8NDKTLB5WG34XKJqq6dGopSMrxr67oYjCEDZfw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
+DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
+BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
+KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
+2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
+EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
+Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
+T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
+f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
+RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
+RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
+XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
+V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="id33636846145688909913681942" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id33636846145688909913681942"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>XwJSotSzU2qLdzu/WDk8dpQ/Cy1Id88932S/95+N+Ds=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>qyIvGi1+w93AdGUj0+T5RYAq+CAjLSScMTMc7dLTEze6qr3mP51W/bCoZz8E47lpsbLeh0EiATa6h2Uaj6/34rILfCt3aQRNjNicu0gBKhePyNraapdnoyeqJEV8UrAOOKFiH30e5AvQ1nRZqfgY7KMt6cZH5/eXjUS63lPJJn4yr9vLw9loCdHCoHlaseh2IHi7CickyyxSMTX+Y58zpBy2g/KwN3K4oZM4a10ZYWkZpzkZJXDRSUkEc/wTTO7IPPY7Zv7R7UC+zjf5Px1sYeKTkkIxlZViZmtqjYuhibnTmhroJx7wX/LtOPxCkwLHlQRDACBNbP/UtrudU1ZMxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
+DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
+BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
+KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
+2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
+EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
+Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
+T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
+f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
+RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
+RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
+XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
+V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">ops@gravitational.io</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" NotOnOrAfter="2022-04-25T09:00:18.711Z" Recipient="https://boson.tener.io:3080/v1/webapi/saml/acs"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2022-04-25T08:50:18.711Z" NotOnOrAfter="2022-04-25T09:00:18.711Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>https://boson.tener.io:3080/v1/webapi/saml/acs</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2022-04-25T08:03:11.779Z" SessionIndex="_4f256462-6c2d-466d-afc0-6ee36602b6f2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ops@gravitational.io</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Everyone</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-admin</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-dev</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
\ No newline at end of file
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
new file mode 100644
index 0000000000000..9977d57361687
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
@@ -0,0 +1,37 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
+    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
+        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
new file mode 100644
index 0000000000000..6237f3bc8f168
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
@@ -0,0 +1,13 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:EncryptedAssertion>
+    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>mnkGnbwGcXeg29/nQJt/Y3fiDQik8YqgdO1bbY4YG7RXtYvVorgnXJJpZErUBEiFax9vY6NAYxXpCgzqV81rsl22FDuLl7li8Dbq3GrRsrmIalHGPM62YsB3/dUgyUI298iHajNxHjSN023ow3GfouB2eXi+aqIl+SRGDkD0b2M=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
+   <xenc:CipherData>
+      <xenc:CipherValue>aI3Uow+gjwwSD/7BXkFIHEZJmLK6vEPIugLy1fTh9UpNDmKaGJSTzCO03jeVhNNp/c4bdph/YjXzGCCCMZjBolOP2BjOzj6XXuaa7BvlyjnUoIz1HTaHyzfIQUHVckLfjzJxS7WqTvV4RU8yZWNDM7FokGXzCWEk+ra9ZTmoX/tvbnNvQ8A+Rm5HszdH6VKAFFhDU0xfrGkKPcou/uYbmRSbwCBkn0GReyDhCgRyU6kJb+D14o7tCPySIqfltegqiosCPi0Ceu4pUKZG/IpwKVLu1r/CqRxn2YSaG38SQOonGMQb9SVWYm1UNA33DobyKi0Pbxs9N03jXFnVMygMnGl4ADaHC0Nd7oyxGZGnk54yHbrtm7JrgY57yYv2JPlNG00IG3uU6cVKupht+yqeScP2JcwF9fHxvOzSIn5TKDv/XuU7KFWzzd5EWH3LEPB+Ah9ppHiqbwv9ZonpQPok9VvwdE0oTxqnNI00XZB0dkzqHCA3RIg30T+tQMkwlFySzi0dy+rtR98xx0x49wjzbTAzaMFH/L4g68/oruKbLKgPxMz2lkJSnZatK3czFugu5j4gk5gbOm226DPnh1hLZkaHri+ibJMFJ3zSQ/oQCCRtm3yFZnQgWro/g2X3Q1aJx6/Vygy6NS6uydkFFwJ3O4gQ04zlO0Lw/IV2XPh8keeSog9TdUN30tQbAjqKVgx2oRx79o8lEnKr/qIL/eUbwXXi4KoYKhNt6ZOoXgqImfk+bQfbXZSuIE6MdPocJp1utkMFMQwdb+9XrvuQxGNm/H1yyEU7YSHCTGXeP4BKxWMjMa0t0GdTwtgQwKOtHapdQCQtESzTMw7rFaczaKj+OR2JwM1hO/jLs1yFLDdydJoM0Gc7P0dZYvEd5uE1SeSiEVSdJlRwzRMBAVXfQMywtYGRVforod2pHvdRD8msNiKt2Poecj9uyFELRpV2VQGZdWofDEfSmHusxqzNWVLaSe36GJJ/SS3jMQfWzoX2NstORNNTVawceaJ8lhQqdJmpeC3EInTdZTXSuFpItoI/jHsCqf9MctnVaCe0wyf4WveQTkFBJN4f1c8JzmlJLUTv37AJn9C+xjF6lyTa/m9Ur1ZW6fWtkVV8SOgqbiOFdG7Y1J/V5VB9x3AXAPiL7RBfr6zJ4GjduSF4Ks1N5wxWquD5VtDE43W7JH5UEE9WjsmlNIN84s+Maw0xw5t7WQUGvms72h+HPJqFZ5iuuYnfJp+pOoApgtoa05SCnuXJTJwEHFpTYsxJer5/AYqL2rWGNA+zzNg8xRjd6X0nhUDDRbohaLumFvkvHNxax4XlI0xT/rdiiiiO+wv46aqocgdHGKPwBYPp9Yeq5t8kte8afazuEkMy5fhtR/H8afbNDVi4k1YBArPCw49qctgAKUmbU8iwpU8LrjVRIY/QkyR6ysDo2wGZvl034aMCntlPWPEaOoQ/845UIHBACXZgpptowXjxSShgrsgtYNCm38k1q5R6nSvd+i7x+1EaJdM09TIOahf5XeamGIK5mo9iN8pnXMc+Fdwn3z2aNTUfo8CxYejIpNpJDTrTvUiqpH6RswOVrfwn9nI6K7FMFQ5jxnCKIoYX+NxJrKztsiqspG/JN+K71Ctt8YcRCeTdDhF74q4NgC1lsfBed3jOVp4ggg7wYGLzJRPONDqnf0Vfk65dm11eXGsGKofK/yZ5VPBpMfLua3CN5eQahJS45bCQmQuiFS1Go3CahSe8B65amGmgoD5K9Kn/wWl0PiIiTW3Atk5I5pTBRto+ePkjqbl28dXAH0LIM/NbGVivnRTD+aH0vbdTnWYCy3dnA/6yh8hwV/fGCOigyvkVylLjyWbC6/LjClEFn3NFGQta87ucBlhqOHtm+bpzlIzHWs/fq+9bjb5UB1lbJI/l6zLvbPYZkGBeyOb+7A5Z801MtZVd281SYsjDOBXSa9CSPbIRPlwGZ3RBkZeCMBOse2rIBWj6THkm1oFosX4W5PmHNSt2LsCpLP2jmMoZhqm/ArWVitmyzdGQpw9zwu+6Hog7gCeVfpopfb7HwLzChBRM9cldH3xkb5Ke5rKMumhu65O4iFwrSYWcg0BzpBEK6sGhO2XzV0LHorQlbEzLLTX+AhJChkmoFfjZzG+mYGBB7ctRc3bRVRZM1ciL3NChlW8yx/suiXgBWd6vvXtgim0bbt8zG+T99/Uqo8/XW28dp7WTNCyfwW7WIAo7Q29BCWtdidapKZs+gJZ1YJUG8oj1hlALoa67/EPvU2xL803/87I5na40dqPlH/5m5pLz4ZE/U2jUfLxv45hKb+Wd7gWp+Ry/QWcdIG5e+IH9UwfhvOjkVTghntMdIuXTQhSxVhN0wdj0PLI0h3InmF0Y7ranOsPKb//gkGObmqkM21Ty6+rkTHBQkrvZ4rFnz74HeUG/JAK82KcdqGx+4N+2pQW82hKIQ+31zcBWhzxGe+IDOKBIIUP5kydkkBcp4u0/5M0YR1jxHvHLsvmVwf0Ql6SrF6zDvLXdjI9d/YlNAziQaOtrjTM5hHzHSu0xVMudZ7DcjfjKvQ7W6zAO01+PKJtGMtV7CCsKTk5mE2xtS9O/sY1uG/zHNxpb0ZtabV5LDrxlvAH8ulC3swaUKVacmXU/WhL0eEH+fCntkpLMuu7B01S2ZRpLOsWEni1WfLIA/rKz9kUFzsnBl3eHtQS3u+jnVXWRCjHjVK92j2xVH6dU7S+4l6zU7aiaERv9V+ZAV/yLpALOj0mgPwR9Fk4XjZ2eNUCL4XQvRCLLhAq8LPct9q+nz13smqSVcUmnqzhrVP11SNg4pw/ASlAlpjHSjN6tRVQo5v8bR7U8s7cI3OdyD/jfriBMGHn1hHMeCLqCom2evWSuQXceT6zB0FoVsTs5OCdiCLceIHpnW/f9CYWkiUuv+tSy54A=</xenc:CipherValue>
+   </xenc:CipherData>
+</xenc:EncryptedData>
+  </saml:EncryptedAssertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
new file mode 100644
index 0000000000000..4abeb7ce5ee65
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
@@ -0,0 +1,13 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:EncryptedAssertion>
+    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>M+nk4IA2SKFtEkmXvdCw5mBACNqslcXiXcgJqEMvdJipHjVj44CF8NYriu6ia/Ls7WVXvFmStqe73ph72auWF1dzAXWqrllGQ0xH9v50lOVypmLjsx1QcQIamWLKRO2wdowg/J8mTY0lFfGSu7yWylpRLoHs2m0gRv5zl//JrDE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
+   <xenc:CipherData>
+      <xenc:CipherValue>UzuKNycHj8yeMQ5vJU7Wrgb9Y9VQqXqyAwx5+8AiX+sqWmzXpbvPL0OtUwGqoL4EGJR6zVwVBLg4OzDi7sAjWg34mk/wkbZBf+Ouatd3ya8YfkMzkxOrRyZMA0tPV99bsAuwLAtWKC3Nym2h+Y/htP68o8oyin/Kv9zoIUDpv0m8gAzQ6MThXYXE/3haMc58UqPku1vvPsTQlKq1TnGMsXsE+JOoTYaXKqtErOKOtplZnRJhp5IiM9+uKl/+5AiraWUNkijvicS5iPdbHQ4xPpWdsr8Jrtg60LxrVeTnwKhuPYjT4x8Wotvw6t0ycdKJw+fur6U2kfOFeZwBcEwRzH6n9gAIygFrGWCjJrDYG4ihJp9vsfD8AevTbEk1gGPtpSEgtEX+qVPEI0/SVt91FRT47FDvg42U9AFcMrHa9TcKPhVW2h+5Df3ZsBJ/sbsuvr8ei2L6TmMkITTTZMeLqxaSclFgSp/upYm07rzjkuz/cJHg1VCzEv8sMivuMCDvPSQYdIkVGg3DUDxRx6dD3CiJTAU76cLiWbxgAOYgmIygYUsC6Cb8ElZTcVa/3v1/Qb64bRQFD9EFk03f/uBTWdkVm9Q54ujvn5F8D0XJfHTP+SoMLkzy7QmTGIZ2cGzbUqnJTw0Auecqa6HQDCqqqlmWUp3i0+JtASXkSnHn/iht9ivykxVoUEWFrmddSa7uKpzRjmdDGE1DPH+zX6VrTnbQ4wZWRLBS4CGiUErw6xws9e01mEDaAnNwGVDi6hFGIZwP5zPHs4MKFFMiCAksN7GJKIxL03Nm8InTh9rBlNbZQatGh3qmyv8lvq3K4KwNIk0K5Wxgfh7H6LGkMpjII2CHFrQK8BvgMp8oAzLMDHmznA5Zz0EvY5ZO5g2NISWifeKYlBvCh6GvuZPJNjeKCkDuaE33hCer3+DWgsntoBRkxX976H2MkqPu4Ae7pRR/MtaMCoYFIdJtdwMWmPsABlqfJ6bMHL7ZIDrpAz6WOxeXdwOUE5GjYjn4eED1QVUvxCggUQFQLzdi15mOSOHq8tRCsihZwtyUwDhj3Hdg3sAmGKhktmuJbqCgbZkGOZ1xtX1jPQcxxBjMSbvE/rHhM47gcYeXzw9DjvgoUNGmYP2TWerEFxeIBowLLP6bXy32RMpMCA9QH5J4c1jsTfCX8BuZM0FkddDqAZY9+5QVwzApBzaFyB0N/lMt0uVQ98vBQQNhId3Yjd7PjNGYXrR94uI/syPDCkm+Gt2QXS6XqhKFGwirb5oj66k2kItN8OQf4Ues7gch6tQa+gdnL0bgUksxe4iDev6YbKAGLQS6je7lYqmpW7SCqkXXj8wsPxO0eU0sh09Mp1Gq4k9DRPwbq5P4DEc9lTohmMAs4WxFxVcZFnAjLF3uCk+nP/5CC2g0stsTphLMMl3c6DVEPiJs3jK3jXBJxc6h3vxK7snp5NXSNH+tuPrBwo6+VU9/BTicijyuHT8c16HBf3I1g2IS2MfQ0HdjzbRtKPWQtw6MBeiryTO6OUwgeNnHg+Nu9IVvf4llRiGBLIYh2PvnS33GMIC2P+vzZ4PyuB6TZsmD5q2HpWzwL6nu6PprGGCfwzW9nqnwmR9UzVXQi8Vk5gevItmtV7InygKFioUMC4tzzbsmdr3bN4D1oHZVVue3BnPAIl0YhiGo9XP87ZCqylfDG9It9MBpqo+Np0jnAjLfsWDCBlHH1T0BpgMAfygfbC263BSnH/3AcMurRIiplhTDH0teQ7pE66JyEhW7MslSpPChp3FwMEFxnHaNxGax26NCUKWSf82b74zFGXD34AL9toNJ1Ae58ILDlQya5lzHlib/4txWk5fpbVTLudbbYqOB4e5+R4epT0g/OvEYlcd/yaUAri4FtUFeIm+aIg1e5MGtqaqfcighn3268d4Tj2sNzbDV0u3+R8z5YnIPS0d0itlzo4pmctdSyYZsvqhCzN+pHhs83sVmnKsppAFamu/2tRGWunPj5Am/KjEBPU2H36FSvml/bEcbZ8QG1RY+qwFtgyAaWvseiTTxu88+TJAAJOQhZutNw97Z9sjsU8Z165x4NrEsHCh0L2qwM01NKstBfwz782l1s3WORAasXBMCWwceTqo+g+/jRZOZzG3dL2ZTTdMEVn5t9tx6+45K4QsN95Rq47GwmVJXio/NQcmNijtIz5HgXUz7AbwKPc4gkqJgEmvDT+bBREjlKxXj35INHlwPeOd7hCm9zq9HQF14cTP0A5z78HakmoH2JO4Fw2QjXOwD372YVs96sTKpYxItkTwrDByHFVTQNSUfyP41mIM1puis/yUqAdQT/VPgsinV7jO06NrZk4TduPIWTDsHEoe3lKijvUzQX6/1m7eglXpman/8K5MukR+m9vI0VNeqAo28jqulapcYsy7tpm8CuAxIalUM2B/csfoXE1fh/qXS5zbPJ4oGvf+XzeZDprIOvKtoUJYlgpJT6q5UHuSfyPmsetphomrMlEIdWboYn1WUNFRSg39dfSYiylxQ5ytq9IZla3vpLccoMx2X9fXVj2wzrisJiZr0nRlGY4EOE7cpz1wGjzlkZivYlc1ABo581yKASdBVRzmmyILKvN+qrNHreIm2s0iWw9iwmwnBwf+GmnjAUsQ9phiGF9jyJ3lYuCoTO7p3ZOmuDqRT+iqQ6LbcGPmaoqI5bA11jwrAJRlrfgkWN14238fxOmpkpGBhfGjeSBfXjGH49okQ4E8MV1XHldePH+oofwcvWvOLxGDbS6ej9seZFYKguXcBZctZTcAEV6OUDwCg9EBB4WoxQNcApZmB8xKk3GjhwYQrcRTWUS9e8GZt4ODgiaVjakr3Izlp0Ye48z868ya2aSy5SF9AaJ0P+c7SOFGCgz/pJMmTJSHLQkn0SDtrWqbqJbeodwKze/ziAq+Q/a7l7g/7oBpj+rQTQzWxejzUqPhf62LTPqayea6rSMUdPWZ9fO98ms0Sh/ZmJXjYfTPFwizPC4uQQU4S3nIcrSWWfTXcHgjm771OM/6DmHVDUF2i6xNvtMiR2prWa/PC9xkIlLldRTp+18XzyJeTrmgyKtBYMjwFi0cJrlDgD0tjRoC5rm/kINREka6B0egVDpkb3NpbHElC5BACBvV8jy0AMEcL2hymfduZ98MyNKHYWi+UUgZDgwHRLNXRaU5/vztepvv8V16RqjZSkO6F8TYioviqmg9nt2LMWhsCFg1Ba0btBX8cRDHagQQk7VRs5RjRkcE+WSd17GAg/peQNZqwV1MEEfxDi/y3GMQkxrw6TwQDoVT71v5+jq6M6C7v5j45h1pjjospknmCDr5au1y/YqexbXAd2/2AVJtTsSUZog4zkKztAVGh1mJ/brL4T128xZIf4+S5unN1bQhz3IJwMKoF6uwHuRPqgjyXy/9Zq3bkHZslfRvy4r1fUUjJ/7kjXHqDsdopAGr42+u6e64MsyuckBa2ACWLrlDDvV8nxglachZr1YHSWAFJBMI9Sf0pQjnpsmhBqz3Y8JyDRMdO0hSzEHnks+jw8vWe/nAUHE260yl9fSTXHeJ5LZHOUW18WxSreaE10gWeq+ZcjNhMkZoh8ajKqBPuhLD+z45xvOf4gCiclnL3p3Eb90q9MHO1bgIMC4nIM8l8kKKHi8+ZXnjjSYbCc1SIIQkN1T4snNbLkr7Ic6HNu9m+6AZnPoBIZWB84GjQ1804XGSCknhpsgflhr1D+rarCRTr2asO3ESP8E5h/3BQYSe7yAdcsAchpwCxLSFLEs6Fd46YbcLMZ7IJxqFCGehBBjhyCfQGlH5bwBO94Duw8n3ebEXxn4GqN0IdaF2pXEIIRLFh5L81/jKaARu7InO7/NxbfQgeN/AVnzeIs64qE68qTLPugeynmvm3gGjAS1k84RWUaneaPP4b3lukGkWVWgRg2TjPkORfwnvDy1XAX4cmA6lLwmRI9ovzmRT2k7K3khdzFjKi4JHaPLxhyZlSJZ4f6mm5xILfkdAiVlyrW7qkHZMxlM4P+PJrvkixi49kbI0/JArh9Oj+RP1sFqbGNF3hCPoYiV7dBeZGdAlgk3e3qiy+lRSbvcmbCidrgnmaLaVwGWrSnCqUTegu8wSA8kkgiK7Af4zrsnU36T0RpWLILC1CU64wDWIFUK7wmQddIB2NHKUkaNyjjR5uI30YXKg9syDWYFnTnrYlkbXSlw5mLPgmzDYz7xANNoOnRykVGYHCvYYNhezzTc/lOMzqM7fiTQvDKm0aeayNmrywjTM7/jMd+IGkmD6qhI05+rltsZ8UXp3OnOfo2mHnt/IisfxZoQSgeU48N7NLAASqfPAcKowl8Wkv9VUHfbvNgdqfO4+hc1UZFYvo9INSR+itKX0UFdfSq0xF3+P/OuiC23nyjNEgFh2SECYDEUX63DL8M/+1RtYcEcc7QCKnobWVRjSI0TI0sHyCjVdjfSsx2wT6j1+9k/DD/8ow/1QDkU8vv5HflkceNQQnAfpIaNVxQqbEJpj+i/FrfORsgDcQ2rbhXwENK61fv5pcad5pmDuggJvJ6UVqBlFHEKbT0KNxoFCLRBxM6KRZ9C/O+9JtYfQfx8mjyLWEZ05NtwWRBxmUTXyGbpZIomXpnjz1w8uhNgh5hQPQmL2zeIF5iVGZOgH8PuyBMo9AUMxSUYnAwuLxjt+z5R92IL0Wx2RyEtNS52GHDoZQoegUSwDCJE0r4H5RzwCm7GPBpRo6Rcv6wtEBqpZraGtdruKMOWr083z1F0Arfwrfc2J5a7ac5YYAYsVPfroy4wht9WWX/XVWOcJZEpisChjOKTQRbz+94Wm+kpkNzFSK4LHdII08byjP54pH1q5eK7l2t2ncNqyS8MZ5n5oFeuLKcECsuIxk/EWErg/zlAn5JR5fMBXqibeWL5joiTe86rsOoPeJ/iujBdgXRLImLT4GcEy7MZlhER0srSV8MvAbW2UAgahQGP32NQ1wd7ltubdYtffXfWYFm+K1b3mbxgDYEy7/oQBw7K3WOjhU5g0Nk2hCyYOQ4eB1x047kSZbbZjyOwKMk91NumDMg308pUcf3hB/pygj3QnwqkdhhCkFw7fQnam2W5Pnxhz665CAMZ4VDVtTcnLbot5BI6NFpf9jDYc/3yCCBJx2gW6T/U1LFY2SdkA84rnjpl3Nmq41IiWwKQY/D9bdQZYUr1vUxJY+/QcDD6vVyvDbjskyfFC/K9J+lcqjRAUXrKsAo2u39JjdEV4haKCX0Yvoi4KqDMU8hvz6ssGWskW1OwFXzjjCv5v0Lv/StEx0Chhr4mSoamQx5GSnP2ZRpbtzKMZxLCjIdMn9/Vv5ka9T6H3OgfIM08Q4dXn0TudGLXssxmliXOSOUS4PS9Uqo28r3SkhVSjbe6DSuQI6xy3g42O8oqzxUPxJWnJSUgc99gMnLICuxp0F0xuh0L5bINcL5+q04FC6h2yHUhzmiGs+RrEMVAC5iHO0mMBXab022LZ3ooODp0eheJg=</xenc:CipherValue>
+   </xenc:CipherData>
+</xenc:EncryptedData>
+  </saml:EncryptedAssertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
new file mode 100644
index 0000000000000..f70f80e239843
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
@@ -0,0 +1,41 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfx9e0a584d-b24f-fe85-bd25-f313195df819" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
+    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfx9e0a584d-b24f-fe85-bd25-f313195df819"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>U/hZt6l2yNCDrQvAjEYTo36i3c4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ENs6BQzLc9fY/qXBHCMyKSlT2xh3zJOnrucFRBFLboUUrmh8uW+BMDju+6SDWQMV2ekXIf2VfTbeBpJmAyDIBsmv80aMJJU0y9uTthNwuhe+btVu8vyaUQ0BSAcZ4uhlZ97c63c1et3p6nKSZm8VSehkyB6FfPMXLvrAP0k6UtE=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
+        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
new file mode 100644
index 0000000000000..8bd23ace66491
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx4ca882f8-33da-35d6-293d-eb8240f2d083" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfx4ca882f8-33da-35d6-293d-eb8240f2d083"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Dvov6GpVwgdGTESt+1E97qBSZ5I=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1/FKVDB7TSR3V54NJ0QPgDw29QL9JvvDQDhqbCmLp7hobelv9zZXiGm55OBFJn97Fo0RQ7KKHcDel1G1KrPtGcNbKWuH+oDvbpMt71HrtmEjsJAdDyOvM0louobO81Ma35RuPz3qIQ3Dn8Bf+GofZn9erIKf4b0yp0SKO5/1tc8=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
+    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
+        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
new file mode 100644
index 0000000000000..d638035b19db3
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx799df8f0-5399-d007-beda-967c3a1b0cb6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfx799df8f0-5399-d007-beda-967c3a1b0cb6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>ZJ75nIxMjsPDRxWUPfOOJj2nTUI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>q9wjY9Br8MhRz3tfm3iCB08Tloa1PdFOIIi3QBHBI1Z2rC6jFY2eFTh74ZMxXTsRKCWShcG06cy15NPV7oaY60CQI+4d5lygacekys3B2tRcZNuYKMkeLmnco82pby7csR/Y6ty8TIvxHqvLzMAP7RxSotzjFmVa4h4Z+gJonWM=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfxb59ed040-8cf0-6482-d761-17e88f6daeb5" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
+    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfxb59ed040-8cf0-6482-d761-17e88f6daeb5"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>dja8Z53JMy4Wsdk8zKzWX85d3s4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>XJcLptMmplGfMkV125glXzD9owkU2Ol/pHaEqUvx7QpncJChqN2T9IJqnuoB8FEC454H+pGB4HnhrzBkgjX+0DiLSmffehb09jXk/VyGI0ts3tPWXLs2YN5A5bYt3EVkA90aCgoVNutksxydbCHDdYDSy+6hyuZrHpx0HQue7Yc=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
+        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
new file mode 100644
index 0000000000000..a298e6a83ded4
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx2de68117-87ab-4a4f-c7af-c43cc036864a" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfx2de68117-87ab-4a4f-c7af-c43cc036864a"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>oCC0QsjmaVk5nrDuahKQXhV28vI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>HBjBOh6FI8PkWrRj3sWN6hK89jpYnhl83aNTaDH2zNd6X+f5LZyA0V6uFnTa5mW1YF0mTjJSxzNuqUCLpN5onPTGBCnOTgpgmsmH7UpaK4OVJgZ/EEzwkftuMW0wpyDJNjK06XsaT1bLtFrp7byt3Qd0Rs9hORfLRj8KVVuQmOE=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:EncryptedAssertion>
+    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>mnkGnbwGcXeg29/nQJt/Y3fiDQik8YqgdO1bbY4YG7RXtYvVorgnXJJpZErUBEiFax9vY6NAYxXpCgzqV81rsl22FDuLl7li8Dbq3GrRsrmIalHGPM62YsB3/dUgyUI298iHajNxHjSN023ow3GfouB2eXi+aqIl+SRGDkD0b2M=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
+   <xenc:CipherData>
+      <xenc:CipherValue>aI3Uow+gjwwSD/7BXkFIHEZJmLK6vEPIugLy1fTh9UpNDmKaGJSTzCO03jeVhNNp/c4bdph/YjXzGCCCMZjBolOP2BjOzj6XXuaa7BvlyjnUoIz1HTaHyzfIQUHVckLfjzJxS7WqTvV4RU8yZWNDM7FokGXzCWEk+ra9ZTmoX/tvbnNvQ8A+Rm5HszdH6VKAFFhDU0xfrGkKPcou/uYbmRSbwCBkn0GReyDhCgRyU6kJb+D14o7tCPySIqfltegqiosCPi0Ceu4pUKZG/IpwKVLu1r/CqRxn2YSaG38SQOonGMQb9SVWYm1UNA33DobyKi0Pbxs9N03jXFnVMygMnGl4ADaHC0Nd7oyxGZGnk54yHbrtm7JrgY57yYv2JPlNG00IG3uU6cVKupht+yqeScP2JcwF9fHxvOzSIn5TKDv/XuU7KFWzzd5EWH3LEPB+Ah9ppHiqbwv9ZonpQPok9VvwdE0oTxqnNI00XZB0dkzqHCA3RIg30T+tQMkwlFySzi0dy+rtR98xx0x49wjzbTAzaMFH/L4g68/oruKbLKgPxMz2lkJSnZatK3czFugu5j4gk5gbOm226DPnh1hLZkaHri+ibJMFJ3zSQ/oQCCRtm3yFZnQgWro/g2X3Q1aJx6/Vygy6NS6uydkFFwJ3O4gQ04zlO0Lw/IV2XPh8keeSog9TdUN30tQbAjqKVgx2oRx79o8lEnKr/qIL/eUbwXXi4KoYKhNt6ZOoXgqImfk+bQfbXZSuIE6MdPocJp1utkMFMQwdb+9XrvuQxGNm/H1yyEU7YSHCTGXeP4BKxWMjMa0t0GdTwtgQwKOtHapdQCQtESzTMw7rFaczaKj+OR2JwM1hO/jLs1yFLDdydJoM0Gc7P0dZYvEd5uE1SeSiEVSdJlRwzRMBAVXfQMywtYGRVforod2pHvdRD8msNiKt2Poecj9uyFELRpV2VQGZdWofDEfSmHusxqzNWVLaSe36GJJ/SS3jMQfWzoX2NstORNNTVawceaJ8lhQqdJmpeC3EInTdZTXSuFpItoI/jHsCqf9MctnVaCe0wyf4WveQTkFBJN4f1c8JzmlJLUTv37AJn9C+xjF6lyTa/m9Ur1ZW6fWtkVV8SOgqbiOFdG7Y1J/V5VB9x3AXAPiL7RBfr6zJ4GjduSF4Ks1N5wxWquD5VtDE43W7JH5UEE9WjsmlNIN84s+Maw0xw5t7WQUGvms72h+HPJqFZ5iuuYnfJp+pOoApgtoa05SCnuXJTJwEHFpTYsxJer5/AYqL2rWGNA+zzNg8xRjd6X0nhUDDRbohaLumFvkvHNxax4XlI0xT/rdiiiiO+wv46aqocgdHGKPwBYPp9Yeq5t8kte8afazuEkMy5fhtR/H8afbNDVi4k1YBArPCw49qctgAKUmbU8iwpU8LrjVRIY/QkyR6ysDo2wGZvl034aMCntlPWPEaOoQ/845UIHBACXZgpptowXjxSShgrsgtYNCm38k1q5R6nSvd+i7x+1EaJdM09TIOahf5XeamGIK5mo9iN8pnXMc+Fdwn3z2aNTUfo8CxYejIpNpJDTrTvUiqpH6RswOVrfwn9nI6K7FMFQ5jxnCKIoYX+NxJrKztsiqspG/JN+K71Ctt8YcRCeTdDhF74q4NgC1lsfBed3jOVp4ggg7wYGLzJRPONDqnf0Vfk65dm11eXGsGKofK/yZ5VPBpMfLua3CN5eQahJS45bCQmQuiFS1Go3CahSe8B65amGmgoD5K9Kn/wWl0PiIiTW3Atk5I5pTBRto+ePkjqbl28dXAH0LIM/NbGVivnRTD+aH0vbdTnWYCy3dnA/6yh8hwV/fGCOigyvkVylLjyWbC6/LjClEFn3NFGQta87ucBlhqOHtm+bpzlIzHWs/fq+9bjb5UB1lbJI/l6zLvbPYZkGBeyOb+7A5Z801MtZVd281SYsjDOBXSa9CSPbIRPlwGZ3RBkZeCMBOse2rIBWj6THkm1oFosX4W5PmHNSt2LsCpLP2jmMoZhqm/ArWVitmyzdGQpw9zwu+6Hog7gCeVfpopfb7HwLzChBRM9cldH3xkb5Ke5rKMumhu65O4iFwrSYWcg0BzpBEK6sGhO2XzV0LHorQlbEzLLTX+AhJChkmoFfjZzG+mYGBB7ctRc3bRVRZM1ciL3NChlW8yx/suiXgBWd6vvXtgim0bbt8zG+T99/Uqo8/XW28dp7WTNCyfwW7WIAo7Q29BCWtdidapKZs+gJZ1YJUG8oj1hlALoa67/EPvU2xL803/87I5na40dqPlH/5m5pLz4ZE/U2jUfLxv45hKb+Wd7gWp+Ry/QWcdIG5e+IH9UwfhvOjkVTghntMdIuXTQhSxVhN0wdj0PLI0h3InmF0Y7ranOsPKb//gkGObmqkM21Ty6+rkTHBQkrvZ4rFnz74HeUG/JAK82KcdqGx+4N+2pQW82hKIQ+31zcBWhzxGe+IDOKBIIUP5kydkkBcp4u0/5M0YR1jxHvHLsvmVwf0Ql6SrF6zDvLXdjI9d/YlNAziQaOtrjTM5hHzHSu0xVMudZ7DcjfjKvQ7W6zAO01+PKJtGMtV7CCsKTk5mE2xtS9O/sY1uG/zHNxpb0ZtabV5LDrxlvAH8ulC3swaUKVacmXU/WhL0eEH+fCntkpLMuu7B01S2ZRpLOsWEni1WfLIA/rKz9kUFzsnBl3eHtQS3u+jnVXWRCjHjVK92j2xVH6dU7S+4l6zU7aiaERv9V+ZAV/yLpALOj0mgPwR9Fk4XjZ2eNUCL4XQvRCLLhAq8LPct9q+nz13smqSVcUmnqzhrVP11SNg4pw/ASlAlpjHSjN6tRVQo5v8bR7U8s7cI3OdyD/jfriBMGHn1hHMeCLqCom2evWSuQXceT6zB0FoVsTs5OCdiCLceIHpnW/f9CYWkiUuv+tSy54A=</xenc:CipherValue>
+   </xenc:CipherData>
+</xenc:EncryptedData>
+  </saml:EncryptedAssertion>
+</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion
new file mode 100644
index 0000000000000..967cba44b9206
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx3f3eae9e-6fa3-191d-3b3d-34af59688eef" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
+  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#pfx3f3eae9e-6fa3-191d-3b3d-34af59688eef"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>QWXF3EMgasFzVN/nSd91fCjkVK8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>x0f5o5YO7uEaV6DCY1jEc/a5Ae8Wyp8wYBevtBPCK03IEjgPOol8H9yWFvRruJgYUQlA5Nx18Rgrsn67f+szGMCGO3OkESV6MxtKL7Lz5RRmA/UB2CWMBGgy76ZwOi7GmSktbYtL1C8HvHNRcSUNXEB9ETfihsFZgQvicXxWQcg=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:EncryptedAssertion>
+    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>M+nk4IA2SKFtEkmXvdCw5mBACNqslcXiXcgJqEMvdJipHjVj44CF8NYriu6ia/Ls7WVXvFmStqe73ph72auWF1dzAXWqrllGQ0xH9v50lOVypmLjsx1QcQIamWLKRO2wdowg/J8mTY0lFfGSu7yWylpRLoHs2m0gRv5zl//JrDE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
+   <xenc:CipherData>
+      <xenc:CipherValue>UzuKNycHj8yeMQ5vJU7Wrgb9Y9VQqXqyAwx5+8AiX+sqWmzXpbvPL0OtUwGqoL4EGJR6zVwVBLg4OzDi7sAjWg34mk/wkbZBf+Ouatd3ya8YfkMzkxOrRyZMA0tPV99bsAuwLAtWKC3Nym2h+Y/htP68o8oyin/Kv9zoIUDpv0m8gAzQ6MThXYXE/3haMc58UqPku1vvPsTQlKq1TnGMsXsE+JOoTYaXKqtErOKOtplZnRJhp5IiM9+uKl/+5AiraWUNkijvicS5iPdbHQ4xPpWdsr8Jrtg60LxrVeTnwKhuPYjT4x8Wotvw6t0ycdKJw+fur6U2kfOFeZwBcEwRzH6n9gAIygFrGWCjJrDYG4ihJp9vsfD8AevTbEk1gGPtpSEgtEX+qVPEI0/SVt91FRT47FDvg42U9AFcMrHa9TcKPhVW2h+5Df3ZsBJ/sbsuvr8ei2L6TmMkITTTZMeLqxaSclFgSp/upYm07rzjkuz/cJHg1VCzEv8sMivuMCDvPSQYdIkVGg3DUDxRx6dD3CiJTAU76cLiWbxgAOYgmIygYUsC6Cb8ElZTcVa/3v1/Qb64bRQFD9EFk03f/uBTWdkVm9Q54ujvn5F8D0XJfHTP+SoMLkzy7QmTGIZ2cGzbUqnJTw0Auecqa6HQDCqqqlmWUp3i0+JtASXkSnHn/iht9ivykxVoUEWFrmddSa7uKpzRjmdDGE1DPH+zX6VrTnbQ4wZWRLBS4CGiUErw6xws9e01mEDaAnNwGVDi6hFGIZwP5zPHs4MKFFMiCAksN7GJKIxL03Nm8InTh9rBlNbZQatGh3qmyv8lvq3K4KwNIk0K5Wxgfh7H6LGkMpjII2CHFrQK8BvgMp8oAzLMDHmznA5Zz0EvY5ZO5g2NISWifeKYlBvCh6GvuZPJNjeKCkDuaE33hCer3+DWgsntoBRkxX976H2MkqPu4Ae7pRR/MtaMCoYFIdJtdwMWmPsABlqfJ6bMHL7ZIDrpAz6WOxeXdwOUE5GjYjn4eED1QVUvxCggUQFQLzdi15mOSOHq8tRCsihZwtyUwDhj3Hdg3sAmGKhktmuJbqCgbZkGOZ1xtX1jPQcxxBjMSbvE/rHhM47gcYeXzw9DjvgoUNGmYP2TWerEFxeIBowLLP6bXy32RMpMCA9QH5J4c1jsTfCX8BuZM0FkddDqAZY9+5QVwzApBzaFyB0N/lMt0uVQ98vBQQNhId3Yjd7PjNGYXrR94uI/syPDCkm+Gt2QXS6XqhKFGwirb5oj66k2kItN8OQf4Ues7gch6tQa+gdnL0bgUksxe4iDev6YbKAGLQS6je7lYqmpW7SCqkXXj8wsPxO0eU0sh09Mp1Gq4k9DRPwbq5P4DEc9lTohmMAs4WxFxVcZFnAjLF3uCk+nP/5CC2g0stsTphLMMl3c6DVEPiJs3jK3jXBJxc6h3vxK7snp5NXSNH+tuPrBwo6+VU9/BTicijyuHT8c16HBf3I1g2IS2MfQ0HdjzbRtKPWQtw6MBeiryTO6OUwgeNnHg+Nu9IVvf4llRiGBLIYh2PvnS33GMIC2P+vzZ4PyuB6TZsmD5q2HpWzwL6nu6PprGGCfwzW9nqnwmR9UzVXQi8Vk5gevItmtV7InygKFioUMC4tzzbsmdr3bN4D1oHZVVue3BnPAIl0YhiGo9XP87ZCqylfDG9It9MBpqo+Np0jnAjLfsWDCBlHH1T0BpgMAfygfbC263BSnH/3AcMurRIiplhTDH0teQ7pE66JyEhW7MslSpPChp3FwMEFxnHaNxGax26NCUKWSf82b74zFGXD34AL9toNJ1Ae58ILDlQya5lzHlib/4txWk5fpbVTLudbbYqOB4e5+R4epT0g/OvEYlcd/yaUAri4FtUFeIm+aIg1e5MGtqaqfcighn3268d4Tj2sNzbDV0u3+R8z5YnIPS0d0itlzo4pmctdSyYZsvqhCzN+pHhs83sVmnKsppAFamu/2tRGWunPj5Am/KjEBPU2H36FSvml/bEcbZ8QG1RY+qwFtgyAaWvseiTTxu88+TJAAJOQhZutNw97Z9sjsU8Z165x4NrEsHCh0L2qwM01NKstBfwz782l1s3WORAasXBMCWwceTqo+g+/jRZOZzG3dL2ZTTdMEVn5t9tx6+45K4QsN95Rq47GwmVJXio/NQcmNijtIz5HgXUz7AbwKPc4gkqJgEmvDT+bBREjlKxXj35INHlwPeOd7hCm9zq9HQF14cTP0A5z78HakmoH2JO4Fw2QjXOwD372YVs96sTKpYxItkTwrDByHFVTQNSUfyP41mIM1puis/yUqAdQT/VPgsinV7jO06NrZk4TduPIWTDsHEoe3lKijvUzQX6/1m7eglXpman/8K5MukR+m9vI0VNeqAo28jqulapcYsy7tpm8CuAxIalUM2B/csfoXE1fh/qXS5zbPJ4oGvf+XzeZDprIOvKtoUJYlgpJT6q5UHuSfyPmsetphomrMlEIdWboYn1WUNFRSg39dfSYiylxQ5ytq9IZla3vpLccoMx2X9fXVj2wzrisJiZr0nRlGY4EOE7cpz1wGjzlkZivYlc1ABo581yKASdBVRzmmyILKvN+qrNHreIm2s0iWw9iwmwnBwf+GmnjAUsQ9phiGF9jyJ3lYuCoTO7p3ZOmuDqRT+iqQ6LbcGPmaoqI5bA11jwrAJRlrfgkWN14238fxOmpkpGBhfGjeSBfXjGH49okQ4E8MV1XHldePH+oofwcvWvOLxGDbS6ej9seZFYKguXcBZctZTcAEV6OUDwCg9EBB4WoxQNcApZmB8xKk3GjhwYQrcRTWUS9e8GZt4ODgiaVjakr3Izlp0Ye48z868ya2aSy5SF9AaJ0P+c7SOFGCgz/pJMmTJSHLQkn0SDtrWqbqJbeodwKze/ziAq+Q/a7l7g/7oBpj+rQTQzWxejzUqPhf62LTPqayea6rSMUdPWZ9fO98ms0Sh/ZmJXjYfTPFwizPC4uQQU4S3nIcrSWWfTXcHgjm771OM/6DmHVDUF2i6xNvtMiR2prWa/PC9xkIlLldRTp+18XzyJeTrmgyKtBYMjwFi0cJrlDgD0tjRoC5rm/kINREka6B0egVDpkb3NpbHElC5BACBvV8jy0AMEcL2hymfduZ98MyNKHYWi+UUgZDgwHRLNXRaU5/vztepvv8V16RqjZSkO6F8TYioviqmg9nt2LMWhsCFg1Ba0btBX8cRDHagQQk7VRs5RjRkcE+WSd17GAg/peQNZqwV1MEEfxDi/y3GMQkxrw6TwQDoVT71v5+jq6M6C7v5j45h1pjjospknmCDr5au1y/YqexbXAd2/2AVJtTsSUZog4zkKztAVGh1mJ/brL4T128xZIf4+S5unN1bQhz3IJwMKoF6uwHuRPqgjyXy/9Zq3bkHZslfRvy4r1fUUjJ/7kjXHqDsdopAGr42+u6e64MsyuckBa2ACWLrlDDvV8nxglachZr1YHSWAFJBMI9Sf0pQjnpsmhBqz3Y8JyDRMdO0hSzEHnks+jw8vWe/nAUHE260yl9fSTXHeJ5LZHOUW18WxSreaE10gWeq+ZcjNhMkZoh8ajKqBPuhLD+z45xvOf4gCiclnL3p3Eb90q9MHO1bgIMC4nIM8l8kKKHi8+ZXnjjSYbCc1SIIQkN1T4snNbLkr7Ic6HNu9m+6AZnPoBIZWB84GjQ1804XGSCknhpsgflhr1D+rarCRTr2asO3ESP8E5h/3BQYSe7yAdcsAchpwCxLSFLEs6Fd46YbcLMZ7IJxqFCGehBBjhyCfQGlH5bwBO94Duw8n3ebEXxn4GqN0IdaF2pXEIIRLFh5L81/jKaARu7InO7/NxbfQgeN/AVnzeIs64qE68qTLPugeynmvm3gGjAS1k84RWUaneaPP4b3lukGkWVWgRg2TjPkORfwnvDy1XAX4cmA6lLwmRI9ovzmRT2k7K3khdzFjKi4JHaPLxhyZlSJZ4f6mm5xILfkdAiVlyrW7qkHZMxlM4P+PJrvkixi49kbI0/JArh9Oj+RP1sFqbGNF3hCPoYiV7dBeZGdAlgk3e3qiy+lRSbvcmbCidrgnmaLaVwGWrSnCqUTegu8wSA8kkgiK7Af4zrsnU36T0RpWLILC1CU64wDWIFUK7wmQddIB2NHKUkaNyjjR5uI30YXKg9syDWYFnTnrYlkbXSlw5mLPgmzDYz7xANNoOnRykVGYHCvYYNhezzTc/lOMzqM7fiTQvDKm0aeayNmrywjTM7/jMd+IGkmD6qhI05+rltsZ8UXp3OnOfo2mHnt/IisfxZoQSgeU48N7NLAASqfPAcKowl8Wkv9VUHfbvNgdqfO4+hc1UZFYvo9INSR+itKX0UFdfSq0xF3+P/OuiC23nyjNEgFh2SECYDEUX63DL8M/+1RtYcEcc7QCKnobWVRjSI0TI0sHyCjVdjfSsx2wT6j1+9k/DD/8ow/1QDkU8vv5HflkceNQQnAfpIaNVxQqbEJpj+i/FrfORsgDcQ2rbhXwENK61fv5pcad5pmDuggJvJ6UVqBlFHEKbT0KNxoFCLRBxM6KRZ9C/O+9JtYfQfx8mjyLWEZ05NtwWRBxmUTXyGbpZIomXpnjz1w8uhNgh5hQPQmL2zeIF5iVGZOgH8PuyBMo9AUMxSUYnAwuLxjt+z5R92IL0Wx2RyEtNS52GHDoZQoegUSwDCJE0r4H5RzwCm7GPBpRo6Rcv6wtEBqpZraGtdruKMOWr083z1F0Arfwrfc2J5a7ac5YYAYsVPfroy4wht9WWX/XVWOcJZEpisChjOKTQRbz+94Wm+kpkNzFSK4LHdII08byjP54pH1q5eK7l2t2ncNqyS8MZ5n5oFeuLKcECsuIxk/EWErg/zlAn5JR5fMBXqibeWL5joiTe86rsOoPeJ/iujBdgXRLImLT4GcEy7MZlhER0srSV8MvAbW2UAgahQGP32NQ1wd7ltubdYtffXfWYFm+K1b3mbxgDYEy7/oQBw7K3WOjhU5g0Nk2hCyYOQ4eB1x047kSZbbZjyOwKMk91NumDMg308pUcf3hB/pygj3QnwqkdhhCkFw7fQnam2W5Pnxhz665CAMZ4VDVtTcnLbot5BI6NFpf9jDYc/3yCCBJx2gW6T/U1LFY2SdkA84rnjpl3Nmq41IiWwKQY/D9bdQZYUr1vUxJY+/QcDD6vVyvDbjskyfFC/K9J+lcqjRAUXrKsAo2u39JjdEV4haKCX0Yvoi4KqDMU8hvz6ssGWskW1OwFXzjjCv5v0Lv/StEx0Chhr4mSoamQx5GSnP2ZRpbtzKMZxLCjIdMn9/Vv5ka9T6H3OgfIM08Q4dXn0TudGLXssxmliXOSOUS4PS9Uqo28r3SkhVSjbe6DSuQI6xy3g42O8oqzxUPxJWnJSUgc99gMnLICuxp0F0xuh0L5bINcL5+q04FC6h2yHUhzmiGs+RrEMVAC5iHO0mMBXab022LZ3ooODp0eheJg=</xenc:CipherValue>
+   </xenc:CipherData>
+</xenc:EncryptedData>
+  </saml:EncryptedAssertion>
+</samlp:Response>
diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
new file mode 100755
index 0000000000000..9e40d768f907b
--- /dev/null
+++ b/fuzz/oss-fuzz-build.sh
@@ -0,0 +1,144 @@
+#!/bin/bash -eu
+
+TELEPORT_PREFIX="github.com/gravitational/teleport"
+
+prepare_teleport() {
+
+  go mod tidy
+
+  go get github.com/AdamKorcz/go-118-fuzz-build/utils
+  go get k8s.io/client-go/tools/clientcmd@v0.23.3
+  go get github.com/ThalesIgnite/crypto11@v1.2.4
+
+  # Fix /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.0/fuzz.go:13:21:
+  # not enough arguments in call to Parse
+  rm /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@*/fuzz.go
+
+}
+
+prepare_teleport_api() {
+
+  (cd api; go get github.com/AdamKorcz/go-118-fuzz-build/utils)
+
+}
+
+build_teleport_fuzzers() {
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
+    FuzzParseSAMLInResponseTo fuzz_parse_saml_in_response_to
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/restrictedsession \
+    FuzzParseIPSpec fuzz_parse_ip_spec
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParseRefs fuzz_parse_refs
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/redis \
+    FuzzParseRedisAddress fuzz_parse_redis_address
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/sshutils/x11 \
+    FuzzParseDisplay fuzz_parse_display
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
+    FuzzNewExpression fuzz_new_expression
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
+    FuzzNewMatcher fuzz_new_matcher
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzParseProxyJump fuzz_parse_proxy_jump
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzParseWebLinks fuzz_parse_web_links
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzReadYAML fuzz_read_yaml
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
+    FuzzParseProxyHost fuzz_parse_proxy_host
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/regular \
+    FuzzParseProxySubsys fuzz_parse_proxy_subsys
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/kube/proxy \
+    FuzzParseResourcePath fuzz_parse_resource_path
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
+    FuzzParsePacket fuzz_parse_mysql_packet
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
+    FuzzFetchMySQLVersion fuzz_fetch_mysql_version
+
+# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
+#   FuzzParseAndVerifyIID fuzz_parse_and_verify_iid
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
+    FuzzParseLabelSpec fuzz_parse_label_spec
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/sqlserver/protocol \
+    FuzzMSSQLLogin fuzz_mssql_login
+
+# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mongodb/protocol \
+#   FuzzMongoRead fuzz_mongo_read
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
+    FuzzParseCredentialCreationResponseBody fuzz_parse_credential_creation_response_body
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
+    FuzzParseCredentialRequestResponseBody fuzz_parse_credential_request_response_body
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/web \
+    FuzzTdpMFACodecDecode fuzz_tdp_mfa_codec_decode
+
+}
+
+build_teleport_api_fuzzers() {
+
+  cd api
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/types \
+    FuzzParseDuration fuzz_parse_duration
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseRDSEndpoint fuzz_parse_rds_endpoint
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseRedshiftEndpoint fuzz_parse_redshift_endpoint
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseElastiCacheEndpoint fuzz_parse_elasti_cache_endpoint
+
+  cd -
+
+}
+
+compile() {
+
+  prepare_teleport
+  prepare_teleport_api
+
+  build_teleport_fuzzers
+  build_teleport_api_fuzzers
+
+}
+
+copy_corpora() {
+
+  # generate corpus
+  for fuzzer_path in fuzz/corpora/fuzz_*
+  do
+    fuzzer_name=$OUT/$(basename "$fuzzer_path")
+    rm -f "$fuzzer_name"_seed_corpus.zip
+    zip --junk-paths "$fuzzer_name"_seed_corpus.zip $fuzzer_path/*
+  done
+
+}
+
+copy_corpora
+compile
diff --git a/lib/auth/fuzz_test.go b/lib/auth/fuzz_test.go
new file mode 100644
index 0000000000000..487e497f6b103
--- /dev/null
+++ b/lib/auth/fuzz_test.go
@@ -0,0 +1,48 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package auth
+
+import (
+	"encoding/base64"
+	"testing"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseSAMLInResponseTo(f *testing.F) {
+
+	// Disable Go App Engine logging
+	logrus.SetLevel(logrus.PanicLevel)
+
+	f.Fuzz(func(t *testing.T, response string) {
+		require.NotPanics(t, func() {
+			ParseSAMLInResponseTo(base64.StdEncoding.EncodeToString([]byte(response)))
+		})
+	})
+}
+
+func FuzzParseAndVerifyIID(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, iidBytes []byte) {
+		require.NotPanics(t, func() {
+			parseAndVerifyIID(iidBytes)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/auth/webauthn/fuzz_test.go b/lib/auth/webauthn/fuzz_test.go
new file mode 100644
index 0000000000000..a70d2b2eb9ccf
--- /dev/null
+++ b/lib/auth/webauthn/fuzz_test.go
@@ -0,0 +1,48 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package webauthn
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/duo-labs/webauthn/protocol"
+)
+
+func FuzzParseCredentialCreationResponseBody(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, body []byte) {
+
+		require.NotPanics(t, func() {
+			protocol.ParseCredentialCreationResponseBody(bytes.NewReader(body))
+		})
+	})
+}
+
+func FuzzParseCredentialRequestResponseBody(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, body []byte) {
+
+		require.NotPanics(t, func() {
+			protocol.ParseCredentialRequestResponseBody(bytes.NewReader(body))
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/client/fuzz_test.go b/lib/client/fuzz_test.go
new file mode 100644
index 0000000000000..69c9416f73efe
--- /dev/null
+++ b/lib/client/fuzz_test.go
@@ -0,0 +1,52 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseProxyHost(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, proxyHost string) {
+		require.NotPanics(t, func() {
+			ParseProxyHost(proxyHost)
+		})
+	})
+}
+
+func FuzzParseLabelSpec(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, spec string) {
+		require.NotPanics(t, func() {
+			ParseLabelSpec(spec)
+		})
+	})
+}
+
+func FuzzParseSearchKeywords(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, spec string, customDelimiter rune) {
+		require.NotPanics(t, func() {
+			ParseSearchKeywords(spec, customDelimiter)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/kube/proxy/fuzz_test.go b/lib/kube/proxy/fuzz_test.go
new file mode 100644
index 0000000000000..7f3ec3b24d04b
--- /dev/null
+++ b/lib/kube/proxy/fuzz_test.go
@@ -0,0 +1,35 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package proxy
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseResourcePath(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, path string) {
+
+		require.NotPanics(t, func() {
+			parseResourcePath(path)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/restrictedsession/fuzz_test.go b/lib/restrictedsession/fuzz_test.go
new file mode 100644
index 0000000000000..c714c69c7935c
--- /dev/null
+++ b/lib/restrictedsession/fuzz_test.go
@@ -0,0 +1,34 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package restrictedsession
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseIPSpec(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, cidr string) {
+		require.NotPanics(t, func() {
+			ParseIPSpec(cidr)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/services/fuzz_test.go b/lib/services/fuzz_test.go
new file mode 100644
index 0000000000000..17c893819c0f4
--- /dev/null
+++ b/lib/services/fuzz_test.go
@@ -0,0 +1,62 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package services
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/api/types"
+)
+
+func FuzzParseRefs(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, refs string) {
+		require.NotPanics(t, func() {
+			ParseRefs(refs)
+		})
+	})
+}
+
+func FuzzParserEvalBoolPredicate(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, expr string) {
+		resource, err := types.NewServerWithLabels("test-name", types.KindNode, types.ServerSpecV2{
+			Hostname: "test-hostname",
+			Addr:     "test-addr",
+			CmdLabels: map[string]types.CommandLabelV2{
+				"version": {
+					Result: "v8",
+				},
+			},
+		}, map[string]string{
+			"env": "prod",
+			"os":  "mac",
+		})
+		require.NoError(t, err)
+
+		parser, err := NewResourceParser(resource)
+		require.NoError(t, err)
+
+		require.NotPanics(t, func() {
+			parser.EvalBoolPredicate(expr)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/srv/db/redis/fuzz_test.go b/lib/srv/db/redis/fuzz_test.go
new file mode 100644
index 0000000000000..3179ff55f66c4
--- /dev/null
+++ b/lib/srv/db/redis/fuzz_test.go
@@ -0,0 +1,34 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package redis
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseRedisAddress(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, addr string) {
+		require.NotPanics(t, func() {
+			ParseRedisAddress(addr)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/srv/regular/fuzz_test.go b/lib/srv/regular/fuzz_test.go
new file mode 100644
index 0000000000000..74f513ba0abe7
--- /dev/null
+++ b/lib/srv/regular/fuzz_test.go
@@ -0,0 +1,43 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package regular
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/lib/srv"
+)
+
+func FuzzParseProxySubsys(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, request string) {
+		server := &Server{
+			hostname:  "redhorse",
+			proxyMode: true,
+		}
+
+		ctx := &srv.ServerContext{}
+
+		require.NotPanics(t, func() {
+			parseProxySubsys(request, server, ctx)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/sshutils/x11/fuzz_test.go b/lib/sshutils/x11/fuzz_test.go
new file mode 100644
index 0000000000000..4e8dd95a5921c
--- /dev/null
+++ b/lib/sshutils/x11/fuzz_test.go
@@ -0,0 +1,34 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package x11
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseDisplay(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, displayString string) {
+		require.NotPanics(t, func() {
+			ParseDisplay(displayString)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/utils/fuzz_test.go b/lib/utils/fuzz_test.go
new file mode 100644
index 0000000000000..9ca389f4f4ad0
--- /dev/null
+++ b/lib/utils/fuzz_test.go
@@ -0,0 +1,64 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package utils
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"net/http"
+)
+
+func FuzzParseProxyJump(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, in string) {
+		require.NotPanics(t, func() {
+			ParseProxyJump(in)
+		})
+	})
+}
+
+func FuzzParseWebLinks(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, s string) {
+		links := strings.Split(s, "|")
+		require.NotPanics(t, func() {
+			inResponse := &http.Response{
+				Header: http.Header{
+					"Link": links,
+				},
+			}
+			ParseWebLinks(inResponse)
+		})
+	})
+}
+
+func FuzzReadYAML(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, dataBytes []byte) {
+		data := bytes.NewReader(dataBytes)
+
+		require.NotPanics(t, func() {
+			ReadYAML(data)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/utils/parse/fuzz_test.go b/lib/utils/parse/fuzz_test.go
new file mode 100644
index 0000000000000..589bf41ae826e
--- /dev/null
+++ b/lib/utils/parse/fuzz_test.go
@@ -0,0 +1,43 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package parse
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzNewExpression(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, variable string) {
+		require.NotPanics(t, func() {
+			NewExpression(variable)
+		})
+	})
+}
+
+func FuzzNewMatcher(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, value string) {
+		require.NotPanics(t, func() {
+			NewMatcher(value)
+		})
+	})
+}
\ No newline at end of file
diff --git a/lib/web/fuzz_test.go b/lib/web/fuzz_test.go
new file mode 100644
index 0000000000000..2a6d06866eff2
--- /dev/null
+++ b/lib/web/fuzz_test.go
@@ -0,0 +1,35 @@
+//go:build go1.18
+
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package web
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzTdpMFACodecDecode(f *testing.F) {
+
+	f.Fuzz(func(t *testing.T, buf []byte) {
+		require.NotPanics(t, func() {
+			codec := tdpMFACodec{}
+			codec.decode(buf, "")
+		})
+	})
+}
\ No newline at end of file

From ee600c50d14fe6d5312343ca9659edb7df6d7cc2 Mon Sep 17 00:00:00 2001
From: Norbert Szetei <59439874+nszetei@users.noreply.github.com>
Date: Tue, 14 Jun 2022 17:38:06 +0200
Subject: [PATCH 02/10] Update api/types/fuzz_test.go

Co-authored-by: Zac Bergquist <zbergquist99@gmail.com>
---
 api/types/fuzz_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/api/types/fuzz_test.go b/api/types/fuzz_test.go
index 75c76fe760084..59cae087512e3 100644
--- a/api/types/fuzz_test.go
+++ b/api/types/fuzz_test.go
@@ -23,7 +23,6 @@ import (
 )
 
 func FuzzParseDuration(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, s string) {
 		require.NotPanics(t, func() {
 			parseDuration(s)

From 26d28860b70406378a998604e0a08f6ae5a4b98e Mon Sep 17 00:00:00 2001
From: tbnz <norbert@doyensec.com>
Date: Wed, 15 Jun 2022 14:51:54 +0200
Subject: [PATCH 03/10] fixes

---
 api/types/fuzz_test.go                        |  2 +-
 api/utils/aws/fuzz_test.go                    |  7 +--
 .../saml_response                             | 37 ---------------
 .../saml_response_encrypted_assertion         | 13 ------
 ...ml_response_signed_and_encrypted_assertion | 13 ------
 .../saml_response_signed_assertion            | 41 -----------------
 .../saml_response_signed_message              | 42 -----------------
 ...saml_response_signed_message_and_assertion | 46 -------------------
 ...nse_signed_message_and_encrypted_assertion | 18 --------
 ..._signed_message_signed_encrypted_assertion | 18 --------
 fuzz/oss-fuzz-build.sh                        |  4 +-
 lib/auth/fuzz_test.go                         |  6 +--
 lib/auth/webauthn/fuzz_test.go                |  6 +--
 lib/client/fuzz_test.go                       |  7 +--
 lib/kube/proxy/fuzz_test.go                   |  5 +-
 lib/restrictedsession/fuzz_test.go            |  5 +-
 lib/services/fuzz_test.go                     |  6 +--
 lib/srv/db/mongodb/protocol/fuzz_test.go      | 24 ++++------
 lib/srv/db/mysql/protocol/fuzz_test.go        |  2 -
 lib/srv/db/redis/fuzz_test.go                 |  5 +-
 lib/srv/db/sqlserver/protocol/fuzz_test.go    | 25 ++++------
 lib/srv/regular/fuzz_test.go                  |  5 +-
 lib/sshutils/x11/fuzz_test.go                 |  5 +-
 lib/utils/fuzz_test.go                        |  7 +--
 lib/utils/parse/fuzz_test.go                  |  6 +--
 lib/web/fuzz_test.go                          |  5 +-
 26 files changed, 35 insertions(+), 325 deletions(-)
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
 delete mode 100644 fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion

diff --git a/api/types/fuzz_test.go b/api/types/fuzz_test.go
index 59cae087512e3..2747376bf45cb 100644
--- a/api/types/fuzz_test.go
+++ b/api/types/fuzz_test.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 Gravitational, Inc.
+Copyright 2022 Gravitational, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/api/utils/aws/fuzz_test.go b/api/utils/aws/fuzz_test.go
index f2041f295d7a9..82457a08190a7 100644
--- a/api/utils/aws/fuzz_test.go
+++ b/api/utils/aws/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,7 +23,6 @@ import (
 )
 
 func FuzzParseRDSEndpoint(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, endpoint string) {
 		require.NotPanics(t, func() {
 			ParseRDSEndpoint(endpoint)
@@ -34,7 +31,6 @@ func FuzzParseRDSEndpoint(f *testing.F) {
 }
 
 func FuzzParseRedshiftEndpoint(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, endpoint string) {
 		require.NotPanics(t, func() {
 			ParseRedshiftEndpoint(endpoint)
@@ -43,10 +39,9 @@ func FuzzParseRedshiftEndpoint(f *testing.F) {
 }
 
 func FuzzParseElastiCacheEndpoint(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, endpoint string) {
 		require.NotPanics(t, func() {
 			ParseElastiCacheEndpoint(endpoint)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
deleted file mode 100644
index 9977d57361687..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response
+++ /dev/null
@@ -1,37 +0,0 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
-    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-    <saml:Subject>
-      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
-      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
-      </saml:SubjectConfirmation>
-    </saml:Subject>
-    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
-      <saml:AudienceRestriction>
-        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
-      </saml:AudienceRestriction>
-    </saml:Conditions>
-    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
-      <saml:AuthnContext>
-        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
-      </saml:AuthnContext>
-    </saml:AuthnStatement>
-    <saml:AttributeStatement>
-      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
-        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
-      </saml:Attribute>
-    </saml:AttributeStatement>
-  </saml:Assertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
deleted file mode 100644
index 6237f3bc8f168..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_encrypted_assertion
+++ /dev/null
@@ -1,13 +0,0 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:EncryptedAssertion>
-    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>mnkGnbwGcXeg29/nQJt/Y3fiDQik8YqgdO1bbY4YG7RXtYvVorgnXJJpZErUBEiFax9vY6NAYxXpCgzqV81rsl22FDuLl7li8Dbq3GrRsrmIalHGPM62YsB3/dUgyUI298iHajNxHjSN023ow3GfouB2eXi+aqIl+SRGDkD0b2M=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
-   <xenc:CipherData>
-      <xenc:CipherValue>aI3Uow+gjwwSD/7BXkFIHEZJmLK6vEPIugLy1fTh9UpNDmKaGJSTzCO03jeVhNNp/c4bdph/YjXzGCCCMZjBolOP2BjOzj6XXuaa7BvlyjnUoIz1HTaHyzfIQUHVckLfjzJxS7WqTvV4RU8yZWNDM7FokGXzCWEk+ra9ZTmoX/tvbnNvQ8A+Rm5HszdH6VKAFFhDU0xfrGkKPcou/uYbmRSbwCBkn0GReyDhCgRyU6kJb+D14o7tCPySIqfltegqiosCPi0Ceu4pUKZG/IpwKVLu1r/CqRxn2YSaG38SQOonGMQb9SVWYm1UNA33DobyKi0Pbxs9N03jXFnVMygMnGl4ADaHC0Nd7oyxGZGnk54yHbrtm7JrgY57yYv2JPlNG00IG3uU6cVKupht+yqeScP2JcwF9fHxvOzSIn5TKDv/XuU7KFWzzd5EWH3LEPB+Ah9ppHiqbwv9ZonpQPok9VvwdE0oTxqnNI00XZB0dkzqHCA3RIg30T+tQMkwlFySzi0dy+rtR98xx0x49wjzbTAzaMFH/L4g68/oruKbLKgPxMz2lkJSnZatK3czFugu5j4gk5gbOm226DPnh1hLZkaHri+ibJMFJ3zSQ/oQCCRtm3yFZnQgWro/g2X3Q1aJx6/Vygy6NS6uydkFFwJ3O4gQ04zlO0Lw/IV2XPh8keeSog9TdUN30tQbAjqKVgx2oRx79o8lEnKr/qIL/eUbwXXi4KoYKhNt6ZOoXgqImfk+bQfbXZSuIE6MdPocJp1utkMFMQwdb+9XrvuQxGNm/H1yyEU7YSHCTGXeP4BKxWMjMa0t0GdTwtgQwKOtHapdQCQtESzTMw7rFaczaKj+OR2JwM1hO/jLs1yFLDdydJoM0Gc7P0dZYvEd5uE1SeSiEVSdJlRwzRMBAVXfQMywtYGRVforod2pHvdRD8msNiKt2Poecj9uyFELRpV2VQGZdWofDEfSmHusxqzNWVLaSe36GJJ/SS3jMQfWzoX2NstORNNTVawceaJ8lhQqdJmpeC3EInTdZTXSuFpItoI/jHsCqf9MctnVaCe0wyf4WveQTkFBJN4f1c8JzmlJLUTv37AJn9C+xjF6lyTa/m9Ur1ZW6fWtkVV8SOgqbiOFdG7Y1J/V5VB9x3AXAPiL7RBfr6zJ4GjduSF4Ks1N5wxWquD5VtDE43W7JH5UEE9WjsmlNIN84s+Maw0xw5t7WQUGvms72h+HPJqFZ5iuuYnfJp+pOoApgtoa05SCnuXJTJwEHFpTYsxJer5/AYqL2rWGNA+zzNg8xRjd6X0nhUDDRbohaLumFvkvHNxax4XlI0xT/rdiiiiO+wv46aqocgdHGKPwBYPp9Yeq5t8kte8afazuEkMy5fhtR/H8afbNDVi4k1YBArPCw49qctgAKUmbU8iwpU8LrjVRIY/QkyR6ysDo2wGZvl034aMCntlPWPEaOoQ/845UIHBACXZgpptowXjxSShgrsgtYNCm38k1q5R6nSvd+i7x+1EaJdM09TIOahf5XeamGIK5mo9iN8pnXMc+Fdwn3z2aNTUfo8CxYejIpNpJDTrTvUiqpH6RswOVrfwn9nI6K7FMFQ5jxnCKIoYX+NxJrKztsiqspG/JN+K71Ctt8YcRCeTdDhF74q4NgC1lsfBed3jOVp4ggg7wYGLzJRPONDqnf0Vfk65dm11eXGsGKofK/yZ5VPBpMfLua3CN5eQahJS45bCQmQuiFS1Go3CahSe8B65amGmgoD5K9Kn/wWl0PiIiTW3Atk5I5pTBRto+ePkjqbl28dXAH0LIM/NbGVivnRTD+aH0vbdTnWYCy3dnA/6yh8hwV/fGCOigyvkVylLjyWbC6/LjClEFn3NFGQta87ucBlhqOHtm+bpzlIzHWs/fq+9bjb5UB1lbJI/l6zLvbPYZkGBeyOb+7A5Z801MtZVd281SYsjDOBXSa9CSPbIRPlwGZ3RBkZeCMBOse2rIBWj6THkm1oFosX4W5PmHNSt2LsCpLP2jmMoZhqm/ArWVitmyzdGQpw9zwu+6Hog7gCeVfpopfb7HwLzChBRM9cldH3xkb5Ke5rKMumhu65O4iFwrSYWcg0BzpBEK6sGhO2XzV0LHorQlbEzLLTX+AhJChkmoFfjZzG+mYGBB7ctRc3bRVRZM1ciL3NChlW8yx/suiXgBWd6vvXtgim0bbt8zG+T99/Uqo8/XW28dp7WTNCyfwW7WIAo7Q29BCWtdidapKZs+gJZ1YJUG8oj1hlALoa67/EPvU2xL803/87I5na40dqPlH/5m5pLz4ZE/U2jUfLxv45hKb+Wd7gWp+Ry/QWcdIG5e+IH9UwfhvOjkVTghntMdIuXTQhSxVhN0wdj0PLI0h3InmF0Y7ranOsPKb//gkGObmqkM21Ty6+rkTHBQkrvZ4rFnz74HeUG/JAK82KcdqGx+4N+2pQW82hKIQ+31zcBWhzxGe+IDOKBIIUP5kydkkBcp4u0/5M0YR1jxHvHLsvmVwf0Ql6SrF6zDvLXdjI9d/YlNAziQaOtrjTM5hHzHSu0xVMudZ7DcjfjKvQ7W6zAO01+PKJtGMtV7CCsKTk5mE2xtS9O/sY1uG/zHNxpb0ZtabV5LDrxlvAH8ulC3swaUKVacmXU/WhL0eEH+fCntkpLMuu7B01S2ZRpLOsWEni1WfLIA/rKz9kUFzsnBl3eHtQS3u+jnVXWRCjHjVK92j2xVH6dU7S+4l6zU7aiaERv9V+ZAV/yLpALOj0mgPwR9Fk4XjZ2eNUCL4XQvRCLLhAq8LPct9q+nz13smqSVcUmnqzhrVP11SNg4pw/ASlAlpjHSjN6tRVQo5v8bR7U8s7cI3OdyD/jfriBMGHn1hHMeCLqCom2evWSuQXceT6zB0FoVsTs5OCdiCLceIHpnW/f9CYWkiUuv+tSy54A=</xenc:CipherValue>
-   </xenc:CipherData>
-</xenc:EncryptedData>
-  </saml:EncryptedAssertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
deleted file mode 100644
index 4abeb7ce5ee65..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_and_encrypted_assertion
+++ /dev/null
@@ -1,13 +0,0 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:EncryptedAssertion>
-    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>M+nk4IA2SKFtEkmXvdCw5mBACNqslcXiXcgJqEMvdJipHjVj44CF8NYriu6ia/Ls7WVXvFmStqe73ph72auWF1dzAXWqrllGQ0xH9v50lOVypmLjsx1QcQIamWLKRO2wdowg/J8mTY0lFfGSu7yWylpRLoHs2m0gRv5zl//JrDE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
-   <xenc:CipherData>
-      <xenc:CipherValue>UzuKNycHj8yeMQ5vJU7Wrgb9Y9VQqXqyAwx5+8AiX+sqWmzXpbvPL0OtUwGqoL4EGJR6zVwVBLg4OzDi7sAjWg34mk/wkbZBf+Ouatd3ya8YfkMzkxOrRyZMA0tPV99bsAuwLAtWKC3Nym2h+Y/htP68o8oyin/Kv9zoIUDpv0m8gAzQ6MThXYXE/3haMc58UqPku1vvPsTQlKq1TnGMsXsE+JOoTYaXKqtErOKOtplZnRJhp5IiM9+uKl/+5AiraWUNkijvicS5iPdbHQ4xPpWdsr8Jrtg60LxrVeTnwKhuPYjT4x8Wotvw6t0ycdKJw+fur6U2kfOFeZwBcEwRzH6n9gAIygFrGWCjJrDYG4ihJp9vsfD8AevTbEk1gGPtpSEgtEX+qVPEI0/SVt91FRT47FDvg42U9AFcMrHa9TcKPhVW2h+5Df3ZsBJ/sbsuvr8ei2L6TmMkITTTZMeLqxaSclFgSp/upYm07rzjkuz/cJHg1VCzEv8sMivuMCDvPSQYdIkVGg3DUDxRx6dD3CiJTAU76cLiWbxgAOYgmIygYUsC6Cb8ElZTcVa/3v1/Qb64bRQFD9EFk03f/uBTWdkVm9Q54ujvn5F8D0XJfHTP+SoMLkzy7QmTGIZ2cGzbUqnJTw0Auecqa6HQDCqqqlmWUp3i0+JtASXkSnHn/iht9ivykxVoUEWFrmddSa7uKpzRjmdDGE1DPH+zX6VrTnbQ4wZWRLBS4CGiUErw6xws9e01mEDaAnNwGVDi6hFGIZwP5zPHs4MKFFMiCAksN7GJKIxL03Nm8InTh9rBlNbZQatGh3qmyv8lvq3K4KwNIk0K5Wxgfh7H6LGkMpjII2CHFrQK8BvgMp8oAzLMDHmznA5Zz0EvY5ZO5g2NISWifeKYlBvCh6GvuZPJNjeKCkDuaE33hCer3+DWgsntoBRkxX976H2MkqPu4Ae7pRR/MtaMCoYFIdJtdwMWmPsABlqfJ6bMHL7ZIDrpAz6WOxeXdwOUE5GjYjn4eED1QVUvxCggUQFQLzdi15mOSOHq8tRCsihZwtyUwDhj3Hdg3sAmGKhktmuJbqCgbZkGOZ1xtX1jPQcxxBjMSbvE/rHhM47gcYeXzw9DjvgoUNGmYP2TWerEFxeIBowLLP6bXy32RMpMCA9QH5J4c1jsTfCX8BuZM0FkddDqAZY9+5QVwzApBzaFyB0N/lMt0uVQ98vBQQNhId3Yjd7PjNGYXrR94uI/syPDCkm+Gt2QXS6XqhKFGwirb5oj66k2kItN8OQf4Ues7gch6tQa+gdnL0bgUksxe4iDev6YbKAGLQS6je7lYqmpW7SCqkXXj8wsPxO0eU0sh09Mp1Gq4k9DRPwbq5P4DEc9lTohmMAs4WxFxVcZFnAjLF3uCk+nP/5CC2g0stsTphLMMl3c6DVEPiJs3jK3jXBJxc6h3vxK7snp5NXSNH+tuPrBwo6+VU9/BTicijyuHT8c16HBf3I1g2IS2MfQ0HdjzbRtKPWQtw6MBeiryTO6OUwgeNnHg+Nu9IVvf4llRiGBLIYh2PvnS33GMIC2P+vzZ4PyuB6TZsmD5q2HpWzwL6nu6PprGGCfwzW9nqnwmR9UzVXQi8Vk5gevItmtV7InygKFioUMC4tzzbsmdr3bN4D1oHZVVue3BnPAIl0YhiGo9XP87ZCqylfDG9It9MBpqo+Np0jnAjLfsWDCBlHH1T0BpgMAfygfbC263BSnH/3AcMurRIiplhTDH0teQ7pE66JyEhW7MslSpPChp3FwMEFxnHaNxGax26NCUKWSf82b74zFGXD34AL9toNJ1Ae58ILDlQya5lzHlib/4txWk5fpbVTLudbbYqOB4e5+R4epT0g/OvEYlcd/yaUAri4FtUFeIm+aIg1e5MGtqaqfcighn3268d4Tj2sNzbDV0u3+R8z5YnIPS0d0itlzo4pmctdSyYZsvqhCzN+pHhs83sVmnKsppAFamu/2tRGWunPj5Am/KjEBPU2H36FSvml/bEcbZ8QG1RY+qwFtgyAaWvseiTTxu88+TJAAJOQhZutNw97Z9sjsU8Z165x4NrEsHCh0L2qwM01NKstBfwz782l1s3WORAasXBMCWwceTqo+g+/jRZOZzG3dL2ZTTdMEVn5t9tx6+45K4QsN95Rq47GwmVJXio/NQcmNijtIz5HgXUz7AbwKPc4gkqJgEmvDT+bBREjlKxXj35INHlwPeOd7hCm9zq9HQF14cTP0A5z78HakmoH2JO4Fw2QjXOwD372YVs96sTKpYxItkTwrDByHFVTQNSUfyP41mIM1puis/yUqAdQT/VPgsinV7jO06NrZk4TduPIWTDsHEoe3lKijvUzQX6/1m7eglXpman/8K5MukR+m9vI0VNeqAo28jqulapcYsy7tpm8CuAxIalUM2B/csfoXE1fh/qXS5zbPJ4oGvf+XzeZDprIOvKtoUJYlgpJT6q5UHuSfyPmsetphomrMlEIdWboYn1WUNFRSg39dfSYiylxQ5ytq9IZla3vpLccoMx2X9fXVj2wzrisJiZr0nRlGY4EOE7cpz1wGjzlkZivYlc1ABo581yKASdBVRzmmyILKvN+qrNHreIm2s0iWw9iwmwnBwf+GmnjAUsQ9phiGF9jyJ3lYuCoTO7p3ZOmuDqRT+iqQ6LbcGPmaoqI5bA11jwrAJRlrfgkWN14238fxOmpkpGBhfGjeSBfXjGH49okQ4E8MV1XHldePH+oofwcvWvOLxGDbS6ej9seZFYKguXcBZctZTcAEV6OUDwCg9EBB4WoxQNcApZmB8xKk3GjhwYQrcRTWUS9e8GZt4ODgiaVjakr3Izlp0Ye48z868ya2aSy5SF9AaJ0P+c7SOFGCgz/pJMmTJSHLQkn0SDtrWqbqJbeodwKze/ziAq+Q/a7l7g/7oBpj+rQTQzWxejzUqPhf62LTPqayea6rSMUdPWZ9fO98ms0Sh/ZmJXjYfTPFwizPC4uQQU4S3nIcrSWWfTXcHgjm771OM/6DmHVDUF2i6xNvtMiR2prWa/PC9xkIlLldRTp+18XzyJeTrmgyKtBYMjwFi0cJrlDgD0tjRoC5rm/kINREka6B0egVDpkb3NpbHElC5BACBvV8jy0AMEcL2hymfduZ98MyNKHYWi+UUgZDgwHRLNXRaU5/vztepvv8V16RqjZSkO6F8TYioviqmg9nt2LMWhsCFg1Ba0btBX8cRDHagQQk7VRs5RjRkcE+WSd17GAg/peQNZqwV1MEEfxDi/y3GMQkxrw6TwQDoVT71v5+jq6M6C7v5j45h1pjjospknmCDr5au1y/YqexbXAd2/2AVJtTsSUZog4zkKztAVGh1mJ/brL4T128xZIf4+S5unN1bQhz3IJwMKoF6uwHuRPqgjyXy/9Zq3bkHZslfRvy4r1fUUjJ/7kjXHqDsdopAGr42+u6e64MsyuckBa2ACWLrlDDvV8nxglachZr1YHSWAFJBMI9Sf0pQjnpsmhBqz3Y8JyDRMdO0hSzEHnks+jw8vWe/nAUHE260yl9fSTXHeJ5LZHOUW18WxSreaE10gWeq+ZcjNhMkZoh8ajKqBPuhLD+z45xvOf4gCiclnL3p3Eb90q9MHO1bgIMC4nIM8l8kKKHi8+ZXnjjSYbCc1SIIQkN1T4snNbLkr7Ic6HNu9m+6AZnPoBIZWB84GjQ1804XGSCknhpsgflhr1D+rarCRTr2asO3ESP8E5h/3BQYSe7yAdcsAchpwCxLSFLEs6Fd46YbcLMZ7IJxqFCGehBBjhyCfQGlH5bwBO94Duw8n3ebEXxn4GqN0IdaF2pXEIIRLFh5L81/jKaARu7InO7/NxbfQgeN/AVnzeIs64qE68qTLPugeynmvm3gGjAS1k84RWUaneaPP4b3lukGkWVWgRg2TjPkORfwnvDy1XAX4cmA6lLwmRI9ovzmRT2k7K3khdzFjKi4JHaPLxhyZlSJZ4f6mm5xILfkdAiVlyrW7qkHZMxlM4P+PJrvkixi49kbI0/JArh9Oj+RP1sFqbGNF3hCPoYiV7dBeZGdAlgk3e3qiy+lRSbvcmbCidrgnmaLaVwGWrSnCqUTegu8wSA8kkgiK7Af4zrsnU36T0RpWLILC1CU64wDWIFUK7wmQddIB2NHKUkaNyjjR5uI30YXKg9syDWYFnTnrYlkbXSlw5mLPgmzDYz7xANNoOnRykVGYHCvYYNhezzTc/lOMzqM7fiTQvDKm0aeayNmrywjTM7/jMd+IGkmD6qhI05+rltsZ8UXp3OnOfo2mHnt/IisfxZoQSgeU48N7NLAASqfPAcKowl8Wkv9VUHfbvNgdqfO4+hc1UZFYvo9INSR+itKX0UFdfSq0xF3+P/OuiC23nyjNEgFh2SECYDEUX63DL8M/+1RtYcEcc7QCKnobWVRjSI0TI0sHyCjVdjfSsx2wT6j1+9k/DD/8ow/1QDkU8vv5HflkceNQQnAfpIaNVxQqbEJpj+i/FrfORsgDcQ2rbhXwENK61fv5pcad5pmDuggJvJ6UVqBlFHEKbT0KNxoFCLRBxM6KRZ9C/O+9JtYfQfx8mjyLWEZ05NtwWRBxmUTXyGbpZIomXpnjz1w8uhNgh5hQPQmL2zeIF5iVGZOgH8PuyBMo9AUMxSUYnAwuLxjt+z5R92IL0Wx2RyEtNS52GHDoZQoegUSwDCJE0r4H5RzwCm7GPBpRo6Rcv6wtEBqpZraGtdruKMOWr083z1F0Arfwrfc2J5a7ac5YYAYsVPfroy4wht9WWX/XVWOcJZEpisChjOKTQRbz+94Wm+kpkNzFSK4LHdII08byjP54pH1q5eK7l2t2ncNqyS8MZ5n5oFeuLKcECsuIxk/EWErg/zlAn5JR5fMBXqibeWL5joiTe86rsOoPeJ/iujBdgXRLImLT4GcEy7MZlhER0srSV8MvAbW2UAgahQGP32NQ1wd7ltubdYtffXfWYFm+K1b3mbxgDYEy7/oQBw7K3WOjhU5g0Nk2hCyYOQ4eB1x047kSZbbZjyOwKMk91NumDMg308pUcf3hB/pygj3QnwqkdhhCkFw7fQnam2W5Pnxhz665CAMZ4VDVtTcnLbot5BI6NFpf9jDYc/3yCCBJx2gW6T/U1LFY2SdkA84rnjpl3Nmq41IiWwKQY/D9bdQZYUr1vUxJY+/QcDD6vVyvDbjskyfFC/K9J+lcqjRAUXrKsAo2u39JjdEV4haKCX0Yvoi4KqDMU8hvz6ssGWskW1OwFXzjjCv5v0Lv/StEx0Chhr4mSoamQx5GSnP2ZRpbtzKMZxLCjIdMn9/Vv5ka9T6H3OgfIM08Q4dXn0TudGLXssxmliXOSOUS4PS9Uqo28r3SkhVSjbe6DSuQI6xy3g42O8oqzxUPxJWnJSUgc99gMnLICuxp0F0xuh0L5bINcL5+q04FC6h2yHUhzmiGs+RrEMVAC5iHO0mMBXab022LZ3ooODp0eheJg=</xenc:CipherValue>
-   </xenc:CipherData>
-</xenc:EncryptedData>
-  </saml:EncryptedAssertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
deleted file mode 100644
index f70f80e239843..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_assertion
+++ /dev/null
@@ -1,41 +0,0 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfx9e0a584d-b24f-fe85-bd25-f313195df819" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
-    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfx9e0a584d-b24f-fe85-bd25-f313195df819"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>U/hZt6l2yNCDrQvAjEYTo36i3c4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ENs6BQzLc9fY/qXBHCMyKSlT2xh3zJOnrucFRBFLboUUrmh8uW+BMDju+6SDWQMV2ekXIf2VfTbeBpJmAyDIBsmv80aMJJU0y9uTthNwuhe+btVu8vyaUQ0BSAcZ4uhlZ97c63c1et3p6nKSZm8VSehkyB6FfPMXLvrAP0k6UtE=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-    <saml:Subject>
-      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
-      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
-      </saml:SubjectConfirmation>
-    </saml:Subject>
-    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
-      <saml:AudienceRestriction>
-        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
-      </saml:AudienceRestriction>
-    </saml:Conditions>
-    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
-      <saml:AuthnContext>
-        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
-      </saml:AuthnContext>
-    </saml:AuthnStatement>
-    <saml:AttributeStatement>
-      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
-        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
-      </saml:Attribute>
-    </saml:AttributeStatement>
-  </saml:Assertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
deleted file mode 100644
index 8bd23ace66491..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx4ca882f8-33da-35d6-293d-eb8240f2d083" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfx4ca882f8-33da-35d6-293d-eb8240f2d083"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Dvov6GpVwgdGTESt+1E97qBSZ5I=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1/FKVDB7TSR3V54NJ0QPgDw29QL9JvvDQDhqbCmLp7hobelv9zZXiGm55OBFJn97Fo0RQ7KKHcDel1G1KrPtGcNbKWuH+oDvbpMt71HrtmEjsJAdDyOvM0louobO81Ma35RuPz3qIQ3Dn8Bf+GofZn9erIKf4b0yp0SKO5/1tc8=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
-    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
-    <saml:Subject>
-      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
-      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
-      </saml:SubjectConfirmation>
-    </saml:Subject>
-    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
-      <saml:AudienceRestriction>
-        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
-      </saml:AudienceRestriction>
-    </saml:Conditions>
-    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
-      <saml:AuthnContext>
-        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
-      </saml:AuthnContext>
-    </saml:AuthnStatement>
-    <saml:AttributeStatement>
-      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
-        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
-      </saml:Attribute>
-    </saml:AttributeStatement>
-  </saml:Assertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
deleted file mode 100644
index d638035b19db3..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_assertion
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx799df8f0-5399-d007-beda-967c3a1b0cb6" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfx799df8f0-5399-d007-beda-967c3a1b0cb6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>ZJ75nIxMjsPDRxWUPfOOJj2nTUI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>q9wjY9Br8MhRz3tfm3iCB08Tloa1PdFOIIi3QBHBI1Z2rC6jFY2eFTh74ZMxXTsRKCWShcG06cy15NPV7oaY60CQI+4d5lygacekys3B2tRcZNuYKMkeLmnco82pby7csR/Y6ty8TIvxHqvLzMAP7RxSotzjFmVa4h4Z+gJonWM=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfxb59ed040-8cf0-6482-d761-17e88f6daeb5" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
-    <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfxb59ed040-8cf0-6482-d761-17e88f6daeb5"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>dja8Z53JMy4Wsdk8zKzWX85d3s4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>XJcLptMmplGfMkV125glXzD9owkU2Ol/pHaEqUvx7QpncJChqN2T9IJqnuoB8FEC454H+pGB4HnhrzBkgjX+0DiLSmffehb09jXk/VyGI0ts3tPWXLs2YN5A5bYt3EVkA90aCgoVNutksxydbCHDdYDSy+6hyuZrHpx0HQue7Yc=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-    <saml:Subject>
-      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
-      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
-      </saml:SubjectConfirmation>
-    </saml:Subject>
-    <saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
-      <saml:AudienceRestriction>
-        <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
-      </saml:AudienceRestriction>
-    </saml:Conditions>
-    <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
-      <saml:AuthnContext>
-        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
-      </saml:AuthnContext>
-    </saml:AuthnStatement>
-    <saml:AttributeStatement>
-      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
-      </saml:Attribute>
-      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
-        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
-        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
-      </saml:Attribute>
-    </saml:AttributeStatement>
-  </saml:Assertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
deleted file mode 100644
index a298e6a83ded4..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_and_encrypted_assertion
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx2de68117-87ab-4a4f-c7af-c43cc036864a" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfx2de68117-87ab-4a4f-c7af-c43cc036864a"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>oCC0QsjmaVk5nrDuahKQXhV28vI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>HBjBOh6FI8PkWrRj3sWN6hK89jpYnhl83aNTaDH2zNd6X+f5LZyA0V6uFnTa5mW1YF0mTjJSxzNuqUCLpN5onPTGBCnOTgpgmsmH7UpaK4OVJgZ/EEzwkftuMW0wpyDJNjK06XsaT1bLtFrp7byt3Qd0Rs9hORfLRj8KVVuQmOE=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:EncryptedAssertion>
-    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>mnkGnbwGcXeg29/nQJt/Y3fiDQik8YqgdO1bbY4YG7RXtYvVorgnXJJpZErUBEiFax9vY6NAYxXpCgzqV81rsl22FDuLl7li8Dbq3GrRsrmIalHGPM62YsB3/dUgyUI298iHajNxHjSN023ow3GfouB2eXi+aqIl+SRGDkD0b2M=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
-   <xenc:CipherData>
-      <xenc:CipherValue>aI3Uow+gjwwSD/7BXkFIHEZJmLK6vEPIugLy1fTh9UpNDmKaGJSTzCO03jeVhNNp/c4bdph/YjXzGCCCMZjBolOP2BjOzj6XXuaa7BvlyjnUoIz1HTaHyzfIQUHVckLfjzJxS7WqTvV4RU8yZWNDM7FokGXzCWEk+ra9ZTmoX/tvbnNvQ8A+Rm5HszdH6VKAFFhDU0xfrGkKPcou/uYbmRSbwCBkn0GReyDhCgRyU6kJb+D14o7tCPySIqfltegqiosCPi0Ceu4pUKZG/IpwKVLu1r/CqRxn2YSaG38SQOonGMQb9SVWYm1UNA33DobyKi0Pbxs9N03jXFnVMygMnGl4ADaHC0Nd7oyxGZGnk54yHbrtm7JrgY57yYv2JPlNG00IG3uU6cVKupht+yqeScP2JcwF9fHxvOzSIn5TKDv/XuU7KFWzzd5EWH3LEPB+Ah9ppHiqbwv9ZonpQPok9VvwdE0oTxqnNI00XZB0dkzqHCA3RIg30T+tQMkwlFySzi0dy+rtR98xx0x49wjzbTAzaMFH/L4g68/oruKbLKgPxMz2lkJSnZatK3czFugu5j4gk5gbOm226DPnh1hLZkaHri+ibJMFJ3zSQ/oQCCRtm3yFZnQgWro/g2X3Q1aJx6/Vygy6NS6uydkFFwJ3O4gQ04zlO0Lw/IV2XPh8keeSog9TdUN30tQbAjqKVgx2oRx79o8lEnKr/qIL/eUbwXXi4KoYKhNt6ZOoXgqImfk+bQfbXZSuIE6MdPocJp1utkMFMQwdb+9XrvuQxGNm/H1yyEU7YSHCTGXeP4BKxWMjMa0t0GdTwtgQwKOtHapdQCQtESzTMw7rFaczaKj+OR2JwM1hO/jLs1yFLDdydJoM0Gc7P0dZYvEd5uE1SeSiEVSdJlRwzRMBAVXfQMywtYGRVforod2pHvdRD8msNiKt2Poecj9uyFELRpV2VQGZdWofDEfSmHusxqzNWVLaSe36GJJ/SS3jMQfWzoX2NstORNNTVawceaJ8lhQqdJmpeC3EInTdZTXSuFpItoI/jHsCqf9MctnVaCe0wyf4WveQTkFBJN4f1c8JzmlJLUTv37AJn9C+xjF6lyTa/m9Ur1ZW6fWtkVV8SOgqbiOFdG7Y1J/V5VB9x3AXAPiL7RBfr6zJ4GjduSF4Ks1N5wxWquD5VtDE43W7JH5UEE9WjsmlNIN84s+Maw0xw5t7WQUGvms72h+HPJqFZ5iuuYnfJp+pOoApgtoa05SCnuXJTJwEHFpTYsxJer5/AYqL2rWGNA+zzNg8xRjd6X0nhUDDRbohaLumFvkvHNxax4XlI0xT/rdiiiiO+wv46aqocgdHGKPwBYPp9Yeq5t8kte8afazuEkMy5fhtR/H8afbNDVi4k1YBArPCw49qctgAKUmbU8iwpU8LrjVRIY/QkyR6ysDo2wGZvl034aMCntlPWPEaOoQ/845UIHBACXZgpptowXjxSShgrsgtYNCm38k1q5R6nSvd+i7x+1EaJdM09TIOahf5XeamGIK5mo9iN8pnXMc+Fdwn3z2aNTUfo8CxYejIpNpJDTrTvUiqpH6RswOVrfwn9nI6K7FMFQ5jxnCKIoYX+NxJrKztsiqspG/JN+K71Ctt8YcRCeTdDhF74q4NgC1lsfBed3jOVp4ggg7wYGLzJRPONDqnf0Vfk65dm11eXGsGKofK/yZ5VPBpMfLua3CN5eQahJS45bCQmQuiFS1Go3CahSe8B65amGmgoD5K9Kn/wWl0PiIiTW3Atk5I5pTBRto+ePkjqbl28dXAH0LIM/NbGVivnRTD+aH0vbdTnWYCy3dnA/6yh8hwV/fGCOigyvkVylLjyWbC6/LjClEFn3NFGQta87ucBlhqOHtm+bpzlIzHWs/fq+9bjb5UB1lbJI/l6zLvbPYZkGBeyOb+7A5Z801MtZVd281SYsjDOBXSa9CSPbIRPlwGZ3RBkZeCMBOse2rIBWj6THkm1oFosX4W5PmHNSt2LsCpLP2jmMoZhqm/ArWVitmyzdGQpw9zwu+6Hog7gCeVfpopfb7HwLzChBRM9cldH3xkb5Ke5rKMumhu65O4iFwrSYWcg0BzpBEK6sGhO2XzV0LHorQlbEzLLTX+AhJChkmoFfjZzG+mYGBB7ctRc3bRVRZM1ciL3NChlW8yx/suiXgBWd6vvXtgim0bbt8zG+T99/Uqo8/XW28dp7WTNCyfwW7WIAo7Q29BCWtdidapKZs+gJZ1YJUG8oj1hlALoa67/EPvU2xL803/87I5na40dqPlH/5m5pLz4ZE/U2jUfLxv45hKb+Wd7gWp+Ry/QWcdIG5e+IH9UwfhvOjkVTghntMdIuXTQhSxVhN0wdj0PLI0h3InmF0Y7ranOsPKb//gkGObmqkM21Ty6+rkTHBQkrvZ4rFnz74HeUG/JAK82KcdqGx+4N+2pQW82hKIQ+31zcBWhzxGe+IDOKBIIUP5kydkkBcp4u0/5M0YR1jxHvHLsvmVwf0Ql6SrF6zDvLXdjI9d/YlNAziQaOtrjTM5hHzHSu0xVMudZ7DcjfjKvQ7W6zAO01+PKJtGMtV7CCsKTk5mE2xtS9O/sY1uG/zHNxpb0ZtabV5LDrxlvAH8ulC3swaUKVacmXU/WhL0eEH+fCntkpLMuu7B01S2ZRpLOsWEni1WfLIA/rKz9kUFzsnBl3eHtQS3u+jnVXWRCjHjVK92j2xVH6dU7S+4l6zU7aiaERv9V+ZAV/yLpALOj0mgPwR9Fk4XjZ2eNUCL4XQvRCLLhAq8LPct9q+nz13smqSVcUmnqzhrVP11SNg4pw/ASlAlpjHSjN6tRVQo5v8bR7U8s7cI3OdyD/jfriBMGHn1hHMeCLqCom2evWSuQXceT6zB0FoVsTs5OCdiCLceIHpnW/f9CYWkiUuv+tSy54A=</xenc:CipherValue>
-   </xenc:CipherData>
-</xenc:EncryptedData>
-  </saml:EncryptedAssertion>
-</samlp:Response>
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion
deleted file mode 100644
index 967cba44b9206..0000000000000
--- a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_response_signed_message_signed_encrypted_assertion
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx3f3eae9e-6fa3-191d-3b3d-34af59688eef" Version="2.0" IssueInstant="2014-07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
-  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-  <ds:Reference URI="#pfx3f3eae9e-6fa3-191d-3b3d-34af59688eef"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>QWXF3EMgasFzVN/nSd91fCjkVK8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>x0f5o5YO7uEaV6DCY1jEc/a5Ae8Wyp8wYBevtBPCK03IEjgPOol8H9yWFvRruJgYUQlA5Nx18Rgrsn67f+szGMCGO3OkESV6MxtKL7Lz5RRmA/UB2CWMBGgy76ZwOi7GmSktbYtL1C8HvHNRcSUNXEB9ETfihsFZgQvicXxWQcg=</ds:SignatureValue>
-<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
-  <samlp:Status>
-    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-  </samlp:Status>
-  <saml:EncryptedAssertion>
-    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>M+nk4IA2SKFtEkmXvdCw5mBACNqslcXiXcgJqEMvdJipHjVj44CF8NYriu6ia/Ls7WVXvFmStqe73ph72auWF1dzAXWqrllGQ0xH9v50lOVypmLjsx1QcQIamWLKRO2wdowg/J8mTY0lFfGSu7yWylpRLoHs2m0gRv5zl//JrDE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
-   <xenc:CipherData>
-      <xenc:CipherValue>UzuKNycHj8yeMQ5vJU7Wrgb9Y9VQqXqyAwx5+8AiX+sqWmzXpbvPL0OtUwGqoL4EGJR6zVwVBLg4OzDi7sAjWg34mk/wkbZBf+Ouatd3ya8YfkMzkxOrRyZMA0tPV99bsAuwLAtWKC3Nym2h+Y/htP68o8oyin/Kv9zoIUDpv0m8gAzQ6MThXYXE/3haMc58UqPku1vvPsTQlKq1TnGMsXsE+JOoTYaXKqtErOKOtplZnRJhp5IiM9+uKl/+5AiraWUNkijvicS5iPdbHQ4xPpWdsr8Jrtg60LxrVeTnwKhuPYjT4x8Wotvw6t0ycdKJw+fur6U2kfOFeZwBcEwRzH6n9gAIygFrGWCjJrDYG4ihJp9vsfD8AevTbEk1gGPtpSEgtEX+qVPEI0/SVt91FRT47FDvg42U9AFcMrHa9TcKPhVW2h+5Df3ZsBJ/sbsuvr8ei2L6TmMkITTTZMeLqxaSclFgSp/upYm07rzjkuz/cJHg1VCzEv8sMivuMCDvPSQYdIkVGg3DUDxRx6dD3CiJTAU76cLiWbxgAOYgmIygYUsC6Cb8ElZTcVa/3v1/Qb64bRQFD9EFk03f/uBTWdkVm9Q54ujvn5F8D0XJfHTP+SoMLkzy7QmTGIZ2cGzbUqnJTw0Auecqa6HQDCqqqlmWUp3i0+JtASXkSnHn/iht9ivykxVoUEWFrmddSa7uKpzRjmdDGE1DPH+zX6VrTnbQ4wZWRLBS4CGiUErw6xws9e01mEDaAnNwGVDi6hFGIZwP5zPHs4MKFFMiCAksN7GJKIxL03Nm8InTh9rBlNbZQatGh3qmyv8lvq3K4KwNIk0K5Wxgfh7H6LGkMpjII2CHFrQK8BvgMp8oAzLMDHmznA5Zz0EvY5ZO5g2NISWifeKYlBvCh6GvuZPJNjeKCkDuaE33hCer3+DWgsntoBRkxX976H2MkqPu4Ae7pRR/MtaMCoYFIdJtdwMWmPsABlqfJ6bMHL7ZIDrpAz6WOxeXdwOUE5GjYjn4eED1QVUvxCggUQFQLzdi15mOSOHq8tRCsihZwtyUwDhj3Hdg3sAmGKhktmuJbqCgbZkGOZ1xtX1jPQcxxBjMSbvE/rHhM47gcYeXzw9DjvgoUNGmYP2TWerEFxeIBowLLP6bXy32RMpMCA9QH5J4c1jsTfCX8BuZM0FkddDqAZY9+5QVwzApBzaFyB0N/lMt0uVQ98vBQQNhId3Yjd7PjNGYXrR94uI/syPDCkm+Gt2QXS6XqhKFGwirb5oj66k2kItN8OQf4Ues7gch6tQa+gdnL0bgUksxe4iDev6YbKAGLQS6je7lYqmpW7SCqkXXj8wsPxO0eU0sh09Mp1Gq4k9DRPwbq5P4DEc9lTohmMAs4WxFxVcZFnAjLF3uCk+nP/5CC2g0stsTphLMMl3c6DVEPiJs3jK3jXBJxc6h3vxK7snp5NXSNH+tuPrBwo6+VU9/BTicijyuHT8c16HBf3I1g2IS2MfQ0HdjzbRtKPWQtw6MBeiryTO6OUwgeNnHg+Nu9IVvf4llRiGBLIYh2PvnS33GMIC2P+vzZ4PyuB6TZsmD5q2HpWzwL6nu6PprGGCfwzW9nqnwmR9UzVXQi8Vk5gevItmtV7InygKFioUMC4tzzbsmdr3bN4D1oHZVVue3BnPAIl0YhiGo9XP87ZCqylfDG9It9MBpqo+Np0jnAjLfsWDCBlHH1T0BpgMAfygfbC263BSnH/3AcMurRIiplhTDH0teQ7pE66JyEhW7MslSpPChp3FwMEFxnHaNxGax26NCUKWSf82b74zFGXD34AL9toNJ1Ae58ILDlQya5lzHlib/4txWk5fpbVTLudbbYqOB4e5+R4epT0g/OvEYlcd/yaUAri4FtUFeIm+aIg1e5MGtqaqfcighn3268d4Tj2sNzbDV0u3+R8z5YnIPS0d0itlzo4pmctdSyYZsvqhCzN+pHhs83sVmnKsppAFamu/2tRGWunPj5Am/KjEBPU2H36FSvml/bEcbZ8QG1RY+qwFtgyAaWvseiTTxu88+TJAAJOQhZutNw97Z9sjsU8Z165x4NrEsHCh0L2qwM01NKstBfwz782l1s3WORAasXBMCWwceTqo+g+/jRZOZzG3dL2ZTTdMEVn5t9tx6+45K4QsN95Rq47GwmVJXio/NQcmNijtIz5HgXUz7AbwKPc4gkqJgEmvDT+bBREjlKxXj35INHlwPeOd7hCm9zq9HQF14cTP0A5z78HakmoH2JO4Fw2QjXOwD372YVs96sTKpYxItkTwrDByHFVTQNSUfyP41mIM1puis/yUqAdQT/VPgsinV7jO06NrZk4TduPIWTDsHEoe3lKijvUzQX6/1m7eglXpman/8K5MukR+m9vI0VNeqAo28jqulapcYsy7tpm8CuAxIalUM2B/csfoXE1fh/qXS5zbPJ4oGvf+XzeZDprIOvKtoUJYlgpJT6q5UHuSfyPmsetphomrMlEIdWboYn1WUNFRSg39dfSYiylxQ5ytq9IZla3vpLccoMx2X9fXVj2wzrisJiZr0nRlGY4EOE7cpz1wGjzlkZivYlc1ABo581yKASdBVRzmmyILKvN+qrNHreIm2s0iWw9iwmwnBwf+GmnjAUsQ9phiGF9jyJ3lYuCoTO7p3ZOmuDqRT+iqQ6LbcGPmaoqI5bA11jwrAJRlrfgkWN14238fxOmpkpGBhfGjeSBfXjGH49okQ4E8MV1XHldePH+oofwcvWvOLxGDbS6ej9seZFYKguXcBZctZTcAEV6OUDwCg9EBB4WoxQNcApZmB8xKk3GjhwYQrcRTWUS9e8GZt4ODgiaVjakr3Izlp0Ye48z868ya2aSy5SF9AaJ0P+c7SOFGCgz/pJMmTJSHLQkn0SDtrWqbqJbeodwKze/ziAq+Q/a7l7g/7oBpj+rQTQzWxejzUqPhf62LTPqayea6rSMUdPWZ9fO98ms0Sh/ZmJXjYfTPFwizPC4uQQU4S3nIcrSWWfTXcHgjm771OM/6DmHVDUF2i6xNvtMiR2prWa/PC9xkIlLldRTp+18XzyJeTrmgyKtBYMjwFi0cJrlDgD0tjRoC5rm/kINREka6B0egVDpkb3NpbHElC5BACBvV8jy0AMEcL2hymfduZ98MyNKHYWi+UUgZDgwHRLNXRaU5/vztepvv8V16RqjZSkO6F8TYioviqmg9nt2LMWhsCFg1Ba0btBX8cRDHagQQk7VRs5RjRkcE+WSd17GAg/peQNZqwV1MEEfxDi/y3GMQkxrw6TwQDoVT71v5+jq6M6C7v5j45h1pjjospknmCDr5au1y/YqexbXAd2/2AVJtTsSUZog4zkKztAVGh1mJ/brL4T128xZIf4+S5unN1bQhz3IJwMKoF6uwHuRPqgjyXy/9Zq3bkHZslfRvy4r1fUUjJ/7kjXHqDsdopAGr42+u6e64MsyuckBa2ACWLrlDDvV8nxglachZr1YHSWAFJBMI9Sf0pQjnpsmhBqz3Y8JyDRMdO0hSzEHnks+jw8vWe/nAUHE260yl9fSTXHeJ5LZHOUW18WxSreaE10gWeq+ZcjNhMkZoh8ajKqBPuhLD+z45xvOf4gCiclnL3p3Eb90q9MHO1bgIMC4nIM8l8kKKHi8+ZXnjjSYbCc1SIIQkN1T4snNbLkr7Ic6HNu9m+6AZnPoBIZWB84GjQ1804XGSCknhpsgflhr1D+rarCRTr2asO3ESP8E5h/3BQYSe7yAdcsAchpwCxLSFLEs6Fd46YbcLMZ7IJxqFCGehBBjhyCfQGlH5bwBO94Duw8n3ebEXxn4GqN0IdaF2pXEIIRLFh5L81/jKaARu7InO7/NxbfQgeN/AVnzeIs64qE68qTLPugeynmvm3gGjAS1k84RWUaneaPP4b3lukGkWVWgRg2TjPkORfwnvDy1XAX4cmA6lLwmRI9ovzmRT2k7K3khdzFjKi4JHaPLxhyZlSJZ4f6mm5xILfkdAiVlyrW7qkHZMxlM4P+PJrvkixi49kbI0/JArh9Oj+RP1sFqbGNF3hCPoYiV7dBeZGdAlgk3e3qiy+lRSbvcmbCidrgnmaLaVwGWrSnCqUTegu8wSA8kkgiK7Af4zrsnU36T0RpWLILC1CU64wDWIFUK7wmQddIB2NHKUkaNyjjR5uI30YXKg9syDWYFnTnrYlkbXSlw5mLPgmzDYz7xANNoOnRykVGYHCvYYNhezzTc/lOMzqM7fiTQvDKm0aeayNmrywjTM7/jMd+IGkmD6qhI05+rltsZ8UXp3OnOfo2mHnt/IisfxZoQSgeU48N7NLAASqfPAcKowl8Wkv9VUHfbvNgdqfO4+hc1UZFYvo9INSR+itKX0UFdfSq0xF3+P/OuiC23nyjNEgFh2SECYDEUX63DL8M/+1RtYcEcc7QCKnobWVRjSI0TI0sHyCjVdjfSsx2wT6j1+9k/DD/8ow/1QDkU8vv5HflkceNQQnAfpIaNVxQqbEJpj+i/FrfORsgDcQ2rbhXwENK61fv5pcad5pmDuggJvJ6UVqBlFHEKbT0KNxoFCLRBxM6KRZ9C/O+9JtYfQfx8mjyLWEZ05NtwWRBxmUTXyGbpZIomXpnjz1w8uhNgh5hQPQmL2zeIF5iVGZOgH8PuyBMo9AUMxSUYnAwuLxjt+z5R92IL0Wx2RyEtNS52GHDoZQoegUSwDCJE0r4H5RzwCm7GPBpRo6Rcv6wtEBqpZraGtdruKMOWr083z1F0Arfwrfc2J5a7ac5YYAYsVPfroy4wht9WWX/XVWOcJZEpisChjOKTQRbz+94Wm+kpkNzFSK4LHdII08byjP54pH1q5eK7l2t2ncNqyS8MZ5n5oFeuLKcECsuIxk/EWErg/zlAn5JR5fMBXqibeWL5joiTe86rsOoPeJ/iujBdgXRLImLT4GcEy7MZlhER0srSV8MvAbW2UAgahQGP32NQ1wd7ltubdYtffXfWYFm+K1b3mbxgDYEy7/oQBw7K3WOjhU5g0Nk2hCyYOQ4eB1x047kSZbbZjyOwKMk91NumDMg308pUcf3hB/pygj3QnwqkdhhCkFw7fQnam2W5Pnxhz665CAMZ4VDVtTcnLbot5BI6NFpf9jDYc/3yCCBJx2gW6T/U1LFY2SdkA84rnjpl3Nmq41IiWwKQY/D9bdQZYUr1vUxJY+/QcDD6vVyvDbjskyfFC/K9J+lcqjRAUXrKsAo2u39JjdEV4haKCX0Yvoi4KqDMU8hvz6ssGWskW1OwFXzjjCv5v0Lv/StEx0Chhr4mSoamQx5GSnP2ZRpbtzKMZxLCjIdMn9/Vv5ka9T6H3OgfIM08Q4dXn0TudGLXssxmliXOSOUS4PS9Uqo28r3SkhVSjbe6DSuQI6xy3g42O8oqzxUPxJWnJSUgc99gMnLICuxp0F0xuh0L5bINcL5+q04FC6h2yHUhzmiGs+RrEMVAC5iHO0mMBXab022LZ3ooODp0eheJg=</xenc:CipherValue>
-   </xenc:CipherData>
-</xenc:EncryptedData>
-  </saml:EncryptedAssertion>
-</samlp:Response>
diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
index 9e40d768f907b..69786b32f9666 100755
--- a/fuzz/oss-fuzz-build.sh
+++ b/fuzz/oss-fuzz-build.sh
@@ -4,11 +4,9 @@ TELEPORT_PREFIX="github.com/gravitational/teleport"
 
 prepare_teleport() {
 
+  go get -u all || true
   go mod tidy
-
   go get github.com/AdamKorcz/go-118-fuzz-build/utils
-  go get k8s.io/client-go/tools/clientcmd@v0.23.3
-  go get github.com/ThalesIgnite/crypto11@v1.2.4
 
   # Fix /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.0/fuzz.go:13:21:
   # not enough arguments in call to Parse
diff --git a/lib/auth/fuzz_test.go b/lib/auth/fuzz_test.go
index 487e497f6b103..5948092de34b7 100644
--- a/lib/auth/fuzz_test.go
+++ b/lib/auth/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -27,7 +25,6 @@ import (
 )
 
 func FuzzParseSAMLInResponseTo(f *testing.F) {
-
 	// Disable Go App Engine logging
 	logrus.SetLevel(logrus.PanicLevel)
 
@@ -39,10 +36,9 @@ func FuzzParseSAMLInResponseTo(f *testing.F) {
 }
 
 func FuzzParseAndVerifyIID(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, iidBytes []byte) {
 		require.NotPanics(t, func() {
 			parseAndVerifyIID(iidBytes)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/auth/webauthn/fuzz_test.go b/lib/auth/webauthn/fuzz_test.go
index a70d2b2eb9ccf..5d2bb238e612a 100644
--- a/lib/auth/webauthn/fuzz_test.go
+++ b/lib/auth/webauthn/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -28,7 +26,6 @@ import (
 )
 
 func FuzzParseCredentialCreationResponseBody(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, body []byte) {
 
 		require.NotPanics(t, func() {
@@ -38,11 +35,10 @@ func FuzzParseCredentialCreationResponseBody(f *testing.F) {
 }
 
 func FuzzParseCredentialRequestResponseBody(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, body []byte) {
 
 		require.NotPanics(t, func() {
 			protocol.ParseCredentialRequestResponseBody(bytes.NewReader(body))
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/client/fuzz_test.go b/lib/client/fuzz_test.go
index 69c9416f73efe..e696fa3be652b 100644
--- a/lib/client/fuzz_test.go
+++ b/lib/client/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,7 +23,6 @@ import (
 )
 
 func FuzzParseProxyHost(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, proxyHost string) {
 		require.NotPanics(t, func() {
 			ParseProxyHost(proxyHost)
@@ -34,7 +31,6 @@ func FuzzParseProxyHost(f *testing.F) {
 }
 
 func FuzzParseLabelSpec(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, spec string) {
 		require.NotPanics(t, func() {
 			ParseLabelSpec(spec)
@@ -43,10 +39,9 @@ func FuzzParseLabelSpec(f *testing.F) {
 }
 
 func FuzzParseSearchKeywords(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, spec string, customDelimiter rune) {
 		require.NotPanics(t, func() {
 			ParseSearchKeywords(spec, customDelimiter)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/kube/proxy/fuzz_test.go b/lib/kube/proxy/fuzz_test.go
index 7f3ec3b24d04b..759f31dbc6e29 100644
--- a/lib/kube/proxy/fuzz_test.go
+++ b/lib/kube/proxy/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,11 +23,10 @@ import (
 )
 
 func FuzzParseResourcePath(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, path string) {
 
 		require.NotPanics(t, func() {
 			parseResourcePath(path)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/restrictedsession/fuzz_test.go b/lib/restrictedsession/fuzz_test.go
index c714c69c7935c..c92b98bfffb1d 100644
--- a/lib/restrictedsession/fuzz_test.go
+++ b/lib/restrictedsession/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,10 +23,9 @@ import (
 )
 
 func FuzzParseIPSpec(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, cidr string) {
 		require.NotPanics(t, func() {
 			ParseIPSpec(cidr)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/services/fuzz_test.go b/lib/services/fuzz_test.go
index 17c893819c0f4..a0710ec7fca21 100644
--- a/lib/services/fuzz_test.go
+++ b/lib/services/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -27,7 +25,6 @@ import (
 )
 
 func FuzzParseRefs(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, refs string) {
 		require.NotPanics(t, func() {
 			ParseRefs(refs)
@@ -36,7 +33,6 @@ func FuzzParseRefs(f *testing.F) {
 }
 
 func FuzzParserEvalBoolPredicate(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, expr string) {
 		resource, err := types.NewServerWithLabels("test-name", types.KindNode, types.ServerSpecV2{
 			Hostname: "test-hostname",
@@ -59,4 +55,4 @@ func FuzzParserEvalBoolPredicate(f *testing.F) {
 			parser.EvalBoolPredicate(expr)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/srv/db/mongodb/protocol/fuzz_test.go b/lib/srv/db/mongodb/protocol/fuzz_test.go
index 188e756b8d726..001d315df9d5d 100644
--- a/lib/srv/db/mongodb/protocol/fuzz_test.go
+++ b/lib/srv/db/mongodb/protocol/fuzz_test.go
@@ -1,21 +1,17 @@
-//go:build go1.18
-
 /*
+Copyright 2022 Gravitational, Inc.
 
- Copyright 2022 Gravitational, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+    http://www.apache.org/licenses/LICENSE-2.0
 
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
 */
 
 package protocol
diff --git a/lib/srv/db/mysql/protocol/fuzz_test.go b/lib/srv/db/mysql/protocol/fuzz_test.go
index 6b4b6f19b8615..a51e1a8977c0a 100644
--- a/lib/srv/db/mysql/protocol/fuzz_test.go
+++ b/lib/srv/db/mysql/protocol/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
diff --git a/lib/srv/db/redis/fuzz_test.go b/lib/srv/db/redis/fuzz_test.go
index 3179ff55f66c4..9b8c795cedbb6 100644
--- a/lib/srv/db/redis/fuzz_test.go
+++ b/lib/srv/db/redis/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,10 +23,9 @@ import (
 )
 
 func FuzzParseRedisAddress(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, addr string) {
 		require.NotPanics(t, func() {
 			ParseRedisAddress(addr)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/srv/db/sqlserver/protocol/fuzz_test.go b/lib/srv/db/sqlserver/protocol/fuzz_test.go
index 30a62298e78f3..e479ee0fb0041 100644
--- a/lib/srv/db/sqlserver/protocol/fuzz_test.go
+++ b/lib/srv/db/sqlserver/protocol/fuzz_test.go
@@ -1,22 +1,17 @@
-//go:build go1.18
-
 /*
+Copyright 2022 Gravitational, Inc.
 
- Copyright 2022 Gravitational, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
+    http://www.apache.org/licenses/LICENSE-2.0
 
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
 */
 
 package protocol
diff --git a/lib/srv/regular/fuzz_test.go b/lib/srv/regular/fuzz_test.go
index 74f513ba0abe7..a70a48fec9da6 100644
--- a/lib/srv/regular/fuzz_test.go
+++ b/lib/srv/regular/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -27,7 +25,6 @@ import (
 )
 
 func FuzzParseProxySubsys(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, request string) {
 		server := &Server{
 			hostname:  "redhorse",
@@ -40,4 +37,4 @@ func FuzzParseProxySubsys(f *testing.F) {
 			parseProxySubsys(request, server, ctx)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/sshutils/x11/fuzz_test.go b/lib/sshutils/x11/fuzz_test.go
index 4e8dd95a5921c..0bbb41aa4ad69 100644
--- a/lib/sshutils/x11/fuzz_test.go
+++ b/lib/sshutils/x11/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,10 +23,9 @@ import (
 )
 
 func FuzzParseDisplay(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, displayString string) {
 		require.NotPanics(t, func() {
 			ParseDisplay(displayString)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/utils/fuzz_test.go b/lib/utils/fuzz_test.go
index 9ca389f4f4ad0..547f085d0b66c 100644
--- a/lib/utils/fuzz_test.go
+++ b/lib/utils/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -29,7 +27,6 @@ import (
 )
 
 func FuzzParseProxyJump(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, in string) {
 		require.NotPanics(t, func() {
 			ParseProxyJump(in)
@@ -38,7 +35,6 @@ func FuzzParseProxyJump(f *testing.F) {
 }
 
 func FuzzParseWebLinks(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, s string) {
 		links := strings.Split(s, "|")
 		require.NotPanics(t, func() {
@@ -53,7 +49,6 @@ func FuzzParseWebLinks(f *testing.F) {
 }
 
 func FuzzReadYAML(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, dataBytes []byte) {
 		data := bytes.NewReader(dataBytes)
 
@@ -61,4 +56,4 @@ func FuzzReadYAML(f *testing.F) {
 			ReadYAML(data)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/utils/parse/fuzz_test.go b/lib/utils/parse/fuzz_test.go
index 589bf41ae826e..e981fd9bf95dd 100644
--- a/lib/utils/parse/fuzz_test.go
+++ b/lib/utils/parse/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,7 +23,6 @@ import (
 )
 
 func FuzzNewExpression(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, variable string) {
 		require.NotPanics(t, func() {
 			NewExpression(variable)
@@ -34,10 +31,9 @@ func FuzzNewExpression(f *testing.F) {
 }
 
 func FuzzNewMatcher(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, value string) {
 		require.NotPanics(t, func() {
 			NewMatcher(value)
 		})
 	})
-}
\ No newline at end of file
+}
diff --git a/lib/web/fuzz_test.go b/lib/web/fuzz_test.go
index 2a6d06866eff2..ba1b22726d4a1 100644
--- a/lib/web/fuzz_test.go
+++ b/lib/web/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
@@ -25,11 +23,10 @@ import (
 )
 
 func FuzzTdpMFACodecDecode(f *testing.F) {
-
 	f.Fuzz(func(t *testing.T, buf []byte) {
 		require.NotPanics(t, func() {
 			codec := tdpMFACodec{}
 			codec.decode(buf, "")
 		})
 	})
-}
\ No newline at end of file
+}

From ef0eb97a2cc847c0771ac5d75aec80232c535503 Mon Sep 17 00:00:00 2001
From: tbnz <norbert@doyensec.com>
Date: Wed, 15 Jun 2022 15:23:55 +0200
Subject: [PATCH 04/10] do not fail if the file is missing

---
 fuzz/oss-fuzz-build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
index 69786b32f9666..6464e4be304e5 100755
--- a/fuzz/oss-fuzz-build.sh
+++ b/fuzz/oss-fuzz-build.sh
@@ -10,7 +10,7 @@ prepare_teleport() {
 
   # Fix /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.0/fuzz.go:13:21:
   # not enough arguments in call to Parse
-  rm /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@*/fuzz.go
+  rm -f /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@*/fuzz.go
 
 }
 

From 1ff4867e12b57546047693827b24017c9f301467 Mon Sep 17 00:00:00 2001
From: tbnz <norbert@doyensec.com>
Date: Wed, 15 Jun 2022 15:38:35 +0200
Subject: [PATCH 05/10] missing go-118-fuzz-build fix

---
 fuzz/oss-fuzz-build.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
index 6464e4be304e5..5e3d7b66c4125 100755
--- a/fuzz/oss-fuzz-build.sh
+++ b/fuzz/oss-fuzz-build.sh
@@ -118,6 +118,7 @@ build_teleport_api_fuzzers() {
 
 compile() {
 
+  go get github.com/AdamKorcz/go-118-fuzz-build/utils
   prepare_teleport
   prepare_teleport_api
 

From 394ef20877df23536aa1e1b5278b0a7bf49a3afb Mon Sep 17 00:00:00 2001
From: tbnz <norbert@doyensec.com>
Date: Wed, 15 Jun 2022 15:59:02 +0200
Subject: [PATCH 06/10] missing go-118-fuzz-build fix (2)

---
 fuzz/oss-fuzz-build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
index 5e3d7b66c4125..d2f80f3f24261 100755
--- a/fuzz/oss-fuzz-build.sh
+++ b/fuzz/oss-fuzz-build.sh
@@ -4,6 +4,7 @@ TELEPORT_PREFIX="github.com/gravitational/teleport"
 
 prepare_teleport() {
 
+  go get github.com/AdamKorcz/go-118-fuzz-build/utils
   go get -u all || true
   go mod tidy
   go get github.com/AdamKorcz/go-118-fuzz-build/utils
@@ -118,7 +119,6 @@ build_teleport_api_fuzzers() {
 
 compile() {
 
-  go get github.com/AdamKorcz/go-118-fuzz-build/utils
   prepare_teleport
   prepare_teleport_api
 

From dd64f0fd7280155c6c1a88314e8d3cd35c92a375 Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Sat, 18 Jun 2022 07:40:20 -0600
Subject: [PATCH 07/10] come on GCB..


From bc5e76f56ac2e66f9e488fc628fd922fba35462e Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Sat, 18 Jun 2022 08:24:26 -0600
Subject: [PATCH 08/10] come on GCB 2


From bef79bdba4fe8e20630a0a07cda8f26eebe530a9 Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Sat, 18 Jun 2022 09:33:03 -0600
Subject: [PATCH 09/10] come on GCB 3


From a2fe1d9941ae3427bff7fa225a62241182a37938 Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Sat, 18 Jun 2022 15:04:07 -0600
Subject: [PATCH 10/10] come on GCB 4