Updates to the quic client fuzzer

Handle retryable errors from SSL_read(). Also ensure the underlying BIO handles the destination address capability. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
author: Matt Caswell <matt@openssl.org> 2023-10-11 10:43:58 +0100
committer: Matt Caswell <matt@openssl.org> 2023-10-23 10:08:12 +0100
commit: acee7d68e1037d18f34d03bcd70af6b1b6e48299 (patch)
tree: 2f864c2189b698970f86debb64665b42e6b7ce1a
parent: 5415383d2c7e8ee8147eb01361f3f952ceec3761 (diff)
1 files changed, 23 insertions, 4 deletions
diff --git a/fuzz/quic-client.c b/fuzz/quic-client.c
index c172372af3..548ed7ec32 100644
--- a/fuzz/quic-client.c
+++ b/fuzz/quic-client.c
@@ -16,6 +16,7 @@
 #include <openssl/ec.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
+#include <openssl/bio.h>
 #include "fuzzer.h"
 #include "internal/sockets.h"
 
@@ -98,9 +99,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         BIO_free(in);
         goto end;
     }
-    if (SSL_set_alpn_protos(client, (const unsigned char *)"\x08quicfuzz", 9) != 0)
+    if (!BIO_dgram_set_caps(out, BIO_DGRAM_CAP_HANDLES_DST_ADDR)) {
+        BIO_free(in);
+        BIO_free(out);
         goto end;
+    }
     SSL_set_bio(client, in, out);
+    if (SSL_set_alpn_protos(client, (const unsigned char *)"\x08ossltest", 9) != 0)
+        goto end;
     if (SSL_set1_initial_peer_addr(client, peer_addr) != 1)
         goto end;
     SSL_set_connect_state(client);
@@ -118,10 +124,23 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         buf += size + 2;
 
         if (SSL_do_handshake(client) == 1) {
-            /* Keep reading application data until error or EOF. */
+            /*
+             * Keep reading application data until there are no more datagrams
+             * to inject or a fatal error occurs
+             */
             uint8_t tmp[1024];
-            if (SSL_read(client, tmp, sizeof(tmp)) <= 0)
-                break;
+            int ret;
+
+            ret = SSL_read(client, tmp, sizeof(tmp));
+            if (ret <= 0) {
+                switch (SSL_get_error(client, ret)) {
+                case SSL_ERROR_WANT_READ:
+                case SSL_ERROR_WANT_WRITE:
+                    break;
+                default:
+                    goto end;
+                }
+            }
         }
     }
  end:
author	Matt Caswell <matt@openssl.org>	2023-10-11 10:43:58 +0100
committer	Matt Caswell <matt@openssl.org>	2023-10-23 10:08:12 +0100
commit	acee7d68e1037d18f34d03bcd70af6b1b6e48299 (patch)
tree	2f864c2189b698970f86debb64665b42e6b7ce1a
parent	5415383d2c7e8ee8147eb01361f3f952ceec3761 (diff)