diff options
| author | Matt Caswell <matt@openssl.org> | 2023-11-01 15:25:24 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2023-11-03 09:58:27 +0000 |
| commit | d3dcf88cc5dead2ecaf29714f40cba586d6188ca (patch) | |
| tree | 6e3127790ffe1e7f36700a91154f86d502e82011 /fuzz | |
| parent | a1c0306895bf6cf28056aaf9cd22cb3b65d4bb0a (diff) | |
Call SSL_write() in the quic-client-fuzzer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22592)
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/quic-client.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/fuzz/quic-client.c b/fuzz/quic-client.c index 2dc2b3c9b2..17cfef113b 100644 --- a/fuzz/quic-client.c +++ b/fuzz/quic-client.c @@ -43,6 +43,10 @@ int FuzzerInitialize(int *argc, char ***argv) return 1; } +#define HANDSHAKING 0 +#define READING 1 +#define WRITING 2 + int FuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL *client = NULL; @@ -52,6 +56,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) BIO_ADDR *peer_addr = NULL; struct in_addr ina = {0}; struct timeval tv; + int state = HANDSHAKING; if (len == 0) return 0; @@ -113,14 +118,29 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) } for (;;) { - if ((ret = SSL_do_handshake(client)) == 1) { - /* - * Keep reading application data until there are no more - * datagrams to inject or a fatal error occurs - */ - uint8_t tmp[1024]; + uint8_t tmp[1024]; + int writelen = 0; + + switch (state) { + case HANDSHAKING: + ret = SSL_do_handshake(client); + if (ret == 1) + state = READING; + break; + case READING: ret = SSL_read(client, tmp, sizeof(tmp)); + if (ret > 0) { + state = WRITING; + writelen = ret; + assert(writelen <= sizeof(tmp)); + } + break; + case WRITING: + ret = SSL_write(client, tmp, writelen); + if (ret > 0) + state = READING; + break; } if (ret <= 0) { switch (SSL_get_error(client, ret)) { |