fuzz: make post handshake reachable

So that CVE-2021-3449 can be found through fuzzing Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/20128)
author: Philippe Antoine <p.antoine@catenacyber.fr> 2023-01-25 15:43:50 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-02-08 16:13:17 +0100
commit: 2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch)
tree: 694e487df518ee2c5314546210a4bb720f0342ac /ssl/ssl_sess.c
parent: 7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 7f9bafb0d3..250e4dfb83 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -298,10 +298,15 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id,
                                    unsigned int *id_len)
 {
     unsigned int retry = 0;
-    do
+    do {
         if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
             return 0;
-    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        if (retry > 0) {
+            id[0]++;
+        }
+#endif
+    } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
            (++retry < MAX_SESS_ID_ATTEMPTS)) ;
     if (retry < MAX_SESS_ID_ATTEMPTS)
         return 1;
author	Philippe Antoine <p.antoine@catenacyber.fr>	2023-01-25 15:43:50 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-02-08 16:13:17 +0100
commit	2b9e2afc382490592078cdb69d06f54f0fefd4c6 (patch)
tree	694e487df518ee2c5314546210a4bb720f0342ac /ssl/ssl_sess.c
parent	7b2625274f5d5ec90aee522ec4e4f3aa08fa5b70 (diff)