summaryrefslogtreecommitdiffstats
path: root/fuzz/quic-client.c
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/quic-client.c')
-rw-r--r--fuzz/quic-client.c32
1 files changed, 26 insertions, 6 deletions
diff --git a/fuzz/quic-client.c b/fuzz/quic-client.c
index 2dc2b3c9b2..17cfef113b 100644
--- a/fuzz/quic-client.c
+++ b/fuzz/quic-client.c
@@ -43,6 +43,10 @@ int FuzzerInitialize(int *argc, char ***argv)
return 1;
}
+#define HANDSHAKING 0
+#define READING 1
+#define WRITING 2
+
int FuzzerTestOneInput(const uint8_t *buf, size_t len)
{
SSL *client = NULL;
@@ -52,6 +56,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
BIO_ADDR *peer_addr = NULL;
struct in_addr ina = {0};
struct timeval tv;
+ int state = HANDSHAKING;
if (len == 0)
return 0;
@@ -113,14 +118,29 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
}
for (;;) {
- if ((ret = SSL_do_handshake(client)) == 1) {
- /*
- * Keep reading application data until there are no more
- * datagrams to inject or a fatal error occurs
- */
- uint8_t tmp[1024];
+ uint8_t tmp[1024];
+ int writelen = 0;
+
+ switch (state) {
+ case HANDSHAKING:
+ ret = SSL_do_handshake(client);
+ if (ret == 1)
+ state = READING;
+ break;
+ case READING:
ret = SSL_read(client, tmp, sizeof(tmp));
+ if (ret > 0) {
+ state = WRITING;
+ writelen = ret;
+ assert(writelen <= sizeof(tmp));
+ }
+ break;
+ case WRITING:
+ ret = SSL_write(client, tmp, writelen);
+ if (ret > 0)
+ state = READING;
+ break;
}
if (ret <= 0) {
switch (SSL_get_error(client, ret)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 08:46:15 +0000