Enable renegotiation in the client fuzzer and read app data.

As long as the HTTP/1.1 client auth hack forces use to support renego, having
it on seems much more useful than having it off for fuzzing purposes. Also read
app data to exercise that code and, on the client, trigger renegotiations as
needed.

Change-Id: I1941ded6ec9bd764abd199d1518420a1075ed1b2
Reviewed-on: https://boringssl-review.googlesource.com/7291
Reviewed-by: Adam Langley <agl@google.com>

fuzz/client.cc

@@ -24,9 +24,18 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
   BIO *out = BIO_new(BIO_s_mem());
   SSL_set_bio(client, in, out);
   SSL_set_connect_state(client);
+  SSL_set_renegotiate_mode(client, ssl_renegotiate_freely);
 
   BIO_write(in, buf, len);
-  SSL_do_handshake(client);
+  if (SSL_do_handshake(client) == 1) {
+    // Keep reading application data until error or EOF.
+    uint8_t tmp[1024];
+    for (;;) {
+      if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
+        break;
+      }
+    }
+  }
   SSL_free(client);
 
   return 0;

fuzz/server.cc

@@ -215,7 +215,15 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
   SSL_set_accept_state(server);
 
   BIO_write(in, buf, len);
-  SSL_do_handshake(server);
+  if (SSL_do_handshake(server) == 1) {
+    // Keep reading application data until error or EOF.
+    uint8_t tmp[1024];
+    for (;;) {
+      if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
+        break;
+      }
+    }
+  }
   SSL_free(server);
 
   return 0;