20568e7a4f
They now fuzz a lot more than just the initial flow. Change-Id: Ib0b7eb66969442e539a937d7d87f5ba031fcbef3 Reviewed-on: https://boringssl-review.googlesource.com/7610 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
42 lines
862 B
C++
42 lines
862 B
C++
#include <assert.h>
|
|
|
|
#include <openssl/rand.h>
|
|
#include <openssl/ssl.h>
|
|
|
|
struct GlobalState {
|
|
GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}
|
|
|
|
~GlobalState() {
|
|
SSL_CTX_free(ctx);
|
|
}
|
|
|
|
SSL_CTX *const ctx;
|
|
};
|
|
|
|
static GlobalState g_state;
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
|
|
RAND_reset_for_fuzzing();
|
|
|
|
SSL *client = SSL_new(g_state.ctx);
|
|
BIO *in = BIO_new(BIO_s_mem());
|
|
BIO *out = BIO_new(BIO_s_mem());
|
|
SSL_set_bio(client, in, out);
|
|
SSL_set_connect_state(client);
|
|
SSL_set_renegotiate_mode(client, ssl_renegotiate_freely);
|
|
|
|
BIO_write(in, buf, len);
|
|
if (SSL_do_handshake(client) == 1) {
|
|
// Keep reading application data until error or EOF.
|
|
uint8_t tmp[1024];
|
|
for (;;) {
|
|
if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
SSL_free(client);
|
|
|
|
return 0;
|
|
}
|