d86c8a400b
As long as the HTTP/1.1 client auth hack forces use to support renego, having it on seems much more useful than having it off for fuzzing purposes. Also read app data to exercise that code and, on the client, trigger renegotiations as needed. Change-Id: I1941ded6ec9bd764abd199d1518420a1075ed1b2 Reviewed-on: https://boringssl-review.googlesource.com/7291 Reviewed-by: Adam Langley <agl@google.com>
43 lines
925 B
C++
43 lines
925 B
C++
#include <assert.h>
|
|
|
|
#include <openssl/rand.h>
|
|
#include <openssl/ssl.h>
|
|
|
|
struct GlobalState {
|
|
GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}
|
|
|
|
~GlobalState() {
|
|
SSL_CTX_free(ctx);
|
|
}
|
|
|
|
SSL_CTX *const ctx;
|
|
};
|
|
|
|
static GlobalState g_state;
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
|
|
RAND_reset_for_fuzzing();
|
|
|
|
// This only fuzzes the initial flow from the server so far.
|
|
SSL *client = SSL_new(g_state.ctx);
|
|
BIO *in = BIO_new(BIO_s_mem());
|
|
BIO *out = BIO_new(BIO_s_mem());
|
|
SSL_set_bio(client, in, out);
|
|
SSL_set_connect_state(client);
|
|
SSL_set_renegotiate_mode(client, ssl_renegotiate_freely);
|
|
|
|
BIO_write(in, buf, len);
|
|
if (SSL_do_handshake(client) == 1) {
|
|
// Keep reading application data until error or EOF.
|
|
uint8_t tmp[1024];
|
|
for (;;) {
|
|
if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
SSL_free(client);
|
|
|
|
return 0;
|
|
}
|