From ff54cd9beb07e47c48dac02d3006b0fbe5fc6cc2 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Mon, 13 Mar 2017 22:43:36 +0100 Subject: [PATCH] Optionally check for early data This adds a way to use the last byte of the buffer to change the behavior of the server. The last byte is used so that the existing corpus can be reused either without changing it, or just adding a single byte, and that it can still be used by other projects. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov GH: #2683 --- fuzz/server.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/fuzz/server.c b/fuzz/server.c index 8c5e2d8d4a..1a6dd2cdfd 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -530,8 +530,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) #ifndef OPENSSL_NO_DSA DSA *dsakey = NULL; #endif + uint8_t opt; - if (len == 0) + if (len < 2) return 0; /* @@ -615,7 +616,24 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); + + opt = (uint8_t)buf[len-1]; + len--; + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + + if ((opt & 0x01) != 0) + { + do { + char early_buf[16384]; + size_t early_len; + ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len); + + if (ret != SSL_READ_EARLY_DATA_SUCCESS) + break; + } while (1); + } + if (SSL_do_handshake(server) == 1) { /* Keep reading application data until error or EOF. */ uint8_t tmp[1024]; -- 2.25.1