1 files changed, 26 insertions, 2 deletions

diff --git a/fuzz/server.cc b/fuzz/server.cc
index f4f999a9..75522bac 100644
--- a/fuzz/server.cc
+++ b/fuzz/server.cc
@@ -1,5 +1,20 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
 #include <assert.h>
 
+#include <openssl/rand.h>
 #include <openssl/ssl.h>
 
 static const uint8_t kCertificateDER[] = {
@@ -204,7 +219,8 @@ struct GlobalState {
 static GlobalState g_state;
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
-  // This only fuzzes the initial flow from the client so far.
+  RAND_reset_for_fuzzing();
+
   SSL *server = SSL_new(g_state.ctx);
   BIO *in = BIO_new(BIO_s_mem());
   BIO *out = BIO_new(BIO_s_mem());
@@ -212,7 +228,15 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
   SSL_set_accept_state(server);
 
   BIO_write(in, buf, len);
-  SSL_do_handshake(server);
+  if (SSL_do_handshake(server) == 1) {
+    // Keep reading application data until error or EOF.
+    uint8_t tmp[1024];
+    for (;;) {
+      if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
+        break;
+      }
+    }
+  }
   SSL_free(server);
 
   return 0;