# Fuzzing OpenSSL # **Requirements** * honggfuzz * clang-4.0, or newer (5.0/6.0 work as well) * openssl 1.1.0 (or, the master branch from git) * libressl/boringssl/openssl-1.0.2 work as well, though they might require specific building instructions **Preparation (for OpenSSL 1.1.0/master)** 1. Compile honggfuzz 2. Unpack/Clone OpenSSL ```shell $ git clone --depth=1 https://github.com/openssl/openssl.git $ mv openssl openssl-master ``` 3. Use ```compile_hfuzz_openssl_master.sh``` to configure OpenSSL ```shell $ cd openssl-master $ /home/jagger/src/honggfuzz/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan] ``` 4. Compile OpenSSL ```shell $ make ``` 5. Prepare fuzzing binaries The _make.sh_ script will compile honggfuzz and libFuzzer binaries. Syntax: ```shell make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined] ``` ```shell $ cd .. $ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address ``` **Fuzzing** ```shell $ /home/jagger/src/honggfuzz/honggfuzz -f corpus_server/ -P -- ./openssl-master.address.server $ /home/jagger/src/honggfuzz/honggfuzz -f corpus_client/ -P -- ./openssl-master.address.client $ /home/jagger/src/honggfuzz/honggfuzz -f corpus_x509/ -P -- ./openssl-master.address.x509 $ /home/jagger/src/honggfuzz/honggfuzz -f corpus_privkey/ -P -- ./openssl-master.address.privkey ```