# Fuzzing OpenSSL #

**Requirements**

  * honggfuzz
  * clang-4.0, or newer (5.0/6.0 work as well)
  * openssl 1.1.0 (or, the master branch from git)
  * libressl/boringssl/openssl-1.0.2 work as well, though they might require specific building instructions

**Preparation (for OpenSSL 1.1.0/master)**

1. Compile honggfuzz
2. Unpack/Clone OpenSSL

```shell
$ git clone --depth=1 https://github.com/openssl/openssl.git
$ mv openssl openssl-master
```

3. Use ```compile_hfuzz_openssl_master.sh``` to configure OpenSSL

```shell
$ cd openssl-master
$ /home/jagger/src/honggfuzz/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan]
```

4. Compile OpenSSL

```shell
$ make
```

5. Prepare fuzzing binaries

The _make.sh_ script will compile honggfuzz and libFuzzer binaries. Syntax:

```shell
make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined]
```

```shell
$ cd ..
$ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address
```

**Fuzzing**

```shell
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_server/ -P -- ./openssl-master.address.server
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_client/ -P -- ./openssl-master.address.client
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_x509/ -P -- ./openssl-master.address.x509
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_privkey/ -P -- ./openssl-master.address.privkey
```