| # Fuzzing OpenSSL # |
| |
| **Requirements** |
| |
| * honggfuzz |
| * clang-5.0 or newer |
| * openssl 1.1.0 (or the github's master branch) |
| * libressl/boringssl should work as well, though they might require more specific building instructions |
| |
| **Preparation (for OpenSSL 1.1.0/master)** |
| |
| 1. Compile honggfuzz |
| 2. Unpack/Clone OpenSSL |
| |
| ```shell |
| $ git clone --depth=1 https://github.com/openssl/openssl.git |
| $ mv openssl openssl-master |
| ``` |
| |
| 3. Use ```compile_hfuzz_openssl_master.sh``` to configure OpenSSL |
| |
| ```shell |
| $ cd openssl-master |
| $ <honggfuzz_dir>/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan] |
| ``` |
| |
| 4. Compile OpenSSL |
| |
| ```shell |
| $ make -j$(nproc) |
| ``` |
| |
| 5. Prepare fuzzing binaries |
| |
| The _make.sh_ script will compile honggfuzz and libFuzzer binaries. Syntax: |
| |
| ```shell |
| <honggfuzz_dir>/examples/openssl/make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined] |
| ``` |
| |
| ```shell |
| $ cd .. |
| $ <honggfuzz_dir>/examples/openssl/make.sh openssl-master address |
| ``` |
| |
| **Fuzzing** |
| |
| ```shell |
| $ <honggfuzz_dir>/honggfuzz --input corpus_server/ -- ./openssl-master.address.server |
| $ <honggfuzz_dir>/honggfuzz --input corpus_client/ -- ./openssl-master.address.client |
| $ <honggfuzz_dir>/honggfuzz --input corpus_x509/ -- ./openssl-master.address.x509 |
| $ <honggfuzz_dir>/honggfuzz --input corpus_privkey/ -- ./openssl-master.address.privkey |
| ``` |
