Google Git
Sign in
android / platform / external / honggfuzz / refs/tags/android-9.0.0_r30 / . / examples / openssl
tree: e48902c54207b91337e11dd4355117ba689030ba [path history] [tgz]
  1. corpus_client/
  2. corpus_privkey/
  3. corpus_server/
  4. corpus_x509/
  5. client.c
  6. hf_ssl_lib.h
  7. make.sh
  8. privkey.c
  9. README.md
  10. server.c
  11. x509.c
examples/openssl/README.md

Fuzzing OpenSSL

Requirements

  • honggfuzz
  • clang-4.0, or newer (5.0/6.0 work as well)
  • openssl 1.1.0 (or, the master branch from git)
  • libressl/boringssl/openssl-1.0.2 work as well, though they might require specific building instructions

Preparation (for OpenSSL 1.1.0/master)

  1. Compile honggfuzz
  2. Unpack/Clone OpenSSL
$ git clone --depth=1 https://github.com/openssl/openssl.git
$ mv openssl openssl-master
  1. Use compile_hfuzz_openssl_master.sh to configure OpenSSL
$ cd openssl-master
$ /home/jagger/src/honggfuzz/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan]
  1. Compile OpenSSL
$ make
  1. Prepare fuzzing binaries

The make.sh script will compile honggfuzz and libFuzzer binaries. Syntax:

make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined]

$ cd ..
$ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address

Fuzzing

$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_server/ -P -- ./openssl-master.address.server
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_client/ -P -- ./openssl-master.address.client
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_x509/ -P -- ./openssl-master.address.x509
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_privkey/ -P -- ./openssl-master.address.privkey