Fetching latest commit…
Cannot retrieve the latest commit at this time.


Fuzzing OpenSSL


  • honggfuzz
  • clang-4.0, or newer (5.0/6.0 work as well)
  • openssl 1.1.0 (or, the master branch from git)
  • libressl/boringssl/openssl-1.0.2 work as well, though they might require specific building instructions

Preparation (for OpenSSL 1.1.0/master)

  1. Compile honggfuzz
  2. Unpack/Clone OpenSSL
$ git clone --depth=1 https://github.com/openssl/openssl.git
$ mv openssl openssl-master
  1. Use compile_hfuzz_openssl_master.sh to configure OpenSSL
$ cd openssl-master
$ /home/jagger/src/honggfuzz/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan]
  1. Compile OpenSSL
$ make
  1. Prepare fuzzing binaries

The make.sh script will compile honggfuzz and libFuzzer binaries. Syntax:

make.sh <directory-with-open/libre/boring-ssl> [address|memory|undefined]
$ cd ..
$ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address


$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_server/ -P -- ./openssl-master.address.server
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_client/ -P -- ./openssl-master.address.client
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_x509/ -P -- ./openssl-master.address.x509
$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_privkey/ -P -- ./openssl-master.address.privkey