I looked at the running cryptofuzz doc writeup but it's unclear how to actually use the tool, for example doing differential fuzzing of one of the OpenSSL crypto APIs and another library. The program help also seems to describe various program options but I'm not finding a general write-up of how to fuzz two APIs. Can someone send a pointer to how to use this tool to fuzz two libraries? I'm familiar with libfuzzer in general but not quite clear on how to use cryptofuzz.

To update, I had a few problems in my docker build scripts that were building some modules with gcc/g++ instead of clang. It had been saying there were no paths found and there wasn't any fuzzing happening. Once I got that straightened out, I was able to run the tool directly.

Now that it's running, it's answered a few general questions I had about how this all works. For those who are new to cryptofuzz, at a high level you build in several crypto libraries of your choice and build the cryptofuzz tool. The cryptofuzz tool itself will select APIs to test and you don't need to modify the harness to tell it to invoke particular APIs / flows.

Very cool tool!

Thank you for your interest in this project and I'm glad you got it working. I will try to add some better docs soon.