说明
当前的缺陷
只有openssl1.1.1k 和libressl(存疑) 支持Security Violation Oracle
文献8.2.2节
Improved Security Violation Oracle
In Section 5.2 we designed a bug oracle which is able to check security properties. Right now we only check after successful handshakes whether no security violation happened. For example whether a downgrade or authentication bypass happened. This could be extended by also verifying invariants during the execution of a handshake. That way we could for example detect the FREAK vulnerability automatically.
Furthermore, the security violation oracle could also be extended to other TLS implementations.
Right now only OpenSSL 1.1.1k is supported. Support for checking security violations could be ported to LibreSSL 3.3.3 and backported to OpenSSL 1.0.x.
那么切换到其他版本的时候,暂时不能使用Oracle
deps的关系
- Tlspuffin 顶层 Cargo.toml中定义 features中
openssl版本, 以及依赖rust-openssl/openssl rust-openssl/opensslCargo.toml中定义vendored-openssl版本,以及依赖openssl-sysopenssl-sysCargo.toml中定义细化的vendored-openssl版本,以及依赖openssl-srs
功能: cfg定义对应的openssl版本绑定
路径: src/openssl_binding.rs/fn create_openssl_server
功能: 定义features对应的版本源码位置
路径: deps/rust-openssl-src/src/lib.rs/fn source_dir步骤
rust-openssl-src文件存放 openssl的各版本源码- 修改
Tlspuffin顶层Cargo.toml添加版本名称 - 根据依赖依次添加版本信息
- 在两个路径文件中添加对应的信息
编译其他版本
方式一:
修改 顶层Cargo.toml 文件中 [features] 项中 default 参数
[features]
default = ["sancov_libafl", "openssl111j", "introspection"]方式二:
使用cargo 命令 添加参数
$ cargo run --no-default-features --features openssl102u,sancov_libafl,introspectionsancov_libafl,introspection 必须项