尝试使用 OpenSSL 1.0.1f 用 AFL-FUZZ 重新创建 Heatbleed
Trying to recreate Heatbleed with AFL-FUZZ using OpenSSL 1.0.1f
我在这里试图在 1.0.1g 之前的 openssl 版本上重新创建 Heartbleed 错误,所以我选择了 openssl 1.0.1f。我安装了 AFL-FUZZ,然后安装了 openssl。在 this and this link 的帮助下,我想我已经安装了 openssl,但最后它给了我一个 st运行ge 错误
../libcrypto.a(x86_64cpuid.o): In function `OPENSSL_cleanse':
(.text+0x1a0): multiple definition of `OPENSSL_cleanse'
../libcrypto.a(mem_clr.o):mem_clr.c:(.text+0x0): first defined here
../libcrypto.a(cmll-x86_64.o): In function `Camellia_cbc_encrypt':
(.text+0x1f00): multiple definition of `Camellia_cbc_encrypt'
../libcrypto.a(cmll_cbc.o):cmll_cbc.c:(.text+0x0): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_encrypt':
(.text+0x460): multiple definition of `AES_encrypt'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x62e): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_decrypt':
(.text+0x9f0): multiple definition of `AES_decrypt'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0xad1): first defined here
../libcrypto.a(aes-x86_64.o): In function `private_AES_set_encrypt_key':
(.text+0xab0): multiple definition of `private_AES_set_encrypt_key'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x0): first defined here
../libcrypto.a(aes-x86_64.o): In function `private_AES_set_decrypt_key':
(.text+0xd80): multiple definition of `private_AES_set_decrypt_key'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x403): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_cbc_encrypt':
(.text+0xfa0): multiple definition of `AES_cbc_encrypt'
../libcrypto.a(aes_cbc.o):aes_cbc.c:(.text+0x0): first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
我 运行 openssl version 命令和它 运行 成功地给我输出 OpenSSL 1.0.1f 6 Jan 2014 所以我认为它已经正确安装(不确定如何处理错误).
现在下一步是简单地找到一个代码来使用我找到的 openssl here handshake.c 文件。但是它没有编译成功。 afl-gcc handshake.c libssl.a libcrypto.a -o handshake -I ssl/include -ldl 错误是
afl-cc 2.52b by <lcamtuf@google.com>
afl-as 2.52b by <lcamtuf@google.com>
[+] Instrumented 15 locations (64-bit, non-hardened mode, ratio 100%).
libcrypto.a(x86_64cpuid.o): In function `OPENSSL_cleanse':
(.text+0x1a0): multiple definition of `OPENSSL_cleanse'
libcrypto.a(mem_clr.o):mem_clr.c:(.text+0x0): first defined here
/tmp/ccJeYtnW.o: In function `Init':
path/openssl-1.0.1/handshake.c:22: undefined reference to `SSL_CTX_set_security_level'
libcrypto.a(c_zlib.o): In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x59): undefined reference to `inflate'
libcrypto.a(c_zlib.o): In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0xea): undefined reference to `deflate'
libcrypto.a(c_zlib.o): In function `bio_zlib_free':
c_zlib.c:(.text+0x13d): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x15b): undefined reference to `deflateEnd'
libcrypto.a(c_zlib.o): In function `zlib_stateful_finish':
c_zlib.c:(.text+0x1d0): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x1d9): undefined reference to `deflateEnd'
libcrypto.a(c_zlib.o): In function `zlib_stateful_init':
c_zlib.c:(.text+0x268): undefined reference to `inflateInit_'
c_zlib.c:(.text+0x2d9): undefined reference to `deflateInit_'
libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl':
c_zlib.c:(.text+0x54c): undefined reference to `deflate'
c_zlib.c:(.text+0x5f0): undefined reference to `zError'
libcrypto.a(c_zlib.o): In function `bio_zlib_write':
c_zlib.c:(.text+0x809): undefined reference to `deflate'
c_zlib.c:(.text+0x89a): undefined reference to `zError'
c_zlib.c:(.text+0x933): undefined reference to `deflateInit_'
libcrypto.a(c_zlib.o): In function `bio_zlib_read':
c_zlib.c:(.text+0xa13): undefined reference to `inflate'
c_zlib.c:(.text+0xa8d): undefined reference to `zError'
c_zlib.c:(.text+0xafc): undefined reference to `inflateInit_'
collect2: error: ld returned 1 exit status
请建议我如何修复这些错误。
提前致谢。
编辑:
到目前为止,我所做的是使用 root 权限安装 openssl。我工作但给了我很多关于手动安装的错误,即大多数错误看起来像 item= expecting something other than a integer。我手动将这些行更改为字符 =item 1 -> =item '1'。在根目录的 apps 和 ssl 文件夹发生变化后,我终于让它工作了。最终安装看起来像 make 和 make install
installing openssl
installing CA.sh
installing CA.pl
installing tsget
make[1]: Leaving directory `/openssl-1.0.1f/apps'
making install in test...
make[1]: Entering directory `/openssl-1.0.1f/test'
make[1]: Nothing to be done for `install'.
make[1]: Leaving directory `/openssl-1.0.1f/test'
making install in tools...
make[1]: Entering directory `/openssl-1.0.1f/tools'
make[1]: Leaving directory `/openssl-1.0.1f/tools'
installing libcrypto.a
installing libssl.a
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
root@ubuntu:/openssl-1.0.1f# openssl
The program 'openssl' is currently not installed. You can install it by typing:
apt-get install openssl
现在我认为安装没有错误,但我仍然没有安装 openssl,因为它说还没有安装这样的包。
请帮忙。
正如我在 Edited post 中添加的那样,当我 运行 以 root 身份安装时,openssl 安装中的错误消失了。我使用了以下命令序列;
make clean
./config no-shared no-idea no-mdc2 no-rc5 zlib enable-tlsext
make depend
make && make install
正如上面问题的编辑版本中所讨论的,它给了我 .pod 文件中的错误,我一个一个地解决了这些错误(想知道是否有人有更聪明的方法)。
编译后,现在错误依旧在编辑的部分,将openssl安装路径添加到$PATH环境变量后立即解决。我在 .basrc 和 .profile 文件中添加了以下行。
export PATH="$PATH:/usr/local/ssl/bin"
现在 openssl 工作正常。
但是 handshake.c 使用 openssl 的编译与此命令一起使用
AFL_USE_ASAN=1 afl-gcc handshake.c -lcrypto -lz libssl.a -o handshake -ldl
最后
afl-fuzz -i testcases -o findings -m none -- ./handshake
希望这对未来的 google 员工有所帮助。
谢谢。
我在这里试图在 1.0.1g 之前的 openssl 版本上重新创建 Heartbleed 错误,所以我选择了 openssl 1.0.1f。我安装了 AFL-FUZZ,然后安装了 openssl。在 this and this link 的帮助下,我想我已经安装了 openssl,但最后它给了我一个 st运行ge 错误
../libcrypto.a(x86_64cpuid.o): In function `OPENSSL_cleanse':
(.text+0x1a0): multiple definition of `OPENSSL_cleanse'
../libcrypto.a(mem_clr.o):mem_clr.c:(.text+0x0): first defined here
../libcrypto.a(cmll-x86_64.o): In function `Camellia_cbc_encrypt':
(.text+0x1f00): multiple definition of `Camellia_cbc_encrypt'
../libcrypto.a(cmll_cbc.o):cmll_cbc.c:(.text+0x0): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_encrypt':
(.text+0x460): multiple definition of `AES_encrypt'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x62e): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_decrypt':
(.text+0x9f0): multiple definition of `AES_decrypt'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0xad1): first defined here
../libcrypto.a(aes-x86_64.o): In function `private_AES_set_encrypt_key':
(.text+0xab0): multiple definition of `private_AES_set_encrypt_key'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x0): first defined here
../libcrypto.a(aes-x86_64.o): In function `private_AES_set_decrypt_key':
(.text+0xd80): multiple definition of `private_AES_set_decrypt_key'
../libcrypto.a(aes_core.o):aes_core.c:(.text+0x403): first defined here
../libcrypto.a(aes-x86_64.o): In function `AES_cbc_encrypt':
(.text+0xfa0): multiple definition of `AES_cbc_encrypt'
../libcrypto.a(aes_cbc.o):aes_cbc.c:(.text+0x0): first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
我 运行 openssl version 命令和它 运行 成功地给我输出 OpenSSL 1.0.1f 6 Jan 2014 所以我认为它已经正确安装(不确定如何处理错误).
现在下一步是简单地找到一个代码来使用我找到的 openssl here handshake.c 文件。但是它没有编译成功。 afl-gcc handshake.c libssl.a libcrypto.a -o handshake -I ssl/include -ldl 错误是
afl-cc 2.52b by <lcamtuf@google.com>
afl-as 2.52b by <lcamtuf@google.com>
[+] Instrumented 15 locations (64-bit, non-hardened mode, ratio 100%).
libcrypto.a(x86_64cpuid.o): In function `OPENSSL_cleanse':
(.text+0x1a0): multiple definition of `OPENSSL_cleanse'
libcrypto.a(mem_clr.o):mem_clr.c:(.text+0x0): first defined here
/tmp/ccJeYtnW.o: In function `Init':
path/openssl-1.0.1/handshake.c:22: undefined reference to `SSL_CTX_set_security_level'
libcrypto.a(c_zlib.o): In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x59): undefined reference to `inflate'
libcrypto.a(c_zlib.o): In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0xea): undefined reference to `deflate'
libcrypto.a(c_zlib.o): In function `bio_zlib_free':
c_zlib.c:(.text+0x13d): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x15b): undefined reference to `deflateEnd'
libcrypto.a(c_zlib.o): In function `zlib_stateful_finish':
c_zlib.c:(.text+0x1d0): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x1d9): undefined reference to `deflateEnd'
libcrypto.a(c_zlib.o): In function `zlib_stateful_init':
c_zlib.c:(.text+0x268): undefined reference to `inflateInit_'
c_zlib.c:(.text+0x2d9): undefined reference to `deflateInit_'
libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl':
c_zlib.c:(.text+0x54c): undefined reference to `deflate'
c_zlib.c:(.text+0x5f0): undefined reference to `zError'
libcrypto.a(c_zlib.o): In function `bio_zlib_write':
c_zlib.c:(.text+0x809): undefined reference to `deflate'
c_zlib.c:(.text+0x89a): undefined reference to `zError'
c_zlib.c:(.text+0x933): undefined reference to `deflateInit_'
libcrypto.a(c_zlib.o): In function `bio_zlib_read':
c_zlib.c:(.text+0xa13): undefined reference to `inflate'
c_zlib.c:(.text+0xa8d): undefined reference to `zError'
c_zlib.c:(.text+0xafc): undefined reference to `inflateInit_'
collect2: error: ld returned 1 exit status
请建议我如何修复这些错误。
提前致谢。
编辑:
到目前为止,我所做的是使用 root 权限安装 openssl。我工作但给了我很多关于手动安装的错误,即大多数错误看起来像 item= expecting something other than a integer。我手动将这些行更改为字符 =item 1 -> =item '1'。在根目录的 apps 和 ssl 文件夹发生变化后,我终于让它工作了。最终安装看起来像 make 和 make install
installing openssl
installing CA.sh
installing CA.pl
installing tsget
make[1]: Leaving directory `/openssl-1.0.1f/apps'
making install in test...
make[1]: Entering directory `/openssl-1.0.1f/test'
make[1]: Nothing to be done for `install'.
make[1]: Leaving directory `/openssl-1.0.1f/test'
making install in tools...
make[1]: Entering directory `/openssl-1.0.1f/tools'
make[1]: Leaving directory `/openssl-1.0.1f/tools'
installing libcrypto.a
installing libssl.a
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
root@ubuntu:/openssl-1.0.1f# openssl
The program 'openssl' is currently not installed. You can install it by typing:
apt-get install openssl
现在我认为安装没有错误,但我仍然没有安装 openssl,因为它说还没有安装这样的包。
请帮忙。
正如我在 Edited post 中添加的那样,当我 运行 以 root 身份安装时,openssl 安装中的错误消失了。我使用了以下命令序列;
make clean
./config no-shared no-idea no-mdc2 no-rc5 zlib enable-tlsext
make depend
make && make install
正如上面问题的编辑版本中所讨论的,它给了我 .pod 文件中的错误,我一个一个地解决了这些错误(想知道是否有人有更聪明的方法)。
编译后,现在错误依旧在编辑的部分,将openssl安装路径添加到$PATH环境变量后立即解决。我在 .basrc 和 .profile 文件中添加了以下行。
export PATH="$PATH:/usr/local/ssl/bin"
现在 openssl 工作正常。
但是 handshake.c 使用 openssl 的编译与此命令一起使用
AFL_USE_ASAN=1 afl-gcc handshake.c -lcrypto -lz libssl.a -o handshake -ldl
最后
afl-fuzz -i testcases -o findings -m none -- ./handshake
希望这对未来的 google 员工有所帮助。
谢谢。