fix build when incompatible features are requested (tlspuffin#303)

* build: avoid building vendor bindings per-default

We exclude the vendored crates from the workspace so that they are not built by
default when running cargo without specifying a package. They will only be
pulled in when requested by a workspace member (tlspuffin, sshpuffin, ...).

This should marginally reduce build time during development and make sure that
these crates are correcly configured by the requesting workspace member when
pulled in the build, since the default features don't usually match our need.

* build: fail when incompatible openssl (resp. wolfssl) features are requested

Currently, when several versions of openssl or wolfssl are requested through
cargo, the vendored crates will silently choose one version. Additionally, the
PUT capabilities (session resumption, tls3 support, ...) associated with ALL
these features will be activated in tlspuffin at the same time and trigger hard
to decypher build errors, or worse, they might actually build correctly if most
features are compatible but result in unexpected behavior at runtime.

This fixes the problem by testing that one and only one version of openssl
(resp. wolfssl) sources can be pulled in the build through the use of feature
flags.

to squash: reject unknown openssl/wolfssl/libressl/libssh versions

* build: fail early when both openssl and wolfssl bindings are selected

When building tlspuffin with both openssl and wolfssl selected through feature
flags, the build process progress a lot before finally reaching a compile-time
error in the puffin package.

This set the compile-time check in the build script of the tlspuffin package,
so that the error message happens in the package where these features are
defined.

* build: use a consistent naming scheme for vendor versions

In vendored crates, the feature flags for versions are sometime prefixed with
`vendored-` (libssh, wolfssl, libressl) and sometime not (openssl), making them
inconsistent with the user-facing features defined in the tlspuffin/sshpuffin
package. This prefix is also redundant in our fuzzing use case: we always want
to fuzz specific versions of these libraries and never the system ones.

We remove the `vendored-` prefix from all the features flags, to keep the
naming scheme consistent.

* build: remove references to submodules (removed in tlspuffin#243)

.github/workflows/build-deploy-docs.yml

@@ -14,8 +14,6 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
       - name: Setup
         uses: ./.github/actions/setup
       - name: Setup mdBook

.github/workflows/build-linux.yml

@@ -31,8 +31,6 @@ jobs:
     name: Build "${{ inputs.name }}"
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
       - name: Setup Git
         shell: bash
         run: |

.github/workflows/run-benchmarks.yml

@@ -9,8 +9,6 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
       - name: Setup
         uses: ./.github/actions/setup
       - name: Benchmark

.github/workflows/run-checks.yml

@@ -9,8 +9,6 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
       - name: Setup
         uses: ./.github/actions/setup
       - name: Format

Cargo.toml

@@ -7,14 +7,17 @@ members = [
     "tlspuffin",
     "sshpuffin",
     "tlspuffin-claims",
+]
+
+exclude = [
+    "crates/openssl-src-111",
     "crates/libressl-src",
     "crates/wolfssl",
     "crates/wolfssl-sys",
     "crates/wolfssl-src",
     "crates/libssh-sys",
 ]
 
-exclude = ["crates/openssl-src-111"]
 
 [workspace.package]
 version = "0.1.0"
@@ -33,6 +36,7 @@ wolfssl-sys = { path = "crates/wolfssl-sys" }
 wolfssl-src = { path = "crates/wolfssl-src" }
 openssl-src = { path = "crates/openssl-src-111" }
 libressl-src = { path = "crates/libressl-src" }
+libssh-sys = { path = "crates/libssh-sys" }
 security-claims = { path = "tlspuffin-claims" }
 
 [profile.release]

README.md

@@ -10,9 +10,9 @@
 </div>
 
 <div align="center">
-  <img src="https://img.shields.io/badge/stability-experimental-orange.svg?style=flat-square" 
+  <img src="https://img.shields.io/badge/stability-experimental-orange.svg?style=flat-square"
       alt="Stability" />
-  <a href="https://github.com/tlspuffin/tlspuffin/actions/workflows/rust.yml">    
+  <a href="https://github.com/tlspuffin/tlspuffin/actions/workflows/rust.yml">
     <img src="https://github.com/tlspuffin/tlspuffin/actions/workflows/on_main_push.yml/badge.svg"
         alt="Build status" />
   </a>
@@ -44,20 +44,20 @@ _Disclaimer: The term "symbolic-model-guided" should not be confused with symbol
 ## Description
 
 Fuzzing implementations of cryptographic protocols is challenging.
-In contrast to traditional fuzzing of file formats, cryptographic protocols require a 
+In contrast to traditional fuzzing of file formats, cryptographic protocols require a
 specific flow of cryptographic and mutually dependent messages to reach deep protocol states.
-The specification of the TLS protocol describes sound flows of messages and cryptographic 
+The specification of the TLS protocol describes sound flows of messages and cryptographic
 operations.
 
-Although the specification has been formally verified multiple times with significant 
-results, a gap has emerged from the fact that implementations of the same protocol have 
+Although the specification has been formally verified multiple times with significant
+results, a gap has emerged from the fact that implementations of the same protocol have
 not undergone the same logical analysis.
-Because the development of cryptographic protocols is error-prone, multiple security 
-vulnerabilities have already been discovered in implementations in TLS which are not 
+Because the development of cryptographic protocols is error-prone, multiple security
+vulnerabilities have already been discovered in implementations in TLS which are not
 present in its specification.
 
-Inspired by symbolic protocol verification, we present a reference implementation of a 
-fuzzer named tlspuffin which employs a concrete semantic to execute TLS 1.2 and 1.3 symbolic traces. 
+Inspired by symbolic protocol verification, we present a reference implementation of a
+fuzzer named tlspuffin which employs a concrete semantic to execute TLS 1.2 and 1.3 symbolic traces.
 In fact attacks which mix \TLS versions are in scope of this implementation.
 This method allows us to utilize a genetic fuzzing algorithm to fuzz protocol flows,
 which is described by the following three stages.
@@ -67,14 +67,14 @@ which is described by the following three stages.
 * A security violation oracle supervises executions for the absence of vulnerabilities.
 
 
-The novel approach allows rediscovering known vulnerabilities, which are out-of-scope for 
-classical bit-level fuzzers. This proves that it is capable of reaching critical protocol 
+The novel approach allows rediscovering known vulnerabilities, which are out-of-scope for
+classical bit-level fuzzers. This proves that it is capable of reaching critical protocol
 states.
-In contrast to the promising methodology no new vulnerabilities were found by tlspuffin. 
-This can can be explained by the fact that the implementation effort of TLS protocol 
-primitives and extensions is high and not all features of the specification have been 
+In contrast to the promising methodology no new vulnerabilities were found by tlspuffin.
+This can can be explained by the fact that the implementation effort of TLS protocol
+primitives and extensions is high and not all features of the specification have been
 implemented.
-Nonetheless, the innovating approach is promising in terms of quickly reaching high edge 
+Nonetheless, the innovating approach is promising in terms of quickly reaching high edge
 coverage, expressiveness of executable protocol traces and stable and extensible implementation.
 
 
@@ -83,11 +83,11 @@ coverage, expressiveness of executable protocol traces and stable and extensible
 * Uses the [LibAFL fuzzing framework](https://github.com/AFLplusplus/LibAFL)
 * Fuzzer which is inspired by the [Dolev-Yao symbolic model](https://en.wikipedia.org/wiki/Dolev%E2%80%93Yao_model) used in protocol verification
 * Domain specific mutators for Protocol Fuzzing!
-* Supported Libraries Under Test: 
+* Supported Libraries Under Test:
   * OpenSSL 1.0.1f, 1.0.2u, 1.1.1k
   * LibreSSL 3.3.3
   * wolfSSL 5.1.0 - 5.4.0
-* Reproducible for each LUT. We use Git submodules to link to forks this are in the  [tlspuffin organisation](https://github.com/tlspuffin)
+* Reproducible for each LUT. We use sources from forks this are in the [tlspuffin organisation](https://github.com/tlspuffin)
 * 70% Test Coverage
 * Writtin in Rust!
 
@@ -115,7 +115,6 @@ Build the project:
 
 ```bash
 git clone https://github.com/tlspuffin/tlspuffin.git
-git submodule update --init --recursive
 cargo build
 ```
 
@@ -190,7 +189,7 @@ ASAN_OPTIONS=abort_on_error=1 \
     cargo run --bin tlspuffin --features asan -- --cores 0-3
 ```
 
-It is important to enable `abort_on_error`, 
+It is important to enable `abort_on_error`,
 else the fuzzer workers fail to restart on crashes.
 
 #### Compiling with ASAN using rustc
@@ -278,4 +277,3 @@ Note that tlspuffin also contains code/modification from external projects. See
 Unless you explicitly state otherwise, any contribution intentionally submitted
 for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
 dual licensed as above, without any additional terms or conditions.
-

crates/libressl-src/Cargo.toml

@@ -11,11 +11,13 @@ exclude = ['libressl/*']
 [features]
 default = [ ]
 sancov = []
-vendored-libressl333 = []
 asan = [] # TODO
 gcov_analysis = [] # TODO
 llvm_cov_analysis = [] # TODO
 
+libressl333 = []
+libresslmaster = []
+
 [dependencies]
-security-claims = "0.1.0"
+security-claims = { path = "../../tlspuffin-claims" }
 autotools = "0.2"

crates/libressl-src/src/lib.rs

@@ -8,10 +8,12 @@ use std::{
     process::Command,
 };
 
-const REF: &str = if cfg!(feature = "vendored-libressl333") {
+const REF: &str = if cfg!(feature = "libressl333") {
     "fuzz-v3.3.3"
-} else {
+} else if cfg!(feature = "libresslmaster") {
     "master"
+} else {
+    panic!("Unknown version of LibreSSL requested!")
 };
 
 fn clone(dest: &PathBuf) -> std::io::Result<()> {

crates/libssh-sys/Cargo.toml

@@ -5,8 +5,8 @@ edition = "2021"
 build = "build.rs"
 
 [features]
-
-vendored-libssh0104 = []
+libssh0104 = []
+libsshmaster = []
 
 [dependencies]
 

crates/libssh-sys/build.rs

@@ -15,10 +15,12 @@ impl bindgen::callbacks::ParseCallbacks for IgnoreMacros {
     }
 }
 
-const REF: &str = if cfg!(feature = "vendored-libssh0104") {
+const REF: &str = if cfg!(feature = "libssh0104") {
     "libssh-0.10.4"
-} else {
+} else if cfg!(feature = "libsshmaster") {
     "master"
+} else {
+    panic!("Unknown version of libssh requested!")
 };
 
 fn clone(dest: &str) -> std::io::Result<()> {

crates/openssl-src-111/Cargo.toml

@@ -48,24 +48,19 @@ asan = ["libressl-src?/asan"]
 # Export coverage during runtime
 gcov_analysis = ["libressl-src?/gcov_analysis"]
 llvm_cov_analysis = ["libressl-src?/llvm_cov_analysis"]
-# Use openssl101f submodule
+
 openssl101f = []
-# Use openssl102u submodule
 openssl102u = []
 openssl111k = []
 openssl111j = []
 openssl111u = []
 openssl312 = []
 
-libressl333 = ["libressl-src", "libressl", "libressl-src/vendored-libressl333"]
+libressl333 = ["libressl-src", "libressl", "libressl-src/libressl333"]
 libressl = []
 
-[workspace]
-members = ['testcrate']
-exclude = ['target']
-
 [dependencies]
 cc = "1.0"
 bindgen = "0.69.1"
-security-claims = "0.1.0"
-libressl-src = { version = "111.0.0", optional = true }
+security-claims = { path = "../../tlspuffin-claims" }
+libressl-src = { path = "../libressl-src", optional = true }

crates/openssl-src-111/src/combined.rs

@@ -1,3 +1,59 @@
+#[cfg(not(any(
+    feature = "libressl",
+    feature = "openssl101f",
+    feature = "openssl102u",
+    feature = "openssl111k",
+    feature = "openssl111j",
+    feature = "openssl111u",
+    feature = "openssl312"
+)))]
+compile_error!(concat!(
+    "You need to select one feature in [",
+    "'libressl', ",
+    "'openssl101f', ",
+    "'openssl102u', ",
+    "'openssl111k', ",
+    "'openssl111j', ",
+    "'openssl111u', ",
+    "'openssl312'",
+    "]"
+));
+
+#[cfg(any(
+    all(feature = "libressl", feature = "openssl101f"),
+    all(feature = "libressl", feature = "openssl102u"),
+    all(feature = "libressl", feature = "openssl111k"),
+    all(feature = "libressl", feature = "openssl111j"),
+    all(feature = "libressl", feature = "openssl111u"),
+    all(feature = "libressl", feature = "openssl312"),
+    all(feature = "openssl101f", feature = "openssl102u"),
+    all(feature = "openssl101f", feature = "openssl111k"),
+    all(feature = "openssl101f", feature = "openssl111j"),
+    all(feature = "openssl101f", feature = "openssl111u"),
+    all(feature = "openssl101f", feature = "openssl312"),
+    all(feature = "openssl102u", feature = "openssl111k"),
+    all(feature = "openssl102u", feature = "openssl111j"),
+    all(feature = "openssl102u", feature = "openssl111u"),
+    all(feature = "openssl102u", feature = "openssl312"),
+    all(feature = "openssl111k", feature = "openssl111j"),
+    all(feature = "openssl111k", feature = "openssl111u"),
+    all(feature = "openssl111k", feature = "openssl312"),
+    all(feature = "openssl111j", feature = "openssl111u"),
+    all(feature = "openssl111j", feature = "openssl312"),
+    all(feature = "openssl111u", feature = "openssl312"),
+))]
+compile_error!(concat!(
+    "Incompatible features requested. Only one of [",
+    "'libressl', ",
+    "'openssl101f', ",
+    "'openssl102u', ",
+    "'openssl111k', ",
+    "'openssl111j', ",
+    "'openssl111u', ",
+    "'openssl312'",
+    "] can be enabled at the same time."
+));
+
 #[cfg_attr(feature = "libressl", path = "libressl.rs")]
 mod openssl;
 

crates/openssl-src-111/src/openssl.rs

@@ -21,20 +21,12 @@ const REF: &str = if cfg!(feature = "openssl101f") {
     "fuzz-OpenSSL_1_1_1u"
 } else if cfg!(feature = "openssl312") {
     "fuzz-OpenSSL_3_1_2"
-} else {
+} else if cfg!(feature = "master") {
     "master"
+} else {
+    panic!("Unknown version of OpenSSL requested!")
 };
 
-#[cfg(not(any(
-    feature = "openssl101f",
-    feature = "openssl102u",
-    feature = "openssl111k",
-    feature = "openssl111j",
-    feature = "openssl111u",
-    feature = "openssl312"
-)))]
-compile_error!("You need to choose an OpenSSL version!");
-
 fn clone_repo(dest: &str) -> std::io::Result<()> {
     std::fs::remove_dir_all(dest)?;
     Command::new("git")

crates/wolfssl-src/src/lib.rs

@@ -58,7 +58,6 @@ fn patch_wolfssl<P: AsRef<Path>>(
 }
 
 fn clone_wolfssl<P: AsRef<Path>>(dest: &P, options: &WolfSSLOptions) -> std::io::Result<()> {
-    //return Ok(());
     std::fs::remove_dir_all(dest)?;
     let status = Command::new("git")
         .arg("clone")

crates/wolfssl-sys/Cargo.toml

@@ -6,7 +6,7 @@ authors = []
 links = "wolfssl"
 
 [build-dependencies]
-wolfssl-src = "0.1.0"
+wolfssl-src = { path = "../wolfssl-src" }
 
 [features]
 
@@ -16,12 +16,12 @@ fix-CVE-2022-39173 = []
 fix-CVE-2022-42905 = []
 wolfssl-disable-postauth = []
 
-vendored-wolfssl430 = []
-vendored-wolfssl510 = []
-vendored-wolfssl520 = []
-vendored-wolfssl530 = []
-vendored-wolfssl540 = []
-vendored-master = []
+wolfssl430 = []
+wolfssl510 = []
+wolfssl520 = []
+wolfssl530 = []
+wolfssl540 = []
+master = []
 
 sancov = []
 asan = []