Skip to content

PKCS#11 Fuzzer Changelog

This is the list of version numbers of the PKCS#11 Fuzzer. Each version number is shown with a list of changes brought by that version.

2.9.7 - 2021-10-12

Fixed

  • Fix building of artifacts in CI.

2.9.6 - 2021-03-18

Changed

  • Change object handle template to attributes in calls view to avoid confusion between calls with template argument and attributes that we query by calling C_GetAttributeValue on an object handle. This requires a new version of the Analyzer.

2.9.5 - 2020-06-26

Fixed

  • Fix unwanted dependency on libpq.so.5 and other unused DLLs.
  • Show error message when trace cannot be written to instead of a stack trace.
  • Fix .cst.gz extension depending on the name provided by the user.

2.9.4 - 2020-04-30

Fixed

  • Fix version in PDF manual.

2.9.3 - 2020-01-17

Fixed

  • Fix GZIP compression flushing issue

2.9.2 - 2019-08-20

Fixed

  • Maintain JSON compatibility with old traces

2.9.1 - 2019-08-06

Fixed

  • Build infrastructure improvements

2.9.0 - 2019-08-02

Added

  • Add GZIP compression by default
  • Add --uncompressed flag to deactivate trace compression
  • Add --unsafe flag to deactivate protection from crashes in the DLL

Changed

  • Safe mode is now enabled by default, which protects the fuzzer from crashes in the DLL

Removed

  • Remove the --safe flag as it is now the default behavior

2.8.0 - 2019-02-27

Added

  • Add a cli flag to stop on failed key regeneration --stop-on-key-regeneration-failures
  • Add a setup_call boolean field to key regeneration calls in the CSTs

Changed

  • Move key regeneration error messages from debug to error so that they are visible to the user when fuzzing with the default verbosity level

2.7.1 - 2019-01-22

Fixes

  • remove bisect_ppx unexpected instrumentation from binaries

2.7.0 - 2018-10-25

Added

  • Add internal key manager call recording, enabled by setting STITCH_OCAML_RECORDING_DIR
  • Add a command-line duration parameter, specifying the maximum number of seconds to fuzz for

Changed

  • Increase progress during key manager requests, preventing UI from hanging during long lasting requests

2.6.1 - 2018-08-22

  • No external change.

2.6.0 - 2018-06-15

  • Remove --indirect mode.
  • Encode CKA_ID as binary data.

2.5.6 - 2018-03-23

  • Add --expanded option to display how many calls succeeded.
  • Add --filter-config option to only test mechanisms supported by the token.
  • Fix a bug which would cause keys to be destroyed too early. This could cause false positives, in particular in the case of WrapKey.
  • Fix a bug where trace header would be written at the end of the trace with --safe.

2.5.5 - 2018-03-06

  • Add CKM_ECDH1_DERIVE.
  • Add CKM_AES_KEY_WRAP.
  • Add --resume-from to reuse data from a previous trace instead of fuzzing generation commands. Making this work requires passing --only-commands C_Digest to the first run.
  • Add --safe flag to protect from DLL crashes.

2.5.4 - 2017-01-17

  • Fix a stack overflow in p11_test.ml reported by a client.
  • Add ECDSA+SHA2 mechanisms:
    • CKM_ECDSA_SHA224
    • CKM_ECDSA_SHA256
    • CKM_ECDSA_SHA384
    • CKM_ECDSA_SHA512
  • Add RSA+SHA2 signature mechanisms:
    • CKM_SHA224_RSA_PKCS
    • CKM_SHA384_RSA_PKCS
    • CKM_SHA512_RSA_PKCS
    • CKM_SHA224_RSA_PKCS_PSS
    • CKM_SHA384_RSA_PKCS_PSS
    • CKM_SHA512_RSA_PKCS_PSS
  • Change the behaviour of --only-commands so that it does not affect GenerateKey, GenerateKeyPair, and CreateObject. This is to prevent configurations where no keys can be created. The set of generation commands can be customized with --only-generation-commands.
  • Add Digest fuzzing.

2.5.3 - 2017-01-16

  • Fix a bug in the error backtrace logging in p11_test.ml introduced in previous version

2.5.2 - 2017-01-15

  • Log the name and backtrace of unhandled errors in p11_test/ml instead of just logging their name