PKCS#11 Fuzzer Changelog↑
This is the list of version numbers of the PKCS#11 Fuzzer. Each version number is shown with a list of changes brought by that version.
2.9.7 - 2021-10-12↑
Fixed↑
- Fix building of artifacts in CI.
2.9.6 - 2021-03-18↑
Changed↑
- Change object handle
template
toattributes
in calls view to avoid confusion between calls withtemplate
argument and attributes that we query by callingC_GetAttributeValue
on an object handle. This requires a new version of the Analyzer.
2.9.5 - 2020-06-26↑
Fixed↑
- Fix unwanted dependency on
libpq.so.5
and other unused DLLs. - Show error message when trace cannot be written to instead of a stack trace.
- Fix
.cst.gz
extension depending on the name provided by the user.
2.9.4 - 2020-04-30↑
Fixed↑
- Fix version in PDF manual.
2.9.3 - 2020-01-17↑
Fixed↑
- Fix GZIP compression flushing issue
2.9.2 - 2019-08-20↑
Fixed↑
- Maintain JSON compatibility with old traces
2.9.1 - 2019-08-06↑
Fixed↑
- Build infrastructure improvements
2.9.0 - 2019-08-02↑
Added↑
- Add GZIP compression by default
- Add
--uncompressed
flag to deactivate trace compression - Add
--unsafe
flag to deactivate protection from crashes in the DLL
Changed↑
- Safe mode is now enabled by default, which protects the fuzzer from crashes in the DLL
Removed↑
- Remove the
--safe
flag as it is now the default behavior
2.8.0 - 2019-02-27↑
Added↑
- Add a cli flag to stop on failed key regeneration
--stop-on-key-regeneration-failures
- Add a
setup_call
boolean field to key regeneration calls in the CSTs
Changed↑
- Move key regeneration error messages from debug to error so that they are visible to the user when fuzzing with the default verbosity level
2.7.1 - 2019-01-22↑
Fixes↑
- remove
bisect_ppx
unexpected instrumentation from binaries
2.7.0 - 2018-10-25↑
Added↑
- Add internal key manager call recording, enabled by setting
STITCH_OCAML_RECORDING_DIR
- Add a command-line
duration
parameter, specifying the maximum number of seconds to fuzz for
Changed↑
- Increase progress during key manager requests, preventing UI from hanging during long lasting requests
2.6.1 - 2018-08-22↑
- No external change.
2.6.0 - 2018-06-15↑
- Remove
--indirect
mode. - Encode
CKA_ID
as binary data.
2.5.6 - 2018-03-23↑
- Add
--expanded
option to display how many calls succeeded. - Add
--filter-config
option to only test mechanisms supported by the token. - Fix a bug which would cause keys to be destroyed too early. This could cause false
positives, in particular in the case of
WrapKey
. - Fix a bug where trace header would be written at the end of the trace with
--safe
.
2.5.5 - 2018-03-06↑
- Add
CKM_ECDH1_DERIVE
. - Add
CKM_AES_KEY_WRAP
. - Add
--resume-from
to reuse data from a previous trace instead of fuzzing generation commands. Making this work requires passing--only-commands C_Digest
to the first run. - Add
--safe
flag to protect from DLL crashes.
2.5.4 - 2017-01-17↑
- Fix a stack overflow in
p11_test.ml
reported by a client. - Add ECDSA+SHA2 mechanisms:
CKM_ECDSA_SHA224
CKM_ECDSA_SHA256
CKM_ECDSA_SHA384
CKM_ECDSA_SHA512
- Add RSA+SHA2 signature mechanisms:
CKM_SHA224_RSA_PKCS
CKM_SHA384_RSA_PKCS
CKM_SHA512_RSA_PKCS
CKM_SHA224_RSA_PKCS_PSS
CKM_SHA384_RSA_PKCS_PSS
CKM_SHA512_RSA_PKCS_PSS
- Change the behaviour of
--only-commands
so that it does not affectGenerateKey
,GenerateKeyPair
, andCreateObject
. This is to prevent configurations where no keys can be created. The set of generation commands can be customized with--only-generation-commands
. - Add Digest fuzzing.
2.5.3 - 2017-01-16↑
- Fix a bug in the error backtrace logging in
p11_test.ml
introduced in previous version
2.5.2 - 2017-01-15↑
- Log the name and backtrace of unhandled errors in
p11_test/ml
instead of just logging their name