History: ip_tls


This page describes all changes made to the ip_tls package, TLS and DTLS, since its release.

Version

4.9 (2020-06-17, 10:05):

  • Corrected TLS task to prevent infinite loop when DTLS retransmit event occurs.
  • tls_hdlr_alert() now returns an error code TLS_PEER_FATAL_ERR, with Fatal error. This fixes a problem that tls_server/client_handshake_socket() did not return an error when peer sent a FATAL error.
  • Removed return value from tls_conn_timeout_hdlr() as it always returned the same value.

4.8 (2020-06-15, 11:05):

  • Corrected Server ciphersuite select that allowed to select a ciphersuite even if there was no matching device certificate

4.7 (2020-06-12, 08:45):

  • Added missing tls_crl_init() to tls_init().
  • Removed 'extern' on CA certificates definition, which caused compilation warnings on some compilers.

4.6 (2020-06-10, 13:05):

  • Fixed tls_select_socket() deadlock problem (function does not use TLS main resource mutex anymore).
  • Corrected search for certificate by signature index (wrong conversion was used to convert signature index to signature algorithm type).

4.5 (2020-06-03, 10:25):

  • Added support for CRL files to add revocation list based on issuer and certificate serial number.
    • CRL is checked for correct signature (can be disabled by using TLS_CRL_FLAGS_DO_NOT_VERIFY flag).
    • Only new entries are added.
    • Support for DELTA CRLs.

4.4 (2020-05-25, 11:45):

  • Added context for Certificates that allows use of different certificates for different connections.
  • Corrected search of connection to prevent blocking on another connection mutex.

4.3 (2020-03-19, 12:00):

  • Added function for dynamic enable/disable certificate checks.
  • Added certificates are now checked if they did not expire.

4.2 (2019-11-12, 12:00):

  • Modified server key exchange mechanism to support mixed modes ECDHE_RSA, DHE_RSA.

4.1 (2019-10-30, 9:00):

  • Modified DTLS to work with stacks other than HCC.
  • Fixed sending of TLS PDU which to use memmove when moving encrypted data.
  • Fixed dtls_server_handshake_socket that could reference a NULL pointer.
  • DTLS client does not reset the sequence number when sending client hello without cookie.

3.52r4 (2020-03-13, 15:48):

  • Added certificate management document.

3.52 (2019-10-15, 15:51):

  • During TLS handshake the timer could be held up for several seconds, impacting timeout handling of other modules using the mutil_timer package. (tls_rf_timer() could wait for a mutex locked for several seconds during the handshake process).

3.51 (2019-10-11, 15:00):

  • Added clearing of tlsc_hs_buf_used at initialization.
  • Cipher suites without certificate are now not selected by server.
  • Corrected handling of hello extension supported signatures.
  • Updated Geotrust Global CA as previous one expired.

3.50 (2019-10-09, 12:18):

  • Added checking of local CA certificate in the middle of the certificates chain received. This change was triggered by an issue in the sequence of the CA cert sent from the Amazon server. Usually the server sends the CA cert at the end of the chain,but Amazon sent it in the middle of the chain.

3.49 (2019-09-26, 13:00):

  • Added Server Name Indication (SNI) extension for client.

3.48 (2019-04-09, 12:00):

  • Corrected extraction of Public key from Client certificate ( messages handled in server handshake handler are now parsed from Handshake buffer which is consistent during whole handshake process).

3.47 (2019-01-24, 09:15):

  • Added missing return of TLS_OK to the function tls_set_host_ca_chain().

3.46 (2019-01-18, 09:30):

  • Corrected includes and calls for psp_alloc.h.

3.45 (2018-09-27, 14:30):

  • Fixed compiler warnings.
  • Code aligned with company's coding convention.

3.44 (2018-09-17, 08:00):

  • Added new interfaces to limit the simultaneous connections of a DTLS server.
  • Added new interfaces to query IP and port information related to DTLS connections.
  • Fix for DTLS server handling colliding client connections.

3.43r2 (2018-08-29, 18:21):

  • Document HTML link added to the documentation folder.
  • History and document files renamed to the package name.

3.43 (2018-8-08, 14:00):

  • Fix for DTLS server handshake (client could not connect to it).
  • Removed EPA leftovers.

3.42 (2018-7-05, 13:00):

  • Fix for DTLS client handshake.

3.41 (2018-4-30, 13:00):

  • Added multiple connection handling for DTLS sockets.
  • Added dtls_get_srv_conn_socket() to get new connections that were received during other connection execution.
  • dtls_server_handshake_socket() returns TLS_DTLS_NEW_CONN when a new connection is detected but does not change the handle.
  • dtls_receive_socket() returns TLS_DTLS_NEW_CONN when a new connection is detected.

3.40 (2018-3-26, 12:45):

  • Added checking of subject's alternative name when common name in certificate does not match.

3.39 (2018-01-26 15:00):

  • Added renegotiation mechanism to the TLS.

Added config macros:

  •     TLS_RENEGOTIATION_ENABLE (1) - enables code responsible for renegotiation.
  •     TLS_REN_UNSEC_ENABLE (0) enables insecure renegotiation.
  •     TLS_REN_CLIENT_DETECT_ENABLE (1) - enables detecting if client supports renegotiation.

Added configuration flags to control the renegotiation mechanism:

  •     TLS_TCP_CONN_INF_FLAG_DIS_REN - disables renegotiation for given connection.
  •     TLS_TCP_CONN_INF_FLAG_REN_FATAL - If this flag is set, renegotiation failure (peer sends ALERT_NO_RENEGOTIATION) will lead to a connection FATAL error (closing of connection). In other cases such an error will stop renegotiation without an error.
  • added API functions:

      - tls_renegotiate_tcp() - tries to start renegotiation on an open connection (native interface).

      - t_tls_ret tls_renegotiate_socket() - tries to start renegotiation on an open connection (socket interface).

      - tls_server_handshake_socket_ext() - executes server handshake for socket connection with extension to pass renegotiation flags.

      - tls_client_handshake_socket_ext() - executes client handshake for socket connection with extension to pass renegotiation flags.

  • Session keys are now calculated when changing cipher suite for read and write (key calculation is made twice, this needed by renegotiation mechanism to prevent overwriting already existing keys).
  • Renegotiation for DTLS is not working so disabled it for such connections.
  • Corrected TLS_AEAD_ENABLE code inclusion.

3.38 (2018-01-22 13:05)r2:

  • Corrected function description of tls_get_randoms_raw().

3.38 (2018-01-19 10:00):

  • Separated EAP-TLS from main TLS module.
  • Added RAW interface that is used by EAP-TLS module to communicate with EAP-TLS stack.

3.37 (2018-01-16 16:00):

  • Added handling of certificates without the subject field. They are accepted when TLS_TRUST_NO_SUBJECT_CERT is set to 1 and the peer name during connection is configured to be empty.
  • Added handling of extended time in certificate validation time field.

3.36 (2017-11-14 12:00):

  • Added missing mutex release in tls_eap_hdl_msg_cb().

3.35 (2017-11-09 09:00):

  • Added enable macros for MD5, SHA1, SHA256, AES, and TDES.
  • MD5 can be disabled when using only TLS1.2 and with no DSA certificate used.
  • SHA1 can be disabled if only TLS1.2 is enabled.
  • SHA256 can be disabled if TLS1.2 is used with a cipher suite that uses SHA384/SHA512 for its pseudorandom function.
  • Added const attribute to EDH parameters and hash configuration.

3.34 (2017-11-08 09:00):

  • Added EAP-TLS functionality
  •  tls_send_rem_msg() now returns TLS_WAIT in case connection type is not TCP or Socket. TLS_WAIT must be returned in case of EAP connections.
  • Added CRESUME flag to indicate a client connection that has a valid resume session.
  • Corrected session reference count when obtaining new session (previous session reference count is now decremented).
  • Added interface for external certificate store and validation.
  • tls_create_conn() takes a void parameter as connection handler (previously there were two parameters for socket and TCP handle).
  • Corrected Heartbeat behavior (for send/receive Heartbeat timeout should be set only if peer allows it to send Heartbeat).

3.33 (2017-10-20 12:00):

  • Last certificate is now checked if it was signed with CA certificate (in the case where CA certificate is not sent by peer).
  • Corrected handling of Hello extension: allowed signing/hash pairs.

3.32 (2017-10-12 10:20):

  • Corrected config_tls.c to use correct CA certificate with given cipher suite.
  • DTLS UDP server: corrected dtls_udp_srv_receive() overflow table. dtls_srv_udp_tab size is DTLS_UDP_MAX_PORT_SRV_CNT (not TLS_MAX_CONN_SIZE).

3.31 (2017-10-10, 12:42):

  • UDP version check was fixed.

3.30 (2017-10-05, 08:10):

  • udp_open() call was changed according to new API.

3.29 (2017-09-14, 08:00):

  • Server certificate organization name comparison now recognizes wildcard '*'. (Will recognize server names like "*.example.com" and "something*.example.com".)
  • Added checking of peer_name length in tls_tcp_connect().
  • Corrected infinite loop in the tls_handshake in case of preemptive OS and receiving TLS alert.
  • Corrected use of PSP_RTC in certificate expiration check. Minimal value of year date is PSP_RTC_YEAR_MIN (not 0).

3.28r3 (2017-06-08, 9:30):

  • Updated incorrect config_tls.h file.

3.28r2 (2017-06-08, 9:00):

  • Updated history file with release date.

3.28 (2017-06-07, 14:00):

  • Added AEAD support.
  • Added signature_algorithm extension to Hello message.
  • Added support for HASH384 in cipher suites.
  • Added suport AES_GCM cipher suites.
  • Added example of configuration for TLS 1.2 suite B (hcc\src\config_template\config_suite_b).
  • Corrected function comments in api_tls.h.

3.27:

  • Connection mutexes are now created in tls_init, not during connection create.
  • Corrected use of connection mutex (connection search functions take connection mutex if they succeed).
  • Client verify mechanism corrected (open issue: Client verify does not work for SSL3.0 connection with DSA signature).
  • TLS reacts on IP_NTF_CONN_CLOSE/IP_NTF_CONN_ABORT/IP_NTF_DCONN_WAIT.
  • TLS now forwards IP_NTF_* to the user application if more than one notify is set.
  • Corrected use of PSP_RTC related to change of API to 2.1.
  • Use of malloc is now configurable (TLS_CONN_BUF_DYNALLOC).

3.26:

  • Version check of RTC was fixed.

3.25:

  • Corrected compilation warnings.

3.24:

  • Replaced HCC sockets calls with psp_sockets wrapper.
  • Corrected mutex protection for connection data.

3.23 r2:

  • Added missing macro in configuration file.

3.23:

  • Added functions tls_select_socket(), tls_poll_socket(), tls_rx_ready_tcp().
  • tls_receive_socket() can read data for any given block length.
  • Corrected receiving of TLS data PDUs.
  • Corrected checking of DSS signed certificates.
  • Corrected behavior when there are no available buffers.
  • Added macros for enabling supported TLS protocols.
  • Added support for cipher suites ECDHE_RSA/DHE_RSA in client mode.
  • Corrected certificate time expiration check (month value read from RTC is in range 0-11, not 1-12).
  • Added PSP version checks.

3.22:

  • Correct config file to use new RSA module.
  • Corrected signature check of DSA signed certificate.

3.21:

  • Corrected compilation warnings.
  • Get random bytes uses now RTc for generating seed value, not the psp_tick.

3.20:

  • Corrected tls_delete() (previously it always returned error code).
  • Corrected setting of FIONBIO option in case of socket interface.
  • Added checking of invalid connection handler in functions tls_search_conn_tcp() and tls_search_conn_socket().

3.19:

  • Added support for Elliptic Curve Cryptography.
  • Corrected EDH key exchange mechanism and added DSA certificate check.
  • Corrected situation in which TLS timeout and data was received simultaneously (this was causing an infinite loop in TLS task).

3.18:

  • Updated code to use standardized PSP RTC functions.

3.17:

  • Added support to use TLS with LwIP stack.
  • Corrected issues related with enabling interfaces with different configuration.
  • Added second certificate that uses RSA_WITH_AES_128_CBC_SHA. First certificate uses RSA_WITH_AES_128_CBC_SHA256, that is not always supported by peers.

3.16:

  • Added example TLS configuration with a demo CA certificate and device certificate (peer name 'HCC demo'). Added certificates have expiration date written in comment to regenerate them when they expire.

3.15:

  • Updated to work with IP protocol version 6.
  • Removed restriction no to use Cipher-suite RSA_AESCBC_SHA256.
  • Added fix not to run out of IP buffers in case of DTLS native connection.
  • Corrected resetting of retransmision timeout in case of last DTLS flight.
  • In case of sending DLT client helo message (that contains a cookie) random number is not regenerated.

3.14:

  • Updated TLS to work with new IPStack version 6.02.

3.13:

  • Updated TLS to work with new IPStack.

3.12:

  • Added support for multiple handshake messages in RecordLayer.
  • Fixed handling of multiple RecordLayer blocks in a single PDU.
  • Cleaned up configuration template by setting values to default.
  • Added authorization certificates:

      - Geotrust Global CA (expire date: 2018-08-21 04:00:00 (UTC))

      - GlobalSign Organization Validation CA - G2 (expire date: 2022-04-13 10:00:00 (UTC))

      - VeriSign Class 3 Public Primary Certification (expire date: 2021-11-07 23:59:59 (UTC))

 Known issues:

  •   TLS uses psp_mallock() which violates MISRA rules.
  •   If TLS fails to get IP buffer connection to peer is closed (applies only to platforms without operating system).
  •   Client verify mechanism is not working.
  •   Cipher-suite that are based on DSA are not working.
  •   Cipher-suite RSA_AESCBC_SHA256 is not working as decryption algorithm (this cipher suite is optional).
  •   DTLS: If TLS:finished message is lost, connection is not established. Specification says that server finished message should not be repeated by retransmit mechanism.
  •   DTLS: Retransmit mechanism sends whole flight (example 3 messages). It is possible that not all messages will be send during retransmit, if we won't have enough free IP buffers (applies only to platforms without operating system)
  •   Receive packet function for TLS/DTSL socket interface is non blocking.

3.11:

  • Added DTLS1.0 and DTLS 1.2 support.
  • Found Bug: Client certificate Verification does not work.

3.10:

 - Corrected mutex use.

 - Corrected TCP interface to work under RTOS.

3.9:

 - Added version rollback detection.

 - Added detection of RSA512 keys (they are rejected).

 - Added tls_start_tcp to enable starting handshake in any time, not only on connection establishment (needed by SMTP STARTTTLS).

 - encapsulated connection parameters into a structure to reduce function parameters.

3.8:

 - Corrected function declaration.

 - Change tls_tcp_get_buf() to always allocate a buffer it is available and return allocated buffer size.

 - TCP interface generates IP_NTF_TX_RDY notifications. Previously these notifications were not passed to the user.

3.7:

 - Compression method is now checked

 - Corrected message size checking in client/server hello message handler

 - Corrected handling of fragmented PDUs in application data mode

3.6:

 - Corrected error handling for socket_recv(), socket_send().

 - Corrected TCP notify callback to handle cases when multiple flags are set.

 - Corrected incorrect comments.

 - Corrected Releasing of IP buffers.

 - Corrected obtaining session in resume mechanism.

3.5:

 - Updated to be compatible with IP stack 4.11.

 - Corrected TCP notify callback to handle cases when multiple flags are set.

3.4:

 - Added client resume mechanism.

 - Added heartbeat extension.

 - TCP/socket interface can be used simultaneously.

 - TCP interface for TLS is non blocking.

 - Added Timeout mechanism for TLS TCP connection (there is generated notification to the user).

 - Added interface to the encryption module (encryption algorithms are now not part of TLS).

3.3:

 - Release from 03 July 2012.