Multithread Support in wolfMQTT

The most requested feature for the wolfMQTT client library is now available! Multithreading support allows an application to create multiple threads that use the wolfMQTT client library. There is a new example that demonstrates this functionality, located in `examples/multithread/`. This example creates a thread that subscribes to a topic and then waits for incoming messages; it also creates many threads that publish a unique message to the topic. 

As a side note, wolfMQTT uses the wolfSSL embedded SSL/TLS library for SSL/TLS support.  Since wolfSSL supports TLS 1.3, your wolfMQTT-based projects can now use MQTT with TLS 1.3 on supported broker!

You can download the latest release from our website or clone on GitHub. For more information please email us at facts@wolfssl.com.

wolfSSL and the Zombie POODLE and GOLDENDOODLE Attacks

The wolfSSL library is NOT vulnerable to these attacks, thanks to previous fixes we’ve made and our extensive testing. 

Ongoing research regarding CBC padding oracle attacks against TLS will be presented in August 2019 at USENIX Security. These attacks were originally presented by Craig Young at BlackHat Asia in March 2019 (slides). 

Both attacks target the MAC and Padding used for TLS v1.2 with AES CBC cipher suites. TLS padding occurs when a record is not 16-byte aligned and is padded with the length value. The MAC uses HMAC with SHA/SHA256 to calculate an authentication code. For TLS the order of operation is MAC -> PAD -> ENCRYPT.

The attack requires a man-in-the-middle (MITM) position to employ the attack. It takes valid records and alters either MAC or Padding or cause TLS errors. If the TLS server responds differently to each of these errors then it can leak information about the plain text message.

The author Craig Young wrote a “padcheck” tool, which tests the following error cases:

  1. Invalid MAC with Valid Padding (0-length pad)
  2. Missing MAC with Incomplete/Invalid Padding (255-length pad)
  3. Typical POODLE condition (incorrect bytes followed by correct length)
  4. All padding bytes set to 0x80 (integer overflow attempt)
  5. Valid padding with an invalid MAC and a 0-length record

For wolfSSL, we respond consistently with the same alert and close the socket for each of these conditions.

The recommendation from the author is to stop using AES CBC cipher suites and start using TLS v1.3, which is supported by wolfSSL. More information about wolfSSL and TLS 1.3 can be found here: https://www.wolfssl.com/docs/tls13/

For more information about wolfSSL, please contact facts@wolfssl.com.