Skip to content

Releases: AVSystem/avs_commons

avs_commons 5.8.1

Choose a tag to compare

@ferre111 ferre111 released this 03 Jul 00:39

Improvements

  • Fixed tests for OpenSSL 3.5.

avs_commons 5.8.0

Choose a tag to compare

@mzajac-avs mzajac-avs released this 26 May 10:59

BREAKING CHANGES

  • Remove support for TinyDTLS library.

avs_commons 5.7.0

Choose a tag to compare

@mzajac-avs mzajac-avs released this 30 Mar 17:44

Improvements

  • Added clearing of buffers that may hold sensitive data before freeing allocated
    memory.
  • Added validation of input data in various functions.

Features

  • Introduced new avs_error_t category - AVS_NET_SSL_LIB_ERROR_CATEGORY
  • MbedTLS integration changes:
    • Changed handshake errors return to AVS_NET_SSL_LIB_ERROR_CATEGORY
    • Added key/cert pair validation

avs_commons 5.6.0

Choose a tag to compare

@Kucmasz Kucmasz released this 02 Feb 11:23

Features

  • Added experimental traffic interceptor API.
  • Socket log feature API (AVS_COMMONS_NET_WITH_SOCKET_LOG) marked as deprecated.

avs_commons 5.5.0

Choose a tag to compare

@ferre111 ferre111 released this 26 Sep 12:27

BREAKING CHANGES

  • Stopped passing the Trust Store to the Mbed TLS backend for Certificate Usage
    2 (DANE-TA) and 3 (DANE-EE) during Server verification.

Features

  • Added support for generating (Pre-)Master-Secret logs for Mbed TLS backend.

Bugfixes

  • Fixed TLS 1.3 PSK-mode vulnerability in the Mbed TLS backend where a client
    configured for PSK could connect to a server that did not know the PSK, due to
    advertising non-PSK key exchange and skipping certificate verification.

    This vulnerability affects only Mbed TLS 3.6.1 and later.

    When acting as a TLS client configured for PSK, the library advertised non-PSK key
    exchange, allowing the server to select a certificate-based (EC)DHE handshake
    instead of PSK. As a result, the client could successfully establish a connection
    with a server that did not possess the PSK, because PSK authentication was not
    enforced for that handshake and certificate vertification was skipped.
    The client now restricts TLS 1.3 exchange modes to PSK and PSK-(EC)DHE when
    PSK is configured.

avs_commons 5.4.7

Choose a tag to compare

@Kucmasz Kucmasz released this 12 Nov 13:20

Improvements

  • Improved the coverage script and switched to lcov.

Bugfixes

  • Fixed command passed to popen() call in MbedTLS + TLS 1.3 tests to make it work on macOS

avs_commons 5.4.5

Choose a tag to compare

@Kucmasz Kucmasz released this 28 May 09:36

Improvements

  • Added support for Mbed TLS 3.6

avs_commons 5.4.4

Choose a tag to compare

@JZimnol JZimnol released this 12 Apr 09:14

Features

  • Added custom base64 encoding without null terminating
  • Added API to modify extended attributes in Certificate Signing Request

avs_commons 5.4.3

Choose a tag to compare

@JZimnol JZimnol released this 16 Feb 10:28

Improvements

  • Optimized "Out of memory" logs in favor of a smaller flash memory footprint

Bugfixes

  • Fixed "unused assignment" warning generated by static analyzers when compiling
    against Mbed TLS 3.x

avs_commons 5.4.2

Choose a tag to compare

@Kucmasz Kucmasz released this 21 Nov 16:34

Features

  • Refactored the PRNG integration in the Mbed TLS backend so that the PSA RNG
    API can be used if CTR-DRBG and/or entropy APIs are disabled

Bugfixes

  • Additional validation in avs_persistence_string() to avoid restoring a
    string with superfluous data after the nullbyte