avs_commons 5.8.0

BREAKING CHANGES

• Remove support for TinyDTLS library.

avs_commons 5.7.0

Improvements

• Added clearing of buffers that may hold sensitive data before freeing allocated
  memory.
• Added validation of input data in various functions.

Features

• Introduced new avs_error_t category - AVS_NET_SSL_LIB_ERROR_CATEGORY
• MbedTLS integration changes:
  • Changed handshake errors return to AVS_NET_SSL_LIB_ERROR_CATEGORY
  • Added key/cert pair validation

avs_commons 5.6.0

Features

• Added experimental traffic interceptor API.
• Socket log feature API (AVS_COMMONS_NET_WITH_SOCKET_LOG) marked as deprecated.

avs_commons 5.5.0

BREAKING CHANGES

• Stopped passing the Trust Store to the Mbed TLS backend for Certificate Usage
  2 (DANE-TA) and 3 (DANE-EE) during Server verification.

Features

• Added support for generating (Pre-)Master-Secret logs for Mbed TLS backend.

Bugfixes

• Fixed TLS 1.3 PSK-mode vulnerability in the Mbed TLS backend where a client
  configured for PSK could connect to a server that did not know the PSK, due to
  advertising non-PSK key exchange and skipping certificate verification.

  This vulnerability affects only Mbed TLS 3.6.1 and later.

  When acting as a TLS client configured for PSK, the library advertised non-PSK key
  exchange, allowing the server to select a certificate-based (EC)DHE handshake
  instead of PSK. As a result, the client could successfully establish a connection
  with a server that did not possess the PSK, because PSK authentication was not
  enforced for that handshake and certificate vertification was skipped.
  The client now restricts TLS 1.3 exchange modes to PSK and PSK-(EC)DHE when
  PSK is configured.

avs_commons 5.4.7

Improvements

• Improved the coverage script and switched to lcov.

Bugfixes

• Fixed command passed to popen() call in MbedTLS + TLS 1.3 tests to make it work on macOS

avs_commons 5.4.5

Improvements

• Added support for Mbed TLS 3.6

avs_commons 5.4.4

Features

• Added custom base64 encoding without null terminating
• Added API to modify extended attributes in Certificate Signing Request

avs_commons 5.4.3

Improvements

• Optimized "Out of memory" logs in favor of a smaller flash memory footprint

Bugfixes

• Fixed "unused assignment" warning generated by static analyzers when compiling
  against Mbed TLS 3.x

avs_commons 5.4.2

Features

• Refactored the PRNG integration in the Mbed TLS backend so that the PSA RNG
  API can be used if CTR-DRBG and/or entropy APIs are disabled

Bugfixes

• Additional validation in avs_persistence_string() to avoid restoring a
  string with superfluous data after the nullbyte

avs_commons 5.4.1

Bugfixes

• Fixes in CMake scripts when searching for mbed TLS in the case when MBEDTLS_ROOT_DIR, CMAKE_FIND_ROOT_PATH and CMAKE_FIND_ROOT_PATH_MODE_* are all specified explicitly
• Fixes in some #ifdef directives that caused compilation failures when AVS_COMMONS_WITH_AVS_CRYPTO_PSK was disabled