Skip to content

Tags: AVSystem/avs_commons

Tags

5.6.0

Toggle 5.6.0's commit message 
avs_commons 5.6.0

5.5.0

Toggle 5.5.0's commit message 
avs_commons 5.5.0

BREAKING CHANGES

- Stopped passing the Trust Store to the Mbed TLS backend for Certificate Usage
  2 (DANE-TA) and 3 (DANE-EE) during Server verification.

Features

- Added support for generating (Pre-)Master-Secret logs for Mbed TLS backend.

Bugfixes

- Fixed TLS 1.3 PSK-mode vulnerability in the Mbed TLS backend where a client
  configured for PSK could connect to a server that did not know the PSK, due to
  advertising non-PSK key exchange and skipping certificate verification.

  This vulnerability affects only Mbed TLS 3.6.1 and later.

  When acting as a TLS client configured for PSK, the library advertised non-PSK key
  exchange, allowing the server to select a certificate-based (EC)DHE handshake
  instead of PSK. As a result, the client could successfully establish a connection
  with a server that did not possess the PSK, because PSK authentication was not
  enforced for that handshake and certificate vertification was skipped.
  The client now restricts TLS 1.3 exchange modes to PSK and PSK-(EC)DHE when
  PSK is configured.

5.4.8

Toggle 5.4.8's commit message 
avs_commons 5.4.8

Bugfixes:
- Fixed hash parsing before RSA signing in pkcs11 engine

5.4.7

Toggle 5.4.7's commit message 
avs_commons 5.4.7

Improvements
- Improved the coverage script and switched to lcov.

Bugfixes
- Fixed command passed to `popen()` call in MbedTLS + TLS 1.3 tests to make it work on macOS

5.4.6

Toggle 5.4.6's commit message 
avs_commons 5.4.6

Improvements

* devconfig script now additionally sets `-Werror=implicit-function-declaration`
  flag to ensure that missing function declarations are treated as error

Bugfixes

* Fixed default implementation of avs_condvar_create for pthreads
  in case pthread_condattr APIs are not available
* Fixed compilation warnings when building against Mbed TLS 3.6
* Added missing call to `psa_crypto_init()` if `MBEDTLS_USE_PSA_CRYPTO` is not
  defined, but `MBEDTLS_PSA_CRYPTO_C` is.
* Fixed DANE implementation to be compatible with TLS 1.3 implementation in Mbed
  TLS which ignores the authmode setting.
* Added a workaround to mimic `MBEDTLS_SSL_VERIFY_NONE` authmode when using
  TLS 1.3.
* Fixed a corner case with uninitialized variable in mbedtls_socket layer.

5.4.5

Toggle 5.4.5's commit message 
avs_commons 5.4.5

Improvements:
- Added support for Mbed TLS 3.6

5.4.4

Toggle 5.4.4's commit message 
avs_commons 5.4.4

Features
- Added custom base64 encoding without null terminating
- Added API to modify extended attributes in Certificate Signing Request

5.4.3

Toggle 5.4.3's commit message 
avs_commons 5.4.3

Improvements
- Optimized "Out of memory" logs in favor of a smaller flash memory footprint

Bugfixes
- Fixed "unused assignment" warning generated by static analyzers when compiling
  against Mbed TLS 3.x

5.4.2

Toggle 5.4.2's commit message 
avs_commons 5.4.2

Features:
- Refactored the PRNG integration in the Mbed TLS backend so that the PSA RNG
  API can be used if CTR-DRBG and/or entropy APIs are disabled

Bugfixes:
- Additional validation in ``avs_persistence_string()`` to avoid restoring a
  string with superfluous data after the nullbyte

5.4.1

Toggle 5.4.1's commit message 
avs_commons 5.4.1