avs_commons 5.3.0

Features
* Added the ``AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT``
  configuration option that improves dual-stack IPv4+IPv6 connectivity on
  platforms that do not support IPv4-mapped IPv6 addresses (``::ffff:0:0/96``)

Improvements
* Trivial fixes to silence warnings on certain commercial compilers
  (contributed by Flonidan A/S)
* Removed usages of most deprecated Mbed TLS and OpenSSL APIs

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Changelog
 
-## avs_commons 5.2.0 (February 21st, 2023)
+## avs_commons 5.3.0 (March 10th, 2023)
+
+### Features
+
+* Added the ``AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT``
+  configuration option that improves dual-stack IPv4+IPv6 connectivity on
+  platforms that do not support IPv4-mapped IPv6 addresses (``::ffff:0:0/96``)
+
+### Improvements
+
+* Trivial fixes to silence warnings on certain commercial compilers
+  (contributed by Flonidan A/S)
+* Removed usages of most deprecated Mbed TLS and OpenSSL APIs
+
+## avs_commons 5.2.0 (February 20th, 2023)
 
 ### BREAKING CHANGES
 
@@ -10,10 +24,10 @@
 
 * Added persistence of DTLS context state related to the Connection ID extension
   and the related ``AVS_NET_SOCKET_OPT_CONNECTION_ID_RESUMED`` option
-* Added option to set avs_log logging level in compile time. If 
-  `AVS_COMMONS_WITH_EXTERNAL_LOG_LEVELS_HEADER` is specified, inactive logs will 
+* Added option to set avs_log logging level in compile time. If
+  `AVS_COMMONS_WITH_EXTERNAL_LOG_LEVELS_HEADER` is specified, inactive logs will
   be removed during compile time
-* Added option to disable log level check in runtime, if active the macros 
+* Added option to disable log level check in runtime, if active the macros
   `avs_log_set_level` and `avs_log_set_default_level` are not available
 
 ### Improvements

CMakeLists.txt

@@ -17,7 +17,7 @@
 cmake_minimum_required(VERSION 3.6.0)
 project(avs_commons C)
 
-set(AVS_COMMONS_VERSION "5.2.0")
+set(AVS_COMMONS_VERSION "5.3.0")
 
 ################# DISTRIBUTION #################################################
 
@@ -622,6 +622,7 @@ set(AVS_COMMONS_NET_WITH_IPV4 "${WITH_IPV4}")
 set(AVS_COMMONS_NET_WITH_IPV6 "${WITH_IPV6}")
 set(AVS_COMMONS_NET_WITH_DTLS "${WITH_DTLS}")
 set(AVS_COMMONS_NET_WITH_POSIX_AVS_SOCKET "${WITH_POSIX_AVS_SOCKET}")
+set(AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT "${WITHOUT_IN6_V4MAPPED_SUPPORT}")
 set(AVS_COMMONS_NET_WITH_TLS_SESSION_PERSISTENCE "${WITH_TLS_SESSION_PERSISTENCE}")
 set(AVS_COMMONS_SCHED_THREAD_SAFE "${WITH_SCHEDULER_THREAD_SAFE}")
 set(AVS_COMMONS_STREAM_WITH_FILE "${WITH_AVS_STREAM_FILE}")

include_public/avsystem/commons/avs_addrinfo.h

@@ -62,8 +62,10 @@ typedef struct avs_net_addrinfo_struct avs_net_addrinfo_t;
  * This is roughly equivalent to <c>AI_V4MAPPED | AI_ALL</c> flags to
  * <c>getaddrinfo()</c>, but implemented independently of them.
  *
- * This flag is meaningful only if the plaform supports both IPv4 and IPv6.
- * Otherwise it is ignored.
+ * This flag is meaningful only if the plaform supports both IPv4 and IPv6, and
+ * IPv4-mapped IPv6 address support is not disabled (see the
+ * <c>AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT</c>
+ * configuration macro). Otherwise it is ignored.
  */
 #define AVS_NET_ADDRINFO_RESOLVE_F_V4MAPPED (1 << 1)
 

include_public/avsystem/commons/avs_commons_config.h.in

@@ -557,13 +557,13 @@
  *
  * Specify an optional header with a list of modules for which log level
  * is set. If a log level for specific module is not set, the DEFAULT level
- * will be taken into account. Value of the default logging level is set to 
+ * will be taken into account. Value of the default logging level is set to
  * DEBUG, but can be overwritten in this header file with AVS_LOG_LEVEL_DEFAULT
  * define. Messages with lower level than the one set will be removed during
  * compile time. Possible values match @ref avs_log_level_t.
  *
  * That file should contain C preprocesor defines in the:
- * - "#define AVS_LOG_LEVEL_FOR_MODULE_<Module> <Level>" format, 
+ * - "#define AVS_LOG_LEVEL_FOR_MODULE_<Module> <Level>" format,
  *   where <Module> is the module name and <Level> is allowed logging level
  * - "#define AVS_LOG_LEVEL_DEFAULT <Level>" format, where <Level> is the
  *   allowed logging level
@@ -573,7 +573,7 @@
  * <code>
  * #ifndef AVS_COMMONS_EXTERNAL_LOG_LEVELS_H
  * #define AVS_COMMONS_EXTERNAL_LOG_LEVELS_H
- * 
+ *
  * // global log level value
  * #define AVS_LOG_LEVEL_DEFAULT INFO
  *
@@ -589,9 +589,9 @@
 #cmakedefine AVS_COMMONS_WITH_EXTERNAL_LOG_LEVELS_HEADER "@AVS_COMMONS_WITH_EXTERNAL_LOG_LEVELS_HEADER@"
 
 /**
- * Disable log level check in runtime. Allows to save at least 1.3kB of memory.  
- * 
- * The macros avs_log_set_level and avs_log_set_default_level 
+ * Disable log level check in runtime. Allows to save at least 1.3kB of memory.
+ *
+ * The macros avs_log_set_level and avs_log_set_default_level
  * will not be available.
  *
  */
@@ -713,6 +713,20 @@
  */
 #cmakedefine AVS_COMMONS_NET_POSIX_AVS_SOCKET_HAVE_IN6_IS_ADDR_V4MAPPED
 
+/**
+ * Should be defined if IPv4-mapped IPv6 addresses (<c>::ffff:0.0.0.0/32</c>)
+ * are <strong>NOT</strong> supported by the underlying platform.
+ *
+ * Enabling this flag will prevent avs_net from using IPv4-mapped IPv6 addresses
+ * and instead re-open and re-bind the socket if a connection to an IPv4 address
+ * is requested on a previously created IPv6 socket.
+ *
+ * This may result in otherwise redundant <c>socket()</c>, <c>bind()</c> and
+ * <c>close()</c> system calls to be performed, but may be necessary for
+ * interoperability with some platforms.
+ */
+#cmakedefine AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT
+
 /**
  * Is the <c>inet_ntop()</c> function available?
  *

include_public/avsystem/commons/avs_defs.h

@@ -198,7 +198,7 @@ typedef union {
     /* candidates for "largest type"
      * add offending type if getting alignment errors */
     void *ptr;
-    void (*fptr)();
+    void (*fptr)(void);
     long double ld;
     intmax_t i;
     /** @endcond */

include_public/avsystem/commons/avs_list.h

@@ -224,14 +224,16 @@ static inline void *avs_list_void_identity__(void *arg) {
 #ifdef __cplusplus
 template <typename T>
 static inline AVS_LIST(T) &avs_list_next__(AVS_LIST(T) element) {
-    return *AVS_APPLY_OFFSET(AVS_LIST(T), element, -AVS_LIST_SPACE_FOR_NEXT__);
+    return *AVS_APPLY_OFFSET(
+            AVS_LIST(T), element, -(int) AVS_LIST_SPACE_FOR_NEXT__);
 }
 
 #    define AVS_LIST_NEXT(element) (avs_list_next__((element)))
 #else
-#    define AVS_LIST_NEXT(element) \
-        (*AVS_APPLY_OFFSET(        \
-                AVS_TYPEOF_PTR(element), element, -AVS_LIST_SPACE_FOR_NEXT__))
+#    define AVS_LIST_NEXT(element)                  \
+        (*AVS_APPLY_OFFSET(AVS_TYPEOF_PTR(element), \
+                           element,                 \
+                           -(int) AVS_LIST_SPACE_FOR_NEXT__))
 #endif
 
 /**

src/crypto/openssl/avs_openssl_pki.c

@@ -90,30 +90,28 @@ avs_error_t avs_crypto_pki_ec_gen(avs_crypto_prng_ctx_t *prng_ctx,
         return avs_errno(AVS_EINVAL);
     }
 
-    EC_GROUP *group =
-            EC_GROUP_new_by_curve_name(asn1_oid_to_nid(ecp_group_oid));
-    if (!group) {
-        LOG(ERROR, _("specified ECP group is invalid or not supported"));
-        return avs_errno(AVS_ENOTSUP);
-    }
-
-    EC_KEY *ec_key = EC_KEY_new();
-    if (!ec_key) {
-        LOG(ERROR, _("EC_KEY_new() failed"));
+    int group_nid = asn1_oid_to_nid(ecp_group_oid);
+    EVP_PKEY_CTX *pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (!pkey_ctx) {
+        LOG(ERROR, _("EVP_PKEY_CTX_new_id() failed"));
         err = avs_errno(AVS_ENOMEM);
     } else {
-        if (!EC_KEY_set_group(ec_key, group) || !EC_KEY_generate_key(ec_key)) {
+        EVP_PKEY *pkey = NULL;
+        if (!EVP_PKEY_keygen_init(pkey_ctx)
+                || !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx, group_nid)
+                || !EVP_PKEY_keygen(pkey_ctx, &pkey)) {
             log_openssl_error();
             err = avs_errno(AVS_EPROTO);
         } else {
-            int result = i2d_ECPrivateKey(ec_key, NULL);
+            assert(pkey);
+            int result = i2d_PrivateKey(pkey, NULL);
             if (result > 0) {
                 if ((size_t) result > *inout_der_secret_key_size) {
                     LOG(ERROR, _("Output buffer is too small to fit the key"));
                     err = avs_errno(AVS_E2BIG);
                 } else {
-                    result = i2d_ECPrivateKey(
-                            ec_key,
+                    result = i2d_PrivateKey(
+                            pkey,
                             &(unsigned char *[]){
                                     (unsigned char *) out_der_secret_key }[0]);
                 }
@@ -124,11 +122,11 @@ avs_error_t avs_crypto_pki_ec_gen(avs_crypto_prng_ctx_t *prng_ctx,
             } else {
                 *inout_der_secret_key_size = (size_t) result;
             }
+            EVP_PKEY_free(pkey);
         }
-        EC_KEY_free(ec_key);
+        EVP_PKEY_CTX_free(pkey_ctx);
     }
 
-    EC_GROUP_free(group);
     return err;
 }
 

src/net/CMakeLists.txt

@@ -18,6 +18,7 @@ if(WIN32 OR UNIX OR POSIX_COMPAT_HEADER)
 endif()
 
 option(WITH_POSIX_AVS_SOCKET "Enable avs_socket implementation based on POSIX socket API" "${POSIX_AVS_SOCKET_DEFAULT}")
+cmake_dependent_option(WITHOUT_IN6_V4MAPPED_SUPPORT "Prevent avs_net from using IPv4-mapped IPv6 addresses" OFF WITH_POSIX_AVS_SOCKET OFF)
 cmake_dependent_option(WITH_TLS_SESSION_PERSISTENCE "Enable support for TLS session persistence" ON WITH_AVS_PERSISTENCE OFF)
 
 set(AVS_NET_PUBLIC_HEADERS

src/net/avs_net_impl.h

@@ -27,7 +27,9 @@ VISIBILITY_PRIVATE_HEADER_BEGIN
 #    error "At least one IP protocol version must be enabled"
 #endif
 
-#if defined(AVS_COMMONS_NET_WITH_IPV4) && defined(AVS_COMMONS_NET_WITH_IPV6)
+#if defined(AVS_COMMONS_NET_WITH_IPV4) && defined(AVS_COMMONS_NET_WITH_IPV6) \
+        && !defined(                                                         \
+                   AVS_COMMONS_NET_POSIX_AVS_SOCKET_WITHOUT_IN6_V4MAPPED_SUPPORT)
 #    define WITH_AVS_V4MAPPED
 #endif