Release v3.7.8 (20250505)

Library improvement/bug fixes summary

• Updated minimum required version of CMake to v3.20 to support its new features and improvements
  

• Resolved tng_atcacert_read_signer_cert build failure when using MPLAB Harmony projects
  

• Fixed tng_atcacert_max_device_cert_size function to prevent overwriting max_cert_size
  

• Addressed the dependency issue where SHA512 is required for SHA384 in the SW Crypto module
  

• Fixed an issue in the Linux environment where the SPI file descriptor was inadvertently closed twice
  

• Incorporated additional ATCA_CHECK_PARAMS_EN checks in sections of the code where they were previously absent
  

• Eliminated all compiler warnings in MPLAB Melody related to the atcacert module
  

• Eliminated all compiler warnings in MPLAB Harmony projects when adding the CAL library as a project component
  

• Addressed all MISRA violations categorized as "Required" in MPLAB Harmony. Note that "Advisory" issues remain unaddressed
  

• Resolved build issues in the PyCAL library to ensure its compatibility CAL library counterpart in C
  

• Resolved build errors on arm64 MacOS platforms when utilizing the USB library for hidapi; kick-start transition to libusb-maintained version of hidapi, moving away from the previous signal11 repository
  

• Addressed incorrect header file inclusions in atca_mbedtls_wrap.h related to the ATCA_MBEDTLS configuration
  

• PKCS11 layer fixes/updates
  

•     Corrected return value in C_FindObjectsInit API to no longer return CKR_OK when no objects are found
  

•     Fixed an issue causing certificate export failures when using ATECCC608 TNGTLS devices
  

•     Resolved a race condition that occurred during the creation of a mutex
  

Release v3.7.7 (20250213)

New Features

• Extended atcacert module to support compressed certificate usage for TA devices
  

• Enhanced WPC application to support TA devices
  

• Updated PKCS#11 and Openssl wiki documentation to include steps for using Openssl 3.0+ versions
  

• Updated PKCS#11 module to add compatibility for higher [SHA-2](https://bitbucket.microchip.com/plugins/servlet/jira-integration/issues/SHA-2) (SHA384 and SHA512) functions
  

• Added NIST vector tests to cover AES CCM module validation
  

• Modified calib packet allocation to use memory from either heap or data segment based on user configuration instead of always using data segment.
  

Fixes

• Resolved SWI 1-wire communication failure occuring in hal_swi_gpio while using MPLABx Harmony projects
  

•     delay routines in hal_cortex_m_delay are optimized to generate accurate delays for SAM cortex-m device family
  

•     removed call stack overhead in hal_swi_gpio to meet required SWI bit timing
  

• Minimum required version for CMake is changed from 3.0.1 to 3.10.0
  

• Fixed compilation issues with atcac_get_subj_public_key when WolfSSL configuration is enabled
  

API CHANGES

• Replaced I/O buffers in atcacert with cal_buffer at few instances to support resource-constrained PIC18 devices
  

•     Refer [lib/atcacert/MIGRATION.md] for details on atcacert API changes
  

Release v3.7.6 (20240926)

New Features

• Add support for RSA key types, certificates and algorithms
• Add SHA384 and SHA512 support for host side software crypto (lib/crypto/) operations
• Modified WPC application to support ECC204 and TA010 devices

Fixes

• Shared library build (libcryptoauth.so) sets ABI version number (libcryptoauth.so.x)
• Fix atcacert_read_cert() API failure while using ECC204 and TA010 devices
• Resolve kit protocol compilation failure for PIC18 device (XC8) builds
• Fix PKCS#11 layer C_DestroyObject failure when deleting a key pair
• Fix PKCS#11 layer C_DeriveKey API usage sequence

Release v3.5.1 (20230320)

New Features

• Add support for SHA104, SHA105, & SHA106 devices

Release v3.5.0 (20230314)

New Features

• Add support for ECC204, TA010 and framework for future devices of the same generation

Release v3.4.1 (20221114)

Hotfixes

• Update test_atcacert_build_start_signer to verify the structure fields since the structure is no longer packed
• Update Python ctypes_to_bytes routine to work for all python versions
• Add pkcs11 signature rule verification function to check mechanism and input parameters per section 5.2 of the specification
• Fix compilation error when PKCS11 monotonic counter is enabled
• Fix compilation error when no HALs are specified during configuration

Release v3.4.0 (20221104)

New Features

• Added framework for fine grain library configuration including configuration check
  header files <api>_config_check.h see lib/atca_config_check.h for the top level
  header
• Added WPC application files with reference message generation/parsing and library
  configuration file to optimize to the smallest footprint
• TA100 read/write apis updated to segment incoming buffer into partial read/write
  operations if it exceeds the maximum supported packet size
• Added PKCS7 padding algorithm for use with AES-CBC
• Expose PKCS11 configuration options to CMake configuration

Fixes

• Improve ECC204 apis to match cryptoauthlib apis and abstract the device differences
• Support for strict C99 compliance and clean up warnings from -Wall and pedantic levels
• Add rsa2048 key size support to talib_rsaenc command
• Fix for ta100 devupdate to set the proper auth session exit flags so the library will
  properly reconnect when the ta100 reboots
• Fix ECC608 verify failure when ReqRandom bit is set for a stored public key by using
  tempkey in this situation rather than the message digest buffer. See the ECC608
  datasheet for more details of this special condition
• Improve ta100 auth session handling of long messages by reporting the message size
  exceeds the wrapped message limit earlier in the packet creation process
• Fixes and Improvements for PKCS11 interface based on compliance testing
• Add missing include for atca_device.h by @mickeprag in #264
• Fix no member named 'address' errors when using ATCA_ENABLE_DEPRECATED by @rashedtalukder in #273
• Fix undefined type error and ESP32 RTOS timer function call by @rashedtalukder in #277
• Fix model number for ATECC608 by @AndreyLalaev in #282
• Don't attempt to pack structures with pointers - should fix aarch64 issues by @bryan-hunt in #283
• Add fixes to cryptoauthlib to support Java PKCS11 requirements, to support Greengrass V2 by @JamieHunter in #290
• CKA_ID support to enable Java / Greengrass V2 by @JamieHunter in #291

New Contributors

• @mickeprag made their first contribution in #264
• @rashedtalukder made their first contribution in #273
• @AndreyLalaev made their first contribution in #282
• @JamieHunter made their first contribution in #290

Full Changelog: v3.3.3...v3.4.0

Release v3.3.3 (20211006)

New features

• Added Zephyr support and zephyr driver api HALs for I2C & SPI. Adding cryptoauthlib to a zephyr project CMakeLists.txt is now possible - use subdirectory(cryptoauthlib/lib). One can also include the repo in the west manifest
• Added SWI device support for linux platforms using hardware uarts
• Added contributing guidelines and PR process documentation
• SWI bitbang driver for harmony - supports Atmel SWI and ECC204 protocols

Fixes

• Wolfssl build errors when generating MHC projects containing wolfssl
• Removed zero length aad limitation in CCM implementation
• Changed ECC204 zone identifiers and slot types to align with cryptoauthlib standard forms
• XC8/XC16 build warnings
• Several pkcs11 fixes - token_init deadlock, null num_in for private key writes, secret key length parsing, object_create failing, etc
• Null pointer access violation in atcab_release when using a native hal and double free in openssl implementation of atcac_pk_verify

Release v3.3.2 (20210620)

New features

• All memory allocations now go through the hal_ platform definitions. In harmony these are the OSAL_ fuctions which work with any of the supported RTOS'.
• Enable multiple intefaces in the Harmony 3 test project through the user interface.
• Kit protocol over UART has been added. This can be paired with the included hosting application
• Simple kit protocol hosting application has been added. It is available in app/kit_host and through Harmony 3. This is a preview release of the application.

Fixes

• Enable ATSHA206A api in the python extension
• Made the linux i2c configuration default to 100khz so they should work again without having to make modifications to the baud rate field.
• Fix pkcs11 static configuration option when used with the trust platform configuration file
• Fix PKCS11 ec_point return value when pValue is null (libp11 checks the size in this manner before requesting

Release v3.3.1 (20210423)

New features

• Core support for kit protocol over serial ports (i.e. tty/COM ports)
• PKCS11 support for TA100 auth sessions

Fixes

• Fix mbedtls integration combinations that would produce unexpected behavior. All variations of sign/verify _ALT now work as expected given a configured key (for example if a key is configured as a stored public and VERIFY_ALT is enabled then library will perform a stored key verify rather than an external public key load and verify)
• Added mbedtls integration tests to confirm that integrations are working on a target platform as expected. These generally bootstrap using NIST example vectors before using the validated functions/algorithms to test the remaining integration.
• Clean up warnings when run with very strict settings (-Wall -Wextra -pedantic -Werror)
• Fix false wake errors when baud rate switching for I2C
• Fix for I2C errors that could be created on the bus when there are devices on the bus that support general calls - this fix should also correct linux zero length kernel messages when enabled.
• Fix ESP32 HAL to work with the updated HAL structure.