From baea194a04942634498ddd0eb9b32d7890119954 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:42:11 +0000 Subject: [PATCH 1/4] Clarify CRL security guarantees Signed-off-by: Janos Follath --- SECURITY.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 0af1903355..529e3b6fae 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -147,19 +147,20 @@ configuration option is defined. This option is off by default. #### Formatting of X.509 certificates and certificate signing requests -When parsing X.509 certificates and certificate signing requests (CSRs), -Mbed TLS does not check that they are strictly compliant with X.509 and other -relevant standards. In the case of signed certificates, the signing party is -assumed to have performed this validation (and the certificate is trusted to -be correctly formatted as long as the signature is correct). -Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. +When parsing X.509 certificates, certificate signing requests (CSRs) or +certificate revocation lists (CRLs) Mbed TLS does not check that they are +strictly compliant with X.509 and other relevant standards. In the case of +signed certificates and signed CRLs, the signing party is assumed to have +performed this validation (and the certificate or CRL is trusted to be correctly +formatted as long as the signature is correct). Similarly, CSRs are implicitly +trusted by Mbed TLS to be standards-compliant. -**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra -validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable for use in -a Certificate Authority (CA). +**Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless +extra validation is performed separately to ensure that they are compliant to +the relevant specifications. This makes Mbed TLS on its own unsuitable for use +in a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other -undefined behavior when parsing certificates and CSRs. If a CSR or signed +undefined behavior when parsing certificates, CSRs and CRLs. If a CSR or signed certificate causes undefined behavior when it is parsed by Mbed TLS, that is considered a security vulnerability. From 7b2ad1c518d66e198eeb4d4c2bbaff0a7b238857 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:46:44 +0000 Subject: [PATCH 2/4] Clarify purpose and suitability of sample programs Signed-off-by: Janos Follath --- programs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/README.md b/programs/README.md index a58037d097..7dc41ab0c8 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,6 +3,8 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. +**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. + ## Symmetric cryptography (AES) examples * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. From 92dbfb34f065eb13671c7e2ddfb968edaac7c8d6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:38:16 +0000 Subject: [PATCH 3/4] SECURITY.md: make x509 data section more readable Signed-off-by: Janos Follath --- SECURITY.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 529e3b6fae..114dce6a69 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -145,15 +145,18 @@ Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` configuration option is defined. This option is off by default. -#### Formatting of X.509 certificates and certificate signing requests +#### Formatting of X509 data -When parsing X.509 certificates, certificate signing requests (CSRs) or -certificate revocation lists (CRLs) Mbed TLS does not check that they are -strictly compliant with X.509 and other relevant standards. In the case of -signed certificates and signed CRLs, the signing party is assumed to have -performed this validation (and the certificate or CRL is trusted to be correctly -formatted as long as the signature is correct). Similarly, CSRs are implicitly -trusted by Mbed TLS to be standards-compliant. +This section discusses limitations in how X.509 objects are processed. This +applies to certificates, certificate signing requests (CSRs) and certificate +revocation lists (CRLs). + +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates and signed CRLs, the +signing party is assumed to have performed this validation (and the certificate +or CRL is trusted to be correctly formatted as long as the signature is +correct). Similarly, CSRs are implicitly trusted by Mbed TLS to be +standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless extra validation is performed separately to ensure that they are compliant to From 6c0a661b68a98c4216876eeba9b46deaec88d257 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:39:40 +0000 Subject: [PATCH 4/4] programs/README.md clarify security remark Signed-off-by: Janos Follath --- programs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/README.md b/programs/README.md index 7dc41ab0c8..9091ff86c3 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,7 +3,7 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. +We try to ensure that the sample programs are good examples of how to use Mbed TLS but we make no hard guarantees about their security. They should not be used in production unless they have been separately tested and thoroughly audited for security. Note that this means vulnerabilities in the sample programs are out of the scope of our usual security process and will be fixed in public. ## Symmetric cryptography (AES) examples