mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00

Author	SHA1	Message	Date
Minos Galanakis	369ea7a041	Assemble ChangeLog Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-10-10 18:04:55 +01:00
Minos Galanakis	bafcf5bddf	Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.5rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-10-02 15:37:04 +01:00
Ben Taylor	6e73b2f2fd	Backport time_t type conversions Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-09-29 15:35:28 +01:00
Gilles Peskine	70135847cd	Merge pull request #1425 from gilles-peskine-arm/restricted-3.6-merge-public-20250916 3.6: : merge public into restricted 2025-09-16	2025-09-17 21:05:31 +02:00
Gilles Peskine	334dfa8799	Merge remote-tracking branch '3.6' into restricted-3.6-merge-public-20250916 Conflicts: * `framework`: update submodule to the merge of `main` and `main-restricted`.	2025-09-16 16:16:53 +02:00
Gilles Peskine	d1244932f1	We have a CVE ID Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-09-16 10:39:29 +02:00
Gilles Peskine	447134b704	Announce psa_can_do_cipher() Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-09-12 11:27:08 +02:00
Gilles Peskine	2d666646ba	Changelog entry for PSA CBC-PKCS7 padding oracle fix Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-09-08 12:22:39 +02:00
Gilles Peskine	9d7d0e63ae	Merge pull request #1407 from gilles-peskine-arm/mbedtls_cipher_finish_padded-3.6 Backport 3.6: Introduce mbedtls_cipher_finish_padded	2025-09-08 12:18:50 +02:00
Manuel Pégourié-Gonnard	07cbb33e76	Add ChangeLog entry for SSBleed and M-Step Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-09-02 10:41:50 +02:00
Manuel Pégourié-Gonnard	381d4ba03b	Make mbedtls_mpi_gcd() more consistent Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-08-13 09:01:45 +02:00
Gilles Peskine	7db50d0700	Changelog entry for mbedtls_cipher_finish_padded() Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-08-08 15:15:07 +02:00
Gilles Peskine	8d524e8841	Merge pull request #10312 from ronald-cron-arm/dependency-on-generated-files Backport 3.6: cmake: library: Fix potential concurrent file generation	2025-07-30 11:44:53 +00:00
Ronald Cron	5491fe3ee0	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2025-07-21 09:45:14 +02:00
Minos Galanakis	c52f68fd21	Assemble ChangeLog Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-25 14:07:55 +01:00
Minos Galanakis	f36277558a	Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.4rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-23 18:52:17 +01:00
David Horstmann	54ceaf7a53	Merge pull request #10200 from aslze/mbedtls-3.6 [3.6] Fix build C++ apps with MSVC	2025-06-19 14:25:50 +00:00
David Horstmann	a84be59757	Merge pull request #1366 from gilles-peskine-arm/base64-decode-clean-3.6 Backport 3.6: mbedtls_base64_decode: fix sloppiness	2025-06-17 14:55:39 +01:00
Gilles Peskine	3c9ad42719	Merge pull request #1367 from gilles-peskine-arm/aesni_has_support-volatile-3.6 Backport 3.6: Fix race condition in mbedtls_aesni_has_support	2025-06-13 23:20:28 +02:00
Felix Conway	b8d14734fd	Simplify changelog Signed-off-by: Felix Conway <felix.conway@arm.com>	2025-06-13 09:33:24 +01:00
Felix Conway	80ca13f07d	Add changelog Signed-off-by: Felix Conway <felix.conway@arm.com>	2025-06-12 13:28:26 +01:00
Gilles Peskine	f5db3e9436	Note that GCM is also impacted Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-06-11 10:45:41 +02:00
Gilles Peskine	a79525239f	Merge pull request #1359 from Mbed-TLS/bugfix_1351_1352_1353_lms_drivers_3.6bp [3.6 Backport]Bugfix: lms/lmots driver hardening.	2025-06-10 19:08:15 +02:00
Manuel Pégourié-Gonnard	7ed3653c57	Merge pull request #1363 from gilles-peskine-arm/3.6-restricted-merge-20250606 Merge mbedtls-3.6 into mbedtls-3.6-restricted	2025-06-10 11:01:11 +02:00
Manuel Pégourié-Gonnard	cae443405e	Merge pull request #1347 from mpg/fix-asn1-store-named-data-null-deref-3.6 Backport 3.6: Fix asn1 store named data null deref	2025-06-10 09:50:34 +02:00
Gilles Peskine	8c67ac0f7f	Fix race condition in mbedtls_aesni_has_support Fix a race condition in `mbedtls_aes_ni_has_support()` with some compilers. A compiler could hoist the assignment `done = 1` above the assignment to `c`, in which case if two threads call `mbedtls_aes_ni_has_support()` at almost the same time, they could be interleaved as follows: Initially: done = 0, c = 0 thread A thread B if (!done) done = 1; # hoisted if (!done) return c & what; # wrong! c = cpuid(); return c & what This would lead to thread B using software AES even though AESNI was available. This is a very minor performance bug. But also, given a very powerful adversary who can block thread A indefinitely (which may be possible when attacking an SGX enclave), thread B could use software AES for a long time, opening the way to a timing side channel attack. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-06-09 23:48:34 +02:00
Gilles Peskine	2b3d6a8f28	mbedtls_base64_decode: insist on correct padding Correct base64 input (excluding ignored characters such as spaces) consists of exactly 4k, 4k-1 or 4k-2 digits, followed by 0, 1 or 2 equal signs respectively. Previously, any number of trailing equal signs up to 2 was accepted, but if there fewer than 4k digits-or-equals, the last partial block was counted in `olen` in buffer-too-small mode, but was not output despite returning 0. Now `mbedtls_base64_decode()` insists on correct padding. This is backward-compatible since the only plausible useful inputs that used to be accepted were inputs with 4k-1 or 4*k-2 digits and no trailing equal signs, and those led to invalid (truncated) output. Furthermore the function now always reports the exact output size in buffer-too-small mode. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-06-09 23:01:21 +02:00
Minos Galanakis	255c492dab	Added CVE's to ChangeLogs Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-08 23:10:58 +01:00
Gilles Peskine	7df273bb34	Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted	2025-06-06 10:46:03 +02:00
Gilles Peskine	84999d1a7b	Fix mbedtls_base64_decode() accepting invalid inputs with 4n+1 digits The last digit was ignored. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-06-05 16:15:41 +02:00
Minos Galanakis	f84bc3f592	Added changelog for check return of merkle leaf Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-05 09:23:59 +01:00
Minos Galanakis	3444757ac4	Added changelog for lms enum casting Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-05 09:23:59 +01:00
Minos Galanakis	3b392af70d	Added changelog for lms overread Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-06-05 09:23:59 +01:00
Alvaro Segura	41422e1fc0	Fix change log entry Signed-off-by: Alvaro Segura <alvaro.segura@gmail.com>	2025-06-05 09:10:54 +02:00
David Horstmann	3f82706cb7	Merge pull request #1349 from felixc-arm/pem-integer-underflow-3.6 [3.6] Fix Integer Underflow when Decoding PEM Keys	2025-06-04 14:36:35 +01:00
Felix Conway	42323eacc9	Add changelog Signed-off-by: Felix Conway <felix.conway@arm.com>	2025-06-04 10:06:26 +01:00
Manuel Pégourié-Gonnard	e51bde06da	Fix possible UB in mbedtls_asn1_write_raw_buffer() This is mostly unrelated to other commits in this PR, except for the fact that one of the added X.509 tests revealed that with UBSan. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-06-03 11:23:19 +02:00
Manuel Pégourié-Gonnard	d9c141749b	Merge pull request #1345 from davidhorstmann-arm/pkcs7-side-channel-missing-credit-3.6 Add credit to the reporters of the PKCS7 issue	2025-05-28 11:49:35 +02:00
Ronald Cron	4960825a94	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2025-05-28 10:05:32 +02:00
Manuel Pégourié-Gonnard	04fe95d95b	Add ChangeLog entry Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-05-26 12:38:52 +02:00
Manuel Pégourié-Gonnard	1e9267c993	Merge pull request #1340 from mpg/fix-string-to-names-uaf-3.6 [3.6] Fix string to names memory management	2025-05-21 14:48:43 +02:00
Manuel Pégourié-Gonnard	8429619a92	Fix type in ChangeLog Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-05-19 12:29:11 +02:00
David Horstmann	ddbf8d030a	Add credit to the reporters of the PKCS7 issue Signed-off-by: David Horstmann <david.horstmann@arm.com>	2025-05-14 15:45:00 +01:00
Gilles Peskine	65b548386f	Changelog entry for the union initialization fixes Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-05-07 18:51:57 +02:00
Manuel Pégourié-Gonnard	219c3368eb	Merge pull request #1306 from davidhorstmann-arm/pkcs7-padding-side-channel-fix-3.6 [Backport 3.6] Fix side channel in PKCS7 padding	2025-05-06 09:34:40 +02:00
Manuel Pégourié-Gonnard	19d2c9165a	Fix undocumented free() in x509_string_to_names() Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer crashing with use-after-free, instead it's now failing cleanly: failed ! mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid That's better of course but still not great, will be fixed by future commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-05-05 16:44:18 +02:00
Max Fillinger	1bc2a9bdbf	Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-04-16 11:20:50 +02:00
Max Fillinger	15f9f5e562	Fix TLS exporter changelog entry Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-04-16 11:20:49 +02:00
Max Fillinger	91ad62efc7	Add changelog entry for TLS-Exporter feature Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-04-16 11:20:49 +02:00
David Horstmann	bbf1a01503	Modify ChangeLog entry to full plaintext recovery Signed-off-by: David Horstmann <david.horstmann@arm.com>	2025-03-28 17:31:15 +00:00

1 2 3 4 5 ...

1657 Commits