TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-08 21:37:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,104 Commits 179 Branches 280 Tags
7ed3653c57772132bf6cc2812bc75cecddd3cc2f
Commit Graph

1626 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
7ed3653c57 Merge pull request #1363 from gilles-peskine-arm/3.6-restricted-merge-20250606 
Merge mbedtls-3.6 into mbedtls-3.6-restricted
 2025-06-10 11:01:11 +02:00
Manuel Pégourié-Gonnard
cae443405e Merge pull request #1347 from mpg/fix-asn1-store-named-data-null-deref-3.6 
Backport 3.6: Fix asn1 store named data null deref
 2025-06-10 09:50:34 +02:00
Gilles Peskine
7df273bb34 Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted 2025-06-06 10:46:03 +02:00
David Horstmann
3f82706cb7 Merge pull request #1349 from felixc-arm/pem-integer-underflow-3.6 
[3.6] Fix Integer Underflow when Decoding PEM Keys
 2025-06-04 14:36:35 +01:00
Felix Conway
42323eacc9 Add changelog 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-04 10:06:26 +01:00
Manuel Pégourié-Gonnard
e51bde06da Fix possible UB in mbedtls_asn1_write_raw_buffer() 
This is mostly unrelated to other commits in this PR, except for the
fact that one of the added X.509 tests revealed that with UBSan.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-06-03 11:23:19 +02:00
Manuel Pégourié-Gonnard
d9c141749b Merge pull request #1345 from davidhorstmann-arm/pkcs7-side-channel-missing-credit-3.6 
Add credit to the reporters of the PKCS7 issue
 2025-05-28 11:49:35 +02:00
Ronald Cron
4960825a94 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-05-28 10:05:32 +02:00
Manuel Pégourié-Gonnard
04fe95d95b Add ChangeLog entry 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-26 12:38:52 +02:00
Manuel Pégourié-Gonnard
1e9267c993 Merge pull request #1340 from mpg/fix-string-to-names-uaf-3.6 
[3.6] Fix string to names memory management
 2025-05-21 14:48:43 +02:00
Manuel Pégourié-Gonnard
8429619a92 Fix type in ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-19 12:29:11 +02:00
David Horstmann
ddbf8d030a Add credit to the reporters of the PKCS7 issue 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-05-14 15:45:00 +01:00
Gilles Peskine
65b548386f Changelog entry for the union initialization fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-07 18:51:57 +02:00
Manuel Pégourié-Gonnard
219c3368eb Merge pull request #1306 from davidhorstmann-arm/pkcs7-padding-side-channel-fix-3.6 
[Backport 3.6] Fix side channel in PKCS7 padding
 2025-05-06 09:34:40 +02:00
Manuel Pégourié-Gonnard
19d2c9165a Fix undocumented free() in x509_string_to_names() 
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:

 failed
  !  mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid

That's better of course but still not great, will be fixed by future
commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 16:44:18 +02:00
Max Fillinger
1bc2a9bdbf Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
15f9f5e562 Fix TLS exporter changelog entry 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:49 +02:00
Max Fillinger
91ad62efc7 Add changelog entry for TLS-Exporter feature 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
David Horstmann
bbf1a01503 Modify ChangeLog entry to full plaintext recovery 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-28 17:31:15 +00:00
Minos Galanakis
a3c020d2cf Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:50:40 +00:00
Minos Galanakis
688494ae41 Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:48:02 +00:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Gilles Peskine
c03cd1124c Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Bence Szépkúti
b22247b85b Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
David Horstmann
26f0044ad0 Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6 
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
 2025-03-12 17:35:40 +00:00
Bence Szépkúti
f525505886 Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Gilles Peskine
a7c020d6cb Update the location of defragmentation limitations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:48 +01:00
Gilles Peskine
1933932e55 Refer to the API documentation for details 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
43f636ff4d Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6 
Backport 3.6: Zeroize PSA temporary heap buffers
 2025-03-11 17:38:28 +01:00
David Horstmann
0326decca7 Add changelog entry for TLS 1.2 Finished fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 15:53:26 +00:00
Bence Szépkúti
23e941a2e7 Update changelog to call out MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:42:44 +01:00
Bence Szépkúti
8154c5823e Remove Everest VS2010 compatibility headers 
These headers were necessary for compatibility with Visual Studio 2010,
and interfere with the system headers on Visual Studio 2013+, eg. when
building Mbed TLS using the .sln file shipped with the project.

Move the still-required definition of "inline" to callconv.h, where the
definition for GCC also lives.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:54:19 +01:00
Bence Szépkúti
f65983d670 Fix MSVC version guard for C99 format size specifiers 
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).

%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:27 +01:00
Gilles Peskine
184cac1eb6 Zeroize temporary heap buffers used when deriving an ECC key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:42:30 +01:00
Gilles Peskine
e847afd9ef Zeroize temporary heap buffers used in PSA operations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:41:59 +01:00
Waleed Elmelegy
72b391fe07 Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:37:02 +00:00
Minos Galanakis
2622aea537 ChangeLog: Updated the entry for tls-hs-defragmentation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Gilles Peskine
20c7748575 Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Valerio Setti
cc1b26bd9a changelog: add note for MD changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-21 15:01:04 +01:00
Deomid rojer Ryabkov
716aead3b9 Update the changelog message 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:19 +01:00
Deomid Ryabkov
db2da526ff Update ChangeLog.d/tls-hs-defrag-in.txt 
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
3fc5a4dc86 Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
David Horstmann
1667455992 Add ChangeLog entry for PKCS#7 side channel fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-01-22 11:36:16 +00:00
Valerio Setti
b90d12490c scripts: fix paths for files moved to framework 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-08 10:03:49 +01:00
Solar Designer
cbf5df5d54 Add change log entry on AES-NI asm block fixes 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:10:06 +01:00
SuperIlu
f36f405c05 reworked changelog according to suggestion 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-02 21:25:11 +01:00
SuperIlu
95355befd5 Added changelog 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-01 10:32:07 +01:00
Paul Elliott
346d2f4e58 Merge pull request #9731 from gilles-peskine-arm/coverity-20241004-3.6 
Backport 3.6: Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
 2024-11-06 19:02:54 +00:00
Gilles Peskine
e4546ba988 Add changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-30 12:18:16 +01:00