TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-12 15:11:35 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,744 Commits 179 Branches 280 Tags
87eba699264eda24053cdec733de2457fcd07d8e
Commit Graph

32744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
87eba69926 Merge pull request #10658 from gilles-peskine-arm/audit_validity_dates-move-to-framework-3.6-actually-remove-scripts 
3.6 only: Move some scripts from mbedtls into the framework redux
 2026-04-09 07:58:45 +00:00
David Horstmann
4eb967981f Merge pull request #10667 from gilles-peskine-arm/security-md-mention-compiler-3.6 
Backport 3.6: Mention compiler optimization in the threat model
 2026-04-01 15:44:54 +00:00
Gilles Peskine
168ac78034 Be more specific about what compiler options we consider legitimate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 10:08:29 +02:00
Gilles Peskine
778ea0af9b Mention the new advice about compiler options in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 10:08:28 +02:00
Gilles Peskine
b937689ba6 Add a section about compiler-introduced timing side channels 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 10:08:28 +02:00
Minos Galanakis
629898bbba Revert "Added generated files" 
This reverts commit 0bebf8b8c7.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:37:10 +01:00
Minos Galanakis
2d3fdb6608 Merge tag 'mbedtls-3.6.6' into mbedtls-3.6.6_mergeback 
Mbed TLS mbedtls-3.6.6

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:36:51 +01:00
Valerio Setti
0c9da91b4f Merge pull request #10660 from krish2718/fix_unused_func 
Fix unused function warning
 2026-03-30 10:54:45 +00:00
Minos Galanakis
0bebf8b8c7 Added generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
mbedtls-3.6.6 v3.6.6 		2026-03-26 22:03:13 +00:00
Minos Galanakis
1baa5bba69 Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:03:13 +00:00
Minos Galanakis
69454b4bfe Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:50:06 +00:00
Minos Galanakis
3cfe12bf11 Bump version 
./scripts/bump_version.sh --version 3.6.6

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:48:57 +00:00
Minos Galanakis
6cb4a1e9d2 Updated framework submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:47:46 +00:00
Minos Galanakis
809410026f Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.6.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:47:09 +00:00
Gilles Peskine
77b1a22bc3 Merge pull request #1536 from ronald-cron-arm/3.6-context_load_and_session_load_documentation 
3.6 backport: Tighten context/session load and save APIs documentation
 2026-03-26 21:32:09 +01:00
minosgalanakis
39acf7d2c8 Merge pull request #1535 from Mbed-TLS/release/changelog_fixes_3.6.6 
[Release] Added attributions & CVE to ChangeLogs (3.6 LTS)
 2026-03-26 17:38:26 +00:00
Ronald Cron
86b6812003 Update change log. 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 18:25:06 +01:00
Minos Galanakis
860cde63e6 MOufa 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 16:43:03 +00:00
Minos Galanakis
e4c6f6819e Added attribution for ffdh-peerkey-check 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 16:42:23 +00:00
Minos Galanakis
441beaeeac Extended attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 14:51:36 +00:00
Chaitanya Tata
ecfaeaddb3 Fix unused function warning 
commit 4ac4008fa0 ("Access
ssl->hostname through abstractions in certificate verification").

Due to this an unused function warning can occur if neither SNI nor
handshake is enabled.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
 2026-03-26 19:03:40 +05:30
Ronald Cron
f45d735826 Improve change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
e7076b1639 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
e7c9b1dfb3 Reduce duplication between save/load documentations 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
dd20b0644a Add warning in mbedtls_ssl_session_load/save documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
6712bd07b3 Add warning in mbedtls_ssl_context_save/load documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Minos Galanakis
0205ff782b Added attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 11:11:12 +00:00
Gilles Peskine
ef44c2e99c Update path of moved script 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-26 10:55:17 +01:00
Manuel Pégourié-Gonnard
3746d7bbe0 Merge pull request #1531 from minosgalanakis/bugfix/ccm_finish_boundary_check_3.6_accr 
Added attribution to fix-ccm-finish changelog entry (mbedtls3.6)
 2026-03-26 09:36:56 +01:00
minosgalanakis
e944c99027 Merge pull request #1519 from ronald-cron-arm/dtls-3.6 
3.6: Fixes relative to DTLS invalid/unexpected first record
 2026-03-25 22:31:18 +00:00
Gilles Peskine
deba38fac0 Move some scripts from mbedtls into the framework 
Move a bunch of files from `scripts` and `mbedtls/scripts` to the framework.
Most are not called from any scripts invoked by the CI, but a couple are.
A subsequent commit will adapt the scripts. None of these scripts are
referenced from other repositories except in documentation.

The following files will be removed, and added to `mbedtls-framework`:

* `scripts/ecp_comb_table.py`
* `scripts/massif_max.pl`
* `tests/scripts/audit-validity-dates.py` (moved to `scripts/`)
* `tests/scripts/gen_ctr_drbg.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_decrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_encrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_pkcs1_v21_sign_verify.pl` (moved to `scripts/`)
* `tests/scripts/generate-afl-tests.sh` (moved to `scripts/`)
* `tests/scripts/generate_server9_bad_saltlen.py` (moved to `scripts/`)
* `tests/scripts/run-metatests.sh` (moved to `scripts/`)
* `tests/scripts/run_demos.py` (moved to `scripts/`)
* `tests/scripts/test_config_script.py` (moved to `scripts/`)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-25 21:42:43 +01:00
minosgalanakis
6522a260b2 Merge pull request #1530 from mpg/ffdh-changelog-fix 
Remove attribution that wasn't agreed on
 2026-03-25 19:38:16 +00:00
Minos Galanakis
17c19f9782 Added attribution to fix-ccm-finish changelog entry 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-25 16:14:18 +00:00
Ronald Cron
0c718e863a dtls: Log mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 15:05:53 +01:00
Ronald Cron
eb1cdf45cd dtls: Fix adaptation to first ClientHello 
For each received ClientHello fragment, check
that its epoch is zero and update the
record-level sequence number.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
953c584eec Remove debug leftover 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
3a3d1d3dcd Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
9be94ba6ae Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
42dec1f97c ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests 
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
ed156d0699 Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests 
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
db25da0f32 dtls: Fix log level 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
243a28c7fd dtls: parse_client_hello: Adapt mbedtls_ssl_read_record() error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
4decf92956 dtls: Keep invalid/unexpected record header error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
82be755414 dtls: Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
7a50711061 Update buffering when adapting to ClientHello message_seq 
Credit to OSS-Fuzz for detecting the problem.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:26:16 +01:00
Manuel Pégourié-Gonnard
38fe3d463e Remove attribution that wasn't agreed on 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2026-03-25 13:36:01 +01:00
Ronald Cron
7fabb42524 Introduce ssl_buffering_shift_slots 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
072ddb0346 dtls: Error out on invalid/unexpected record header 
Error out on invalid/unexpected record header
when reading the DTLS 1.2 ClientHello.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
f8dd49e047 dtls: Fix debug log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
36d75df56b Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" 
This reverts commit 0a8c35d273.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00