TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-01 02:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,061 Commits 177 Branches 280 Tags
caaffc1e7ec1a120821dea1f00a441e7b271c63d
Commit Graph

1617 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
d9c141749b Merge pull request #1345 from davidhorstmann-arm/pkcs7-side-channel-missing-credit-3.6 
Add credit to the reporters of the PKCS7 issue
 2025-05-28 11:49:35 +02:00
Manuel Pégourié-Gonnard
1e9267c993 Merge pull request #1340 from mpg/fix-string-to-names-uaf-3.6 
[3.6] Fix string to names memory management
 2025-05-21 14:48:43 +02:00
Manuel Pégourié-Gonnard
8429619a92 Fix type in ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-19 12:29:11 +02:00
David Horstmann
ddbf8d030a Add credit to the reporters of the PKCS7 issue 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-05-14 15:45:00 +01:00
Manuel Pégourié-Gonnard
219c3368eb Merge pull request #1306 from davidhorstmann-arm/pkcs7-padding-side-channel-fix-3.6 
[Backport 3.6] Fix side channel in PKCS7 padding
 2025-05-06 09:34:40 +02:00
Manuel Pégourié-Gonnard
19d2c9165a Fix undocumented free() in x509_string_to_names() 
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:

 failed
  !  mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid

That's better of course but still not great, will be fixed by future
commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 16:44:18 +02:00
Max Fillinger
1bc2a9bdbf Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
15f9f5e562 Fix TLS exporter changelog entry 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:49 +02:00
Max Fillinger
91ad62efc7 Add changelog entry for TLS-Exporter feature 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
David Horstmann
bbf1a01503 Modify ChangeLog entry to full plaintext recovery 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-28 17:31:15 +00:00
Minos Galanakis
a3c020d2cf Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:50:40 +00:00
Minos Galanakis
688494ae41 Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:48:02 +00:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Gilles Peskine
c03cd1124c Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Bence Szépkúti
b22247b85b Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
David Horstmann
26f0044ad0 Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6 
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
 2025-03-12 17:35:40 +00:00
Bence Szépkúti
f525505886 Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Gilles Peskine
a7c020d6cb Update the location of defragmentation limitations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:48 +01:00
Gilles Peskine
1933932e55 Refer to the API documentation for details 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
43f636ff4d Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6 
Backport 3.6: Zeroize PSA temporary heap buffers
 2025-03-11 17:38:28 +01:00
David Horstmann
0326decca7 Add changelog entry for TLS 1.2 Finished fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 15:53:26 +00:00
Bence Szépkúti
23e941a2e7 Update changelog to call out MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:42:44 +01:00
Bence Szépkúti
8154c5823e Remove Everest VS2010 compatibility headers 
These headers were necessary for compatibility with Visual Studio 2010,
and interfere with the system headers on Visual Studio 2013+, eg. when
building Mbed TLS using the .sln file shipped with the project.

Move the still-required definition of "inline" to callconv.h, where the
definition for GCC also lives.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:54:19 +01:00
Bence Szépkúti
f65983d670 Fix MSVC version guard for C99 format size specifiers 
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).

%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:27 +01:00
Gilles Peskine
184cac1eb6 Zeroize temporary heap buffers used when deriving an ECC key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:42:30 +01:00
Gilles Peskine
e847afd9ef Zeroize temporary heap buffers used in PSA operations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:41:59 +01:00
Waleed Elmelegy
72b391fe07 Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:37:02 +00:00
Minos Galanakis
2622aea537 ChangeLog: Updated the entry for tls-hs-defragmentation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Gilles Peskine
20c7748575 Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Valerio Setti
cc1b26bd9a changelog: add note for MD changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-21 15:01:04 +01:00
Deomid rojer Ryabkov
716aead3b9 Update the changelog message 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:19 +01:00
Deomid Ryabkov
db2da526ff Update ChangeLog.d/tls-hs-defrag-in.txt 
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
3fc5a4dc86 Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
David Horstmann
1667455992 Add ChangeLog entry for PKCS#7 side channel fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-01-22 11:36:16 +00:00
Valerio Setti
b90d12490c scripts: fix paths for files moved to framework 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-08 10:03:49 +01:00
Solar Designer
cbf5df5d54 Add change log entry on AES-NI asm block fixes 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:10:06 +01:00
SuperIlu
f36f405c05 reworked changelog according to suggestion 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-02 21:25:11 +01:00
SuperIlu
95355befd5 Added changelog 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-01 10:32:07 +01:00
Paul Elliott
346d2f4e58 Merge pull request #9731 from gilles-peskine-arm/coverity-20241004-3.6 
Backport 3.6: Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
 2024-11-06 19:02:54 +00:00
Gilles Peskine
e4546ba988 Add changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-30 12:18:16 +01:00
Gilles Peskine
138312315e Changelog entry for ECDSA conversion functions called with bits=0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-28 10:09:18 +01:00
Gilles Peskine
0b8b7a1ee1 Merge pull request #9448 from valeriosetti/psa-use-static-slots-backport 
[Backport 3.6] PSA: use static key slots to store keys
 2024-10-24 07:27:43 +00:00
David Horstmann
0f170ad60b Merge pull request #9714 from ThePassionate/mbedtls-1022-3.6.0 
[Backport 3.6] net/mbedtls_net_connect: Preventing double close problem
 2024-10-22 16:49:18 +00:00
makejian
66b39d4cf1 net/mbedtls_net_connect: Preventing double close problem 
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.

Signed-off-by: makejian <makejian@xiaomi.com>
 2024-10-22 20:02:51 +08:00
Valerio Setti
a71c75f0fb changelog: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
d218b57d67 changelog: updated description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
cc27702ceb changelog: updated description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
d65ed17d74 changelog: describe support for static key slot buffers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Gergely Korcsák
36b0521b5f Fix driver schema json default type requirements 
Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>
 2024-10-10 13:15:01 +02:00