TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-28 15:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,011 Commits 177 Branches 276 Tags
e009158d718bf5bcfe85bf2b2cdf4be6e308e4cc
Commit Graph

1609 Commits

Author SHA1 Message Date
Max Fillinger
1bc2a9bdbf Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
15f9f5e562 Fix TLS exporter changelog entry 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:49 +02:00
Max Fillinger
91ad62efc7 Add changelog entry for TLS-Exporter feature 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Minos Galanakis
a3c020d2cf Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:50:40 +00:00
Minos Galanakis
688494ae41 Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:48:02 +00:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Gilles Peskine
c03cd1124c Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Bence Szépkúti
b22247b85b Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
David Horstmann
26f0044ad0 Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6 
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
 2025-03-12 17:35:40 +00:00
Bence Szépkúti
f525505886 Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Gilles Peskine
a7c020d6cb Update the location of defragmentation limitations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:48 +01:00
Gilles Peskine
1933932e55 Refer to the API documentation for details 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
43f636ff4d Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6 
Backport 3.6: Zeroize PSA temporary heap buffers
 2025-03-11 17:38:28 +01:00
David Horstmann
0326decca7 Add changelog entry for TLS 1.2 Finished fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 15:53:26 +00:00
Bence Szépkúti
23e941a2e7 Update changelog to call out MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:42:44 +01:00
Bence Szépkúti
8154c5823e Remove Everest VS2010 compatibility headers 
These headers were necessary for compatibility with Visual Studio 2010,
and interfere with the system headers on Visual Studio 2013+, eg. when
building Mbed TLS using the .sln file shipped with the project.

Move the still-required definition of "inline" to callconv.h, where the
definition for GCC also lives.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:54:19 +01:00
Bence Szépkúti
f65983d670 Fix MSVC version guard for C99 format size specifiers 
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).

%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:27 +01:00
Gilles Peskine
184cac1eb6 Zeroize temporary heap buffers used when deriving an ECC key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:42:30 +01:00
Gilles Peskine
e847afd9ef Zeroize temporary heap buffers used in PSA operations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 12:41:59 +01:00
Waleed Elmelegy
72b391fe07 Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:37:02 +00:00
Minos Galanakis
2622aea537 ChangeLog: Updated the entry for tls-hs-defragmentation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Gilles Peskine
20c7748575 Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Valerio Setti
cc1b26bd9a changelog: add note for MD changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-21 15:01:04 +01:00
Deomid rojer Ryabkov
716aead3b9 Update the changelog message 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:19 +01:00
Deomid Ryabkov
db2da526ff Update ChangeLog.d/tls-hs-defrag-in.txt 
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
3fc5a4dc86 Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Valerio Setti
b90d12490c scripts: fix paths for files moved to framework 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-08 10:03:49 +01:00
Solar Designer
cbf5df5d54 Add change log entry on AES-NI asm block fixes 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:10:06 +01:00
SuperIlu
f36f405c05 reworked changelog according to suggestion 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-02 21:25:11 +01:00
SuperIlu
95355befd5 Added changelog 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-01 10:32:07 +01:00
Paul Elliott
346d2f4e58 Merge pull request #9731 from gilles-peskine-arm/coverity-20241004-3.6 
Backport 3.6: Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
 2024-11-06 19:02:54 +00:00
Gilles Peskine
e4546ba988 Add changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-30 12:18:16 +01:00
Gilles Peskine
138312315e Changelog entry for ECDSA conversion functions called with bits=0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-28 10:09:18 +01:00
Gilles Peskine
0b8b7a1ee1 Merge pull request #9448 from valeriosetti/psa-use-static-slots-backport 
[Backport 3.6] PSA: use static key slots to store keys
 2024-10-24 07:27:43 +00:00
David Horstmann
0f170ad60b Merge pull request #9714 from ThePassionate/mbedtls-1022-3.6.0 
[Backport 3.6] net/mbedtls_net_connect: Preventing double close problem
 2024-10-22 16:49:18 +00:00
makejian
66b39d4cf1 net/mbedtls_net_connect: Preventing double close problem 
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.

Signed-off-by: makejian <makejian@xiaomi.com>
 2024-10-22 20:02:51 +08:00
Valerio Setti
a71c75f0fb changelog: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
d218b57d67 changelog: updated description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
cc27702ceb changelog: updated description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Valerio Setti
d65ed17d74 changelog: describe support for static key slot buffers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-22 13:31:19 +02:00
Gergely Korcsák
36b0521b5f Fix driver schema json default type requirements 
Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>
 2024-10-10 13:15:01 +02:00
Gilles Peskine
2aecb1369f Changelog entry: fix #9551 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-20 07:44:36 +02:00
David Horstmann
9cf929d421 Assemble ChangeLog 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:56:16 +01:00
David Horstmann
9f10979853 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:48:27 +01:00
Ronald Cron
9f44c883f4 Rename some "new_session_tickets" symbols 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 17:47:46 +02:00
Ronald Cron
c9884b04ad Fix change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 16:36:07 +02:00
Ronald Cron
31b40b3600 Add change logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:42:01 +02:00
Gilles Peskine
aa6ef7da50 Changelog entry for psa_crypto_init potentially being called from TLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-26 12:01:31 +02:00
Gilles Peskine
069bccdf78 Call psa_crypto_init in the library when required for TLS 1.3 
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.

This commit makes the library call psa_crypto_init() when it needs PSA
crypto in a situation where the application might not have called it,
namely, when starting a TLS 1.3 connection.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-25 10:44:39 +02:00