TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-13 07:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,727 Commits 179 Branches 280 Tags
v3.6.6
Commit Graph

32727 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
0bebf8b8c7 Added generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
mbedtls-3.6.6 v3.6.6 		2026-03-26 22:03:13 +00:00
Minos Galanakis
1baa5bba69 Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:03:13 +00:00
Minos Galanakis
69454b4bfe Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:50:06 +00:00
Minos Galanakis
3cfe12bf11 Bump version 
./scripts/bump_version.sh --version 3.6.6

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:48:57 +00:00
Minos Galanakis
6cb4a1e9d2 Updated framework submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:47:46 +00:00
Minos Galanakis
809410026f Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.6.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 21:47:09 +00:00
Gilles Peskine
77b1a22bc3 Merge pull request #1536 from ronald-cron-arm/3.6-context_load_and_session_load_documentation 
3.6 backport: Tighten context/session load and save APIs documentation
 2026-03-26 21:32:09 +01:00
minosgalanakis
39acf7d2c8 Merge pull request #1535 from Mbed-TLS/release/changelog_fixes_3.6.6 
[Release] Added attributions & CVE to ChangeLogs (3.6 LTS)
 2026-03-26 17:38:26 +00:00
Ronald Cron
86b6812003 Update change log. 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 18:25:06 +01:00
Minos Galanakis
860cde63e6 MOufa 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 16:43:03 +00:00
Minos Galanakis
e4c6f6819e Added attribution for ffdh-peerkey-check 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 16:42:23 +00:00
Minos Galanakis
441beaeeac Extended attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 14:51:36 +00:00
Ronald Cron
f45d735826 Improve change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
e7076b1639 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
e7c9b1dfb3 Reduce duplication between save/load documentations 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
dd20b0644a Add warning in mbedtls_ssl_session_load/save documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Ronald Cron
6712bd07b3 Add warning in mbedtls_ssl_context_save/load documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-26 13:18:10 +01:00
Minos Galanakis
0205ff782b Added attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 11:11:12 +00:00
Manuel Pégourié-Gonnard
3746d7bbe0 Merge pull request #1531 from minosgalanakis/bugfix/ccm_finish_boundary_check_3.6_accr 
Added attribution to fix-ccm-finish changelog entry (mbedtls3.6)
 2026-03-26 09:36:56 +01:00
minosgalanakis
e944c99027 Merge pull request #1519 from ronald-cron-arm/dtls-3.6 
3.6: Fixes relative to DTLS invalid/unexpected first record
 2026-03-25 22:31:18 +00:00
minosgalanakis
6522a260b2 Merge pull request #1530 from mpg/ffdh-changelog-fix 
Remove attribution that wasn't agreed on
 2026-03-25 19:38:16 +00:00
Minos Galanakis
17c19f9782 Added attribution to fix-ccm-finish changelog entry 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-25 16:14:18 +00:00
Ronald Cron
0c718e863a dtls: Log mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 15:05:53 +01:00
Ronald Cron
eb1cdf45cd dtls: Fix adaptation to first ClientHello 
For each received ClientHello fragment, check
that its epoch is zero and update the
record-level sequence number.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
953c584eec Remove debug leftover 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
3a3d1d3dcd Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
9be94ba6ae Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
42dec1f97c ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests 
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
ed156d0699 Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests 
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
db25da0f32 dtls: Fix log level 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
243a28c7fd dtls: parse_client_hello: Adapt mbedtls_ssl_read_record() error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
4decf92956 dtls: Keep invalid/unexpected record header error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
82be755414 dtls: Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:28:17 +01:00
Ronald Cron
7a50711061 Update buffering when adapting to ClientHello message_seq 
Credit to OSS-Fuzz for detecting the problem.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 14:26:16 +01:00
Manuel Pégourié-Gonnard
38fe3d463e Remove attribution that wasn't agreed on 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2026-03-25 13:36:01 +01:00
Ronald Cron
7fabb42524 Introduce ssl_buffering_shift_slots 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
072ddb0346 dtls: Error out on invalid/unexpected record header 
Error out on invalid/unexpected record header
when reading the DTLS 1.2 ClientHello.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
f8dd49e047 dtls: Fix debug log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Ronald Cron
36d75df56b Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" 
This reverts commit 0a8c35d273.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-23 19:18:26 +01:00
Gilles Peskine
b7a34b9224 Merge pull request #1522 from ronald-cron-arm/mbedtls-3.6-release-sync-merge 
Merge of 'mbedtls-restricted/mbedtls-3.6-release-sync' into 'mbedtls-restricted/mbedtls-3.6-restricted'
 2026-03-23 14:29:17 +01:00
Ronald Cron
707c8c34ec Merge remote-tracking branch 'mbedtls-restricted/mbedtls-3.6-release-sync' into 'mbedtls-restricted/mbedtls-3.6-restricted' 2026-03-23 12:08:25 +01:00
Bence Szépkúti
8530b5e708 Merge pull request #1504 from gilles-peskine-arm/psa-rng-fork-3.6 
Backport 3.6: PSA RNG fork protection
 2026-03-19 17:26:52 +01:00
Gilles Peskine
f6118b40e1 Merge pull request #1492 from minosgalanakis/bugfix/ccm_finish_boundary_check_3.6 
Bugfix/ccm finish boundary check 3.6
 2026-03-17 21:57:28 +01:00
Ronald Cron
303504fba9 Merge pull request #10645 from minosgalanakis/mbedtls-3.6-release-sync 
MbedTLS 3.6.6 release sync
 2026-03-17 20:46:43 +00:00
Gilles Peskine
9dfe49a980 Update framework with mbedtls_test_fork_run_child merged 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-17 21:29:58 +01:00
Minos Galanakis
b19eec6495 Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-17 16:55:40 +00:00
Ronald Cron
c1cd21d854 Merge pull request #1510 from yanesca/1445_fix_signature_algorithm_injection-backport 
Fix signature algorithm injection [3.6 Backport]
 2026-03-17 17:09:51 +01:00
Bence Szépkúti
444d0ac2c1 Merge pull request #10443 from davidhorstmann-arm/verify-result-default-failure-3.6 
[Backport 3.6] Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 12:14:48 +00:00
Minos Galanakis
73c6d6d3e9 test_suite_ccm: Added error.h 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-17 11:42:42 +00:00
Manuel Pégourié-Gonnard
b48ddb3f4e Merge pull request #1485 from gilles-peskine-arm/dev-random-config-3.6 
Backport 3.6: Use /dev/random and make it configurable
 2026-03-17 10:54:46 +01:00