TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-16 17:08:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,410 Commits 179 Branches 280 Tags
v4.1.0
Commit Graph

1753 Commits

Author SHA1 Message Date
Minos Galanakis
641fa2695c Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:42 +00:00
Minos Galanakis
308e7fb232 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:18:31 +00:00
Minos Galanakis
feb0dd04ba Extended attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 15:03:07 +00:00
Minos Galanakis
f3f27070a6 Added attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 11:22:00 +00:00
Ronald Cron
9f19fe1874 Merge pull request #1466 from yanesca/1445_fix_signature_algorithm_injection 
Fix signature algorithm injection
 2026-03-17 17:10:00 +01:00
Ronald Cron
a08cff3d40 Merge pull request #1483 from ronald-cron-arm/context_load_and_session_load_documentation 
Tighten context/session load and save APIs documentation
 2026-03-17 14:11:39 +01:00
Ronald Cron
cb0b594a9d Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure 
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 10:36:38 +00:00
Ronald Cron
ccea2fd244 Improve change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-17 11:06:04 +01:00
Ronald Cron
894cea1fa2 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-16 15:03:12 +01:00
Janos Follath
f68d402029 sig_algs: add ChangeLog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Manuel Pégourié-Gonnard
d8868c432f Merge pull request #1486 from ronald-cron-arm/tls12-2nd-client-hello 
Fix TLS 1.2 client hello after HRR
 2026-03-16 10:58:50 +01:00
Gilles Peskine
b9ff81c4c5 Merge remote-tracking branch 'development' into merge-development-restricted-20260311 2026-03-11 12:32:56 +01:00
Ronald Cron
622b69d1d0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:19 +01:00
Ronald Cron
b5749b88f6 Merge pull request #10576 from ronald-cron-arm/dtls-client-hello-defragmentation 
Add support for (D)TLS 1.2 client hello defragmentation
 2026-03-10 14:46:07 +00:00
Manuel Pégourié-Gonnard
fe2599ea82 Merge pull request #1487 from davidhorstmann-arm/fix-null-pointer-dereference 
Fix null pointer dereference in `mbedtls_x509_string_to_names()`
 2026-03-09 12:43:08 +01:00
Gilles Peskine
cf02249039 Merge remote-tracking branch 'development' into merge-development-restricted-20260309 2026-03-08 20:24:58 +01:00
Gilles Peskine
68c44a4a97 Update attribution to conform to contributor's request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-05 12:10:16 +01:00
Gilles Peskine
e8dec9c031 Unify the detection of Unix-like platforms 
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:18 +01:00
Gilles Peskine
3d4b7cd3f9 Merge remote-tracking branch 'development' into development-restricted 2026-03-03 19:00:20 +01:00
David Horstmann
2acb9a2e7b Add ChangeLog entry for NULL dereference fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-26 14:04:40 +00:00
Ronald Cron
a5f45bb935 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Gilles Peskine
f004998303 Add issue number 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-21 21:20:34 +01:00
Gilles Peskine
5890b22b82 Fix a build error with MSVC 
Also fixes a minor bug on Windows with timers running over ~49 days.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-19 16:53:52 +01:00
Gilles Peskine
86eac795c9 Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME 
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.

This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-19 16:53:52 +01:00
David Horstmann
37e3dcf00d Reword ChangeLog entry 
We do not return failure, but return -1u which is documented as a value
that indicates that the result is not available.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-16 16:18:01 +00:00
Janos Follath
57f189887b Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-02-12 08:11:37 +00:00
David Horstmann
e29d7be48e Add ChangeLog entry for verify_result hardening 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-05 14:31:46 +00:00
Valerio Setti
2a72766d75 Merge pull request #10570 from valeriosetti/issue10349 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
 2026-02-03 11:01:11 +00:00
Valerio Setti
318e4314df changelog: add notes about helpers added to get list of known/supported TLS groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-02-02 13:38:03 +01:00
Nico Geyso
cc53b069d9 Improve changelog for alert getter 
Integrate suggestions by @ronald-cron-arm for changelog for alert
getter.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-27 10:48:55 +01:00
Nico Geyso
d589854611 mbedtls_ssl_get_alert(): getter for fatal alerts 
Even though the TLS RFCs do not mandate libraries to expose *Error
Alerts* (as defined in RFC8446 6.2 for TLS 1.3 and in RFC5246 7.2.2 for
TLS 1.2) to the user, there are use cases when it is handy to get the
actual last received fatal error instead of a generic one. For instance
this enables the user to differ between received fatal errors in case
`mbedtls_ssl_handshake()`, `mbedtls_ssl_handshake_step()` or
`mbedtls_ssl_read()` returned `MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE`.

This changesets stores the last incoming fatal alert in
`mbedtls_ssl_context` and provides `mbedtls_ssl_get_alert()` as a getter
for retrieving it. Another option would be to provide a callback
mechanisms for all kinds of alerts (not only fatals) but for simplicity
I discarded this option.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2025-12-10 19:37:07 +01:00
Gilles Peskine
28f745515e Changelog entry for fix #10502 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-11-20 10:28:30 +01:00
Valerio Setti
525dd917dc Merge pull request #10477 from Cube707/fix/iar-compiler-warning 
add cast to fix IAR compiler errors
 2025-10-31 12:33:26 +00:00
Jan Spannberger
a5384bdf09 add cast to fix IAR compiler errors 
IAR throws a warning "mixed ENUM with other type"

Signed-off-by: Jan Spannberger <jan.spannberger@siemens.com>
 2025-10-28 15:13:08 +01:00
Luc Schrijvers
ffc2606bf2 Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation 
Signed-off-by: Luc Schrijvers <begasus@gmail.com>
 2025-10-24 12:50:51 +02:00
Minos Galanakis
38181b6d66 Assemble ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-13 16:51:48 +01:00
Gilles Peskine
0a49a8b577 Merge pull request #10397 from minosgalanakis/debug/restore_changelogs 
Changelog entries post migration to TF-PSA-Crypto
 2025-09-30 11:26:54 +00:00
Ben Taylor
c797a35acd Improve ChangeLog entry 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-29 14:24:47 +01:00
Ben Taylor
b11d5bc949 Add ChangeLog 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-29 14:24:47 +01:00
Minos Galanakis
55e4bf8acd Changelog: Introduced oid.txt 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-29 11:42:30 +01:00
Minos Galanakis
8120169554 Changelog: Removed check-config.txt 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-29 11:38:39 +01:00
Minos Galanakis
30f42edd43 Changelog: Reworded fix-clang-psa-build-without-dhm 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-29 11:38:10 +01:00
Minos Galanakis
cc3f987c4f Changelogs: Added CVEs 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-29 11:34:24 +01:00
Minos Galanakis
9364208e33 Changelogs: Fixed aligment issues 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-29 10:39:23 +01:00
Minos Galanakis
48bfaa9353 Changelog: Removed psa migrated entries 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00
Minos Galanakis
9b1db5da78 Moved entries back to Changelog.d 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00
Minos Galanakis
514375e8c1 Changelog: Brought entries from tf-psa-crypto 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00
Minos Galanakis
1789bbdde8 Changelog: Moved entries to tf-psa-psa 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00
Minos Galanakis
4b0923f653 Changelog: Brought forward changelog changes from #4716308 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00
Minos Galanakis
92a2154ed2 Changelog: Split changelogs for both libraries 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-09-26 15:53:04 +01:00