Mbed-TLS/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-06-05 21:15:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,496 Commits 180 Branches 280 Tags
development
Commit Graph

1770 Commits

Author SHA1 Message Date
Janos Follath 545d1b77a2 Merge pull request #10741 from valeriosetti/fix-mbedtls_config 
mbedtls_config.c missing mbedtls_platform_requirements.h
 2026-05-26 09:24:54 +00:00
Valerio Setti cd8b3878c5 changelog: add note about fix of issue 10740 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-29 17:05:51 +02:00
minosgalanakis d12fbb991c Merge pull request #10695 from valord577/patch-1 
Fix build warning/error using llvm-mingw
 2026-04-29 14:52:00 +00:00
Gilles Peskine a314ada082 Merge pull request #10631 from yiwu0b11/destdir_install_env_support 
Support DESTDIR for install and add build-system test
 2026-04-29 14:37:29 +00:00
valord577 68319cbc80 update ChangeLog 
Signed-off-by: valord577 <valord577@gmail.com>
 2026-04-22 11:05:04 +08:00
valord577 e022733f9f Merge branch 'Mbed-TLS:development' into patch-1 2026-04-22 10:41:51 +08:00
valord577 37b81f13c7 add ChangeLog 
Signed-off-by: valord577 <valord577@gmail.com>
 2026-04-16 15:17:32 +08:00
Viktor Sokolovskiy 2168fe9cda ssl: narrow TLS 1.2 RSA-PSS handling and add interop coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-16 04:36:48 +03:00
Yi Wu 6fb557c31a ChangeLog fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-13 15:00:44 +01:00
Yi Wu 15be9e9048 ChangeLog fixes 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-13 12:12:24 +01:00
Yi Wu f14f28ce75 ChangeLog padding space fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-10 10:27:09 +01:00
Viktor Sokolovskiy f75c033ead ssl: add TLS 1.2 RSA-PSS regression coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-07 20:20:09 +03:00
Viktor Sokolovskiy c064ba0edb ssl: accept TLS 1.2 rsa_pss_rsae signature schemes 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-04 03:57:04 +03:00
Gilles Peskine 54ebb9b42d Mention the new advice about compiler options in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:46 +02:00
Minos Galanakis 641fa2695c Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:42 +00:00
Minos Galanakis 308e7fb232 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:18:31 +00:00
Minos Galanakis feb0dd04ba Extended attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 15:03:07 +00:00
Minos Galanakis f3f27070a6 Added attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 11:22:00 +00:00
Ronald Cron 9f19fe1874 Merge pull request #1466 from yanesca/1445_fix_signature_algorithm_injection 
Fix signature algorithm injection
 2026-03-17 17:10:00 +01:00
Ronald Cron a08cff3d40 Merge pull request #1483 from ronald-cron-arm/context_load_and_session_load_documentation 
Tighten context/session load and save APIs documentation
 2026-03-17 14:11:39 +01:00
Ronald Cron cb0b594a9d Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure 
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 10:36:38 +00:00
Ronald Cron ccea2fd244 Improve change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-17 11:06:04 +01:00
Ronald Cron 894cea1fa2 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-16 15:03:12 +01:00
Janos Follath f68d402029 sig_algs: add ChangeLog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Manuel Pégourié-Gonnard d8868c432f Merge pull request #1486 from ronald-cron-arm/tls12-2nd-client-hello 
Fix TLS 1.2 client hello after HRR
 2026-03-16 10:58:50 +01:00
Yi Wu a8a1111827 ChangeLog fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-03-13 10:16:30 +00:00
Yi Wu 287d0a8d3c ChangeLog newline fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-03-13 10:11:42 +00:00
Gilles Peskine b9ff81c4c5 Merge remote-tracking branch 'development' into merge-development-restricted-20260311 2026-03-11 12:32:56 +01:00
Ronald Cron 622b69d1d0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:19 +01:00
Ronald Cron b5749b88f6 Merge pull request #10576 from ronald-cron-arm/dtls-client-hello-defragmentation 
Add support for (D)TLS 1.2 client hello defragmentation
 2026-03-10 14:46:07 +00:00
Yi Wu d9fa082e30 Add changelog 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-03-10 11:04:06 +00:00
Manuel Pégourié-Gonnard fe2599ea82 Merge pull request #1487 from davidhorstmann-arm/fix-null-pointer-dereference 
Fix null pointer dereference in `mbedtls_x509_string_to_names()`
 2026-03-09 12:43:08 +01:00
Gilles Peskine cf02249039 Merge remote-tracking branch 'development' into merge-development-restricted-20260309 2026-03-08 20:24:58 +01:00
Gilles Peskine 68c44a4a97 Update attribution to conform to contributor's request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-05 12:10:16 +01:00
Gilles Peskine e8dec9c031 Unify the detection of Unix-like platforms 
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:18 +01:00
Gilles Peskine 3d4b7cd3f9 Merge remote-tracking branch 'development' into development-restricted 2026-03-03 19:00:20 +01:00
David Horstmann 2acb9a2e7b Add ChangeLog entry for NULL dereference fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-26 14:04:40 +00:00
Ronald Cron a5f45bb935 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Gilles Peskine f004998303 Add issue number 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-21 21:20:34 +01:00
Gilles Peskine 5890b22b82 Fix a build error with MSVC 
Also fixes a minor bug on Windows with timers running over ~49 days.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-19 16:53:52 +01:00
Gilles Peskine 86eac795c9 Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME 
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.

This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-19 16:53:52 +01:00
David Horstmann 37e3dcf00d Reword ChangeLog entry 
We do not return failure, but return -1u which is documented as a value
that indicates that the result is not available.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-16 16:18:01 +00:00
Janos Follath 57f189887b Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-02-12 08:11:37 +00:00
David Horstmann e29d7be48e Add ChangeLog entry for verify_result hardening 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-05 14:31:46 +00:00
Valerio Setti 2a72766d75 Merge pull request #10570 from valeriosetti/issue10349 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
 2026-02-03 11:01:11 +00:00
Valerio Setti 318e4314df changelog: add notes about helpers added to get list of known/supported TLS groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-02-02 13:38:03 +01:00
Nico Geyso cc53b069d9 Improve changelog for alert getter 
Integrate suggestions by @ronald-cron-arm for changelog for alert
getter.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-27 10:48:55 +01:00
Nico Geyso d589854611 mbedtls_ssl_get_alert(): getter for fatal alerts 
Even though the TLS RFCs do not mandate libraries to expose *Error
Alerts* (as defined in RFC8446 6.2 for TLS 1.3 and in RFC5246 7.2.2 for
TLS 1.2) to the user, there are use cases when it is handy to get the
actual last received fatal error instead of a generic one. For instance
this enables the user to differ between received fatal errors in case
`mbedtls_ssl_handshake()`, `mbedtls_ssl_handshake_step()` or
`mbedtls_ssl_read()` returned `MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE`.

This changesets stores the last incoming fatal alert in
`mbedtls_ssl_context` and provides `mbedtls_ssl_get_alert()` as a getter
for retrieving it. Another option would be to provide a callback
mechanisms for all kinds of alerts (not only fatals) but for simplicity
I discarded this option.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2025-12-10 19:37:07 +01:00
Gilles Peskine 28f745515e Changelog entry for fix #10502 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-11-20 10:28:30 +01:00
Valerio Setti 525dd917dc Merge pull request #10477 from Cube707/fix/iar-compiler-warning 
add cast to fix IAR compiler errors
 2025-10-31 12:33:26 +00:00