|
1 | 1 | Mbed TLS ChangeLog (Sorted per branch, date) |
2 | 2 |
|
| 3 | += Mbed TLS 3.6.5 branch released 2025-10-15 |
| 4 | + |
| 5 | +API changes |
| 6 | + * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT |
| 7 | + enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the |
| 8 | + function psa_can_do_cipher() in addition to psa_can_do_hash(). This |
| 9 | + changed was made in Mbed TLS 3.6.0 but was not announced then. |
| 10 | + |
| 11 | +Features |
| 12 | + * The new function mbedtls_cipher_finish_padded() is similar to |
| 13 | + mbedtls_cipher_finish(), but makes it easier to process invalid-padding |
| 14 | + conditions in constant time. |
| 15 | + |
| 16 | +Security |
| 17 | + * Fix a timing side channel in CBC-PKCS7 decryption that could |
| 18 | + allow an attacker who can submit chosen ciphertexts to recover |
| 19 | + some plaintexts through a timing-based padding oracle attack. |
| 20 | + Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438 |
| 21 | + * Fix a local timing side-channel in modular inversion and GCD that was |
| 22 | + exploitable in RSA key generation and other RSA operations (see the full |
| 23 | + advisory for details), allowing a local attacker to fully recover the |
| 24 | + private key. This can be exploited on some Arm-v9 CPUs by an unprivileged |
| 25 | + attacker running code on the same core (SSBleed), or when Trustzone-M is |
| 26 | + used, by the non-secure side abusing timer interrupts (M-Step), and |
| 27 | + probably in other similar settings as well. Found and reported |
| 28 | + independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E. |
| 29 | + Carlson (National University of Singapore); M-Step: Cristiano Rodrigues |
| 30 | + (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto |
| 31 | + (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764 |
| 32 | + |
| 33 | +Bugfix |
| 34 | + * Fix potential CMake parallel build failure when building both the static |
| 35 | + and shared libraries. |
| 36 | + * Fix a build error or incorrect TLS session |
| 37 | + lifetime on platforms where mbedtls_time_t |
| 38 | + is not time_t. Fixes #10236. |
| 39 | + |
| 40 | +Changes |
| 41 | + * The function mbedtls_mpi_gcd() now always gives a non-negative output. |
| 42 | + Previously the output was negative when B = 0 and A < 0, which was not |
| 43 | + documented, and inconsistent as all other inputs resulted in a non-negative |
| 44 | + output. |
| 45 | + |
3 | 46 | = Mbed TLS 3.6.4 branch released 2025-06-30 |
4 | 47 |
|
5 | 48 | Features |
|
0 commit comments