Merge tag 'mbedtls-4.0.0-beta' into mbedtls-4.0.0-beta-mergeback

Mbed TLS 4.0.0-beta
2025-07-29 11:41:15 +03:00 · 2025-07-07 17:40:18 +03:00
parent a9ff1c4089 71157fd574
commit 83bef5b66a
77 changed files with 422 additions and 367 deletions
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -171,7 +171,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
    add_library(${mbedx509_target} SHARED ${src_x509})
    set_base_compile_options(${mbedx509_target})
    target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS})
-    set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7)
+    set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8)
    target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target})

    add_library(${mbedtls_target} SHARED ${src_tls})
--- a/library/Makefile
+++ b/library/Makefile
@ -82,7 +82,7 @@ endif
 endif

 SOEXT_TLS?=so.21
-SOEXT_X509?=so.7
+SOEXT_X509?=so.8
 SOEXT_CRYPTO?=so.16

 # Set AR_DASH= (empty string) to use an ar implementation that does not accept
--- a/library/x509_create.c
+++ b/library/x509_create.c
@ -468,8 +468,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
    unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
    size_t data_len = 0;

-    /* Clear existing chain if present */
-    mbedtls_asn1_free_named_data_list(head);
+    /* Ensure the output parameter is not already populated.
+     * (If it were, overwriting it would likely cause a memory leak.)
+     */
+    if (*head != NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }

    while (c <= end) {
        if (in_attr_type && *c == '=') {
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@ -82,12 +82,14 @@ void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
 int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
                                           const char *subject_name)
 {
+    mbedtls_asn1_free_named_data_list(&ctx->subject);
    return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
 }

 int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
                                          const char *issuer_name)
 {
+    mbedtls_asn1_free_named_data_list(&ctx->issuer);
    return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
 }

--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@ -64,6 +64,7 @@ void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_contex
 int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
                                           const char *subject_name)
 {
+    mbedtls_asn1_free_named_data_list(&ctx->subject);
    return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
 }