espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-06-12 22:45:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add paragraph on undefined behaviour

Browse Source 
Add a note that we do aim to protect against undefined behaviour and
undefined behaviour in certificate parsing is in scope.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann 2025-01-22 14:48:58 +00:00
parent 8bf5dc683c
commit fe2d3e0129
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
SECURITY.md
View File

@ -158,3 +158,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant.
validation is performed separately to ensure that they are compliant to the validation is performed separately to ensure that they are compliant to the
relevant specifications. This makes Mbed TLS on its own unsuitable use in a relevant specifications. This makes Mbed TLS on its own unsuitable use in a
Certificate Authority (CA). Certificate Authority (CA).
However, Mbed TLS aims to protect against memory corruption and other
undefined behavior when parsing certificates and CSRs. If a CSR or signed
certificate causes undefined behavior when it is parsed by Mbed TLS, that
is considered a security vulnerability.