October 2025 - mbed-tls - lists.trustedfirmware.org

by Matt Bauman

Hello all, I know that v2.28.10 is EOL, but I've been working on bringing security bug fixes to our distribution of it as part of my work in shoring up the Julia package ecosystem. I've largely leaned on the Debian security team's work thus far; they have the much harder task of supporting 2.16.9 for bullseye (security) and have done great work in bringing that version up to date through CVE-2025-52497. I've re-landed their backport patches against v2.28.10; these can be found on our build tree [1] or my fork [2]: 1. https://github.com/JuliaPackaging/Yggdrasil/tree/54c5a3e8e72899a3a778d8617f… 2. https://github.com/Mbed-TLS/mbedtls/compare/v2.28.10...mbauman:mbedtls:v2.2… Now I'm faced with the daunting prospect of last week's CVE-2025-54764 and CVE-2025-59438. These are *much* larger changesets. Has anyone else begun tackling this? I very much appreciated the guidance that’s included in the advisory itself, but I'm guessing there may be others in our situation... and I came here looking to see if anyone had begun talking about this (or working on it) yet. Best, Matt

1 day, 12 hours

2
2
0 0

FW: CI infrastructure scheduled maintenance: 12th Sep 2025

by Joanna Farley

FYI From: Saheer Babu via Tf-openci <tf-openci(a)lists.trustedfirmware.org> Date: Wednesday, 10 September 2025 at 15:17 To: tf-openci(a)lists.trustedfirmware.org <tf-openci(a)lists.trustedfirmware.org> Subject: [Tf-openci] CI infrastructure scheduled maintenance: 12th Sep 2025 Hi all, We will be performing upgrade of the clusters hosting review.trustedfirmware.org and ci.trustedfirmware.org on Friday, 12th Sep 2025 at 16:00 GMT+1. During this maintenance window, both services will be unavailable for approximately 4 hours. A follow-up email will be sent once the services are fully restored. Best regards, Saheer IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Tf-openci mailing list -- tf-openci(a)lists.trustedfirmware.org To unsubscribe send an email to tf-openci-leave(a)lists.trustedfirmware.org

1 week, 1 day

2
2
0 0

Question regarding mbedtls 3.6.0 conformance to IEC 62351-3:2023

by Tommaso Mancini

Hello, I am writing to you to ask if you have any available documentation you can share regarding mbedtls's conformance to IEC 62351-3:2023. For example: Do you know of any users which have implemented the library in systems that reached IEC 62351-3:2023 certification? Do you have a list of features mapped to the IEC 62351-3:2023 standard requirements? Perhaps a PICS template? Thank you in advance and apologies if this is the wrong channel for this kind of question. Kind Regards, Tommaso Mancini [1741361442716] <mailto:tommaso.mancini@sel-electric.it> Tommaso Mancini SEL S.p.A. R&D Software and Test Engineer Via Amendola 9,11,13,15,17 51035 Lamporecchio (PT) Tel. +39 0573 80051 Fax +39 0573 803110 website: www.sel-electric.com<http://www.sel-electric.com/> e-mail: tommaso.mancini(a)sel-electric.it<mailto:tommaso.mancini@sel-electric.it> <mailto:tommaso.mancini@sel-electric.it>Questo è un messaggio di posta elettronica proveniente da SEL s.p.a. Le informazioni contenut in questa comunicazione sono altamente riservate e possono essere utilizzate solo dalla persona o dall’ente cui sono destinate. La diffusione, distribuzione e/o copiatura del documento trasmesso da parte di qualsiasi soggetto diverso dal destinatario è proibita. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie. This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission cannot be guaranteed to be secure or error-free. If you receive this communication unintentionally, please inform us immediately. Thank you. Per favore, pensa all’ambiente prima di stampare. Please, consider the environment before you print.

1 week, 1 day

1
0
0 0

MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED

by Кристиян Ценов

1 week, 1 day

1
0
0 0

Re: TrustedFirmware.org - Check for MbedTLS License/Royality fee for commercial usage

by Carina Tsai

To whom it may concern, Our engineering team is using the Mbed TLS library in our wifi range extenders sold on markets and adhere to the licensing terms outlined in the sourcecode and docs. Thanks to Shaun’s guideline, it would be no royalty if we adhere to the licensing terms. Is there any other cost required for us to use the Mbed TLS library in our wifi range extenders, adhering to the licensing terms outlined in the sourcecode and docs? Thank you Carina From: Shaun Longhorn <shaun.longhorn(a)linaro.org<mailto:shaun.longhorn@linaro.org>> Sent: Tuesday, September 30, 2025 7:08 PM To: Ken Chen <Ken.Chen(a)netgear.com<mailto:Ken.Chen@netgear.com>> Cc: enquiries(a)trustedfirmware.org<mailto:enquiries@trustedfirmware.org> Subject: Re: TrustedFirmware.org - Check for MbedTLS License/Royality fee for commercial usage External Email. Be cautious clicking attachments and links. Report suspicious to reportphishing(a)netgear.com<mailto:reportphishing@netgear.com>. Hi Ken, I'm the Community Manager at Trusted Firmware. I can't advise you directly on your licensing situation but I can point you towards the documentation. Mbed TLS is an open source community project and no royalty is required. You must adhere to the licensing terms outlined in the sourcecode and docs: https://github.com/Mbed-TLS/mbedtls?tab=readme-ov-file#license<https://urldefense.com/v3/__https:/github.com/Mbed-TLS/mbedtls?tab=readme-o…> https://mbed-tls.readthedocs.io/en/latest/kb/licensing/<https://urldefense.com/v3/__https:/mbed-tls.readthedocs.io/en/latest/kb/lic…> You can also reach out to the Mbed-TLS community on the following public mailing list. https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirm…<https://urldefense.com/v3/__https:/lists.trustedfirmware.org/mailman3/lists…> I should highlight our optional memberships for Trusted Firmware detailed on this page. https://www.trustedfirmware.org/join/<https://urldefense.com/v3/__https:/www.trustedfirmware.org/join/__;!!JNtdCR…> membership has a number of benefits detailed in the slides. It could be beneficial in terms of lab testing and project visibility. If you have an interest we can arrange a call with the Co-Chairs and discuss benefits in more detail. Thanks, Shaun Community Manager On Tue, 30 Sept 2025 at 09:20, 'Ken Chen' via TFenquiries <enquiries(a)trustedfirmware.org<mailto:enquiries@trustedfirmware.org>> wrote: Dear Sir/Madam, I am reaching out to inquire about the licensing terms and any potential royalty fees associated with using the Mbed TLS library in our commercial products. I was unable to find a specific contact point for this type of query. Could you kindly forward this message to the appropriate person or team for further discussion? Thank you for your assistance. Best regards Ken This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

2 weeks, 1 day

5
13
0 0

Announcing the joint release of Mbed TLS 4.0.0 & TF-PSA-Crypto 1.0.0

by Minos Galanakis

Hi Mbed TLS users, We’re pleased to announce a major milestone: the joint release of Mbed TLS 4.0.0 and the first-ever TF-PSA-Crypto 1.0.0. Mbed TLS now uses PSA Crypto as the default cryptographic API, and these releases include significant API changes that break backward compatibility with previous versions These releases include significant API changes that break backward compatibility with previous versions, so please test your integration thoroughly and follow the migration guides to update your codebase: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-4.0.0/docs/4.0-migration-g… https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/v1.0.0/docs/1.0-migration-gu… Full details are available in the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0 https://github.com/Mbed-TLS/TF-PSA-Crypto/releases/tag/tf-psa-crypto-1.0.0.

3 weeks, 2 days

1
0
0 0

Mbed TLS 3.6.5 Released

by Minos Galanakis

Hi Mbed TLS users, We have released Mbed TLS version 3.6.5. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5. We recommend all users to consider whether they are impacted, and to upgrade appropriately.

3 weeks, 2 days

1
0
0 0

2025

2024

2023

2022

2021

2020

mbed-tls October 2025