libmbedtls/mbedtls/SECURITY.md

4 send an email to the security team at
13 Its primary goal is to ensure fixes are ready to be deployed when the issue
20 Users are urged to always use the latest version of a maintained branch.
33 Mbed TLS aims to fully protect against remote attacks and to enable the user
35 protection is limited to providing security guarantees offered by the protocol
47 machine. The attacker has insufficient privileges to directly access Mbed TLS
52 The attacker is able to observe the timing of instructions executed by Mbed TLS
54 to. Typical attack vectors include cache timings, memory bus contention and
60 limited. We are only aiming to provide protection against **publicly
77 The attacker code running on the platform has access to some sensor capable of
79 running. This could for example be an analogue-to-digital converter on the
80 platform that is located unfortunately enough to pick up the CPU noise.
84 a user application's threat model, they need to be mitigated by the platform.
93 application's threat model, they need to be mitigated by the platform.
97 In this section, we consider an attacker who has access to physical information
103 model, they need to be mitigated by physical countermeasures.
122 tables, which are vulnerable to timing attacks.
153 assumed to have performed this validation (and the certificate is trusted to
155 Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant.
157 **Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra
158 validation is performed separately to ensure that they are compliant to the
162 However, Mbed TLS aims to protect against memory corruption and other