Merge changes in preparation of the v6.4.4.202503 release. #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

fdesbiens merged 42 commits into master from dev

Oct 2, 2025

Contributor

fdesbiens commented Oct 2, 2025

No description provided.

mdkf and others added 30 commits

April 2, 2025 14:32


          312 Handle HTTP code 429

343f593


          typo

5baa0cd


          Update tests

0df17a7


          fix: corrected cleanup method call in HKDF implementation to prevent …

ca0148d

…potential buffer overflow due to incorrect pointer being passed to HMAC cleanup if NetX is build with NX_SECURE_KEY_CLEAR defined.


          Insert a remaining buffer length check before dereferencing the pointer

d4c3b96


          Insert a index position check before getting bytes

adbb3a2


          Insert a buffer_ptr position check before getting bytes

9a1315f


          Move empty packet check in nx_secure_tls_session_send

37d8682

It was causing some tests to hang forever because they were expecting
different errors to be returned. We do want to keep the check for
empty packets as the netx_web_invalid_release_test expects that
sending an empty packet fails. Note that the test also tests HTTPS,
which will technically send a non-empty packet because the empty
packet will be modified to include the TLS data. However, the
empty packet check in nx_secure_tls_session_send will fulfill the
same role as the check in nx_tcp_socket_send.c, checking for
an empty packet prior to the modification of the packet to include
TLS data.

This gets the tests passing again.


          Fix broken bounds check and add regression test

30accc9

The check is in the function
_nx_secure_tls_process_clienthello_psk_extension and was reported
as a vulnerability.


          Move empty packet check in nx_secure_tls_session_send

It was causing some tests to hang forever because they were expecting
different errors to be returned. We do want to keep the check for
empty packets as the netx_web_invalid_release_test expects that
sending an empty packet fails. Note that the test also tests HTTPS,
which will technically send a non-empty packet because the empty
packet will be modified to include the TLS data. However, the
empty packet check in nx_secure_tls_session_send will fulfill the
same role as the check in nx_tcp_socket_send.c, checking for
an empty packet prior to the modification of the packet to include
TLS data.

This gets the tests passing again.


          Add length check for supported versions extension and regression test

8c54f65


          patch for GHSA-5vrv-8j5h-h6h6

ef78bf8

edited by inspection not compiled or run-time tested


          patch for GHSA-8h38-qjhh-mf2h

fb443af

edited by inspection not compiled or run-time tested


          patch for GHSA-v474-mv4g-v8cx

0095a25

edited by inspection not compiled or run-time tested


          Support for ECDHE_PSK in process server key exchange

258898c


          Generate client key exchange according to ECDHE_PSK

1664c68


          Generate pre master secret according to ECDHE_PSK

1e306c5


          Added the cipher suites: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA and TLS_E…

a1bb0db

…CDHE_PSK_WITH_AES_256_CBC_SHA


          websocket client: Sec-WebSocket-Protocol is optional header

a766a15

The header Sec-WebSocket-Protocol is optional in both the
request and the response from the server.

Signed-off-by: Joel Guittet <[email protected]>


          websocket client: Add support for Authorization Bearer header

The Authorization: Bearer header allow to perform authentication
providing a token. It is optional.

Signed-off-by: Joel Guittet <[email protected]>


          Added error handling to the HTTPS sample.

f073139

Signed-off-by: Frédéric Desbiens <[email protected]>


          Ensure proper RAM Disk sizing in the HTTPS demo.

e164cd8


          Address the following advisories:

3f3847f

GHSA-pf5q-r6q5-6j2f
GHSA-cf2g-j6vv-m8c5
GHSA-vwh7-h99r-fvwq
GHSA-c9pq-93jp-w649


          Merge pull request #330 from joelguittet/websocket-improvement-headers

18312a1

Websocket improvement headers.


          Merge pull request #326 from igortomiatti/implement-ecdhe-psk

4185fa3

Implementation of ECDHE_PSK cipher suites


          Merge commit from fork

581c003

Fixes an issue in nx_secure_tls_psk_identity_find()


          Merge commit from fork

cbffa17

Fix multiple NextX Duo vulnerabilities.


          Merge commit from fork

ef9731c

Fix PSK extension length checking, add tests for such


          Merge commit from fork

304fc83

Fix length checking in supported version extension, add test


          Merge commit from fork

b39da81

Fixed issue in _nx_secure_tls_process_clienthello()

fdesbiens added 12 commits

September 29, 2025 08:44


          Merge commit from fork

f4de148

Insert a remaining buffer length check before dereferencing the pointer


          Merge commit from fork

1da6298

Added buffer length check


          Merge commit from fork

Insert a index position check before getting bytes


          Merge commit from fork

5ebdc4d

Insert a buffer_ptr position check before getting bytes


          Merge pull request #313 from mdkf/dev

b4ec3ca

#312 Handle HTTP code 429


          Merge pull request #317 from sjscymru/fix-hdfk-buffer-overflow

84b920f

Fix HKDF implementation to prevent buffer overrun when compiled with NX_SECURE_KEY_CLEAR


          Updated version number and added build number and hotfix.

009591d


          Fixed _nxe_websocket_client_connect declaration.

1c81434


          Fixed _nxe_websocket_client_connect declaration.

f064489


          Fixed typo in updated _nx_websocket_client_connect declaration.

d5a34aa


          Fixed _nx_websocket_client_connect_internal declaration.

4ff4996


          Fixed ECDHE_PSK cipher suites implementation. (#342)

582a360

* Restored ECC_CIPHERSUITE ifdef code.
* Added ifdefs to exclude PSK code when build options require it.

github-actions bot commented Oct 2, 2025

Test Results MQTT_Interoperability

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results NetXDuo

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results PTP

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results Crypto

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results Secure

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results Secure_Interoperability

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results NetXDuo64

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results MQTT

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results Azure_IoT

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results NetXDuo_Fast

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

github-actions bot commented Oct 2, 2025

Test Results Web

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 582a360. ± Comparison against base commit 5af33d7.

fdesbiens merged commit 8d84ebe into master

23 of 36 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet