mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-18 01:48:48 +02:00

Author	SHA1	Message	Date
Gilles Peskine	2a7d1ece77	Merge pull request #10676 from gilles-peskine-arm/analyze_outcomes-read_crypto Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover	2026-04-13 09:24:21 +00:00
Gilles Peskine	cc134b0b94	Update crypto submodule with analyze_outcomes.py Update framework to match. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-10 14:49:14 +02:00
Gilles Peskine	806e1d365b	Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-08 17:22:10 +02:00
Gilles Peskine	d25f03919a	INTERNAL_TEST_CASES moved to a separate data-only module This way, when Mbed TLS's `analyze_outcomes.py` loads the python module from TF-PSA-Crypto (because it needs to know the value of `INTERNAL_TEST_CASES`), there's no risk that the subproject and the superproject will have different requirements on auxiliary modules such as `mbedtls_framework.outcome_analysis`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-08 15:47:49 +02:00
Gilles Peskine	16a90a556e	Add copyright line Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-08 15:31:52 +02:00
Gilles Peskine	667a3f6442	Move test currently covered by crypto from uncovered list to ignored list If we can't read `INTERNAL_TEST_CASES` from `tf-psa-crypto/tests/scripts/analyze_outcomes.py` because the script doesn't exist, hard-code the legacy value of that information. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-07 11:47:24 +02:00
Gilles Peskine	1978e1bd6b	Ignore test cases that TF-PSA-Crypto tells us to ignore If the `tf-psa-crypto` submodule has `tests/scripts/analyze_outcomes.py`, require it to define a global variable `INTERNAL_TEST_CASES`. Those test cases will be ignored in Mbed TLS's coverage analysis. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-07 11:47:13 +02:00
Gilles Peskine	bb5cfbbdec	Move _has_word_re to the framework Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-07 11:06:39 +02:00
Gilles Peskine	68d6b07287	Rename IGNORED_TESTS to UNCOVERED_TESTS Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-07 11:06:39 +02:00
Gilles Peskine	619f1acd75	Update framework with UNCOVERED_TESTS in outcome analysis Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-07 11:06:39 +02:00
David Horstmann	0333486837	Merge pull request #10670 from gilles-peskine-arm/security-md-mention-compiler-4.x mbedtls: Mention compiler optimization in the threat model	2026-04-01 15:43:26 +00:00
Gilles Peskine	d1f0ce8493	Be more specific about what compiler options we consider legitimate Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-01 11:08:46 +02:00
Gilles Peskine	54ebb9b42d	Mention the new advice about compiler options in the changelog Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-01 11:08:46 +02:00
Gilles Peskine	be18f3f4a5	Add a section about compiler-introduced timing side channels Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-04-01 11:08:46 +02:00
Minos Galanakis	0cfd96499d	Updated tf-psa-crypto submodule Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-31 15:36:07 +01:00
Minos Galanakis	6804c92d7d	Merge tag 'mbedtls-4.1.0' into mbedtls-4.1.0_mergeback Mbed TLS 4.1.0 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-31 15:35:49 +01:00
Valerio Setti	32a3d5209c	Merge pull request #10626 from gilles-peskine-arm/check_committed_generated_files-create Add check_committed_generated_files.py	2026-03-30 10:50:04 +00:00
Minos Galanakis	0fe989b6b5	Update BRANCHES.md Signed-off-by: Minos Galanakis <minos.galanakis@arm.com> mbedtls-4.1.0 v4.1.0	2026-03-26 22:34:42 +00:00
Minos Galanakis	641fa2695c	Assemble ChangeLog ./framework/scripts/assemble_changelog.py Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:34:42 +00:00
Minos Galanakis	e89565f92a	Bump version ./scripts/bump_version.sh --version 4.1.0 \ --so-crypto 18 --so-tls 23 --so-x509 9 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:34:28 +00:00
Minos Galanakis	83d1ebc114	Updated tf psa-crypto submodule Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:20:06 +00:00
Minos Galanakis	43b89543ec	Updated framework submodule Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:20:01 +00:00
Minos Galanakis	308e7fb232	Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:18:31 +00:00
minosgalanakis	fc317141fe	Merge pull request #1534 from Mbed-TLS/release/changelog_fixes_4.1.0 [Release] Added attributions & CVE to ChangeLogs	2026-03-26 17:38:50 +00:00
Minos Galanakis	feb0dd04ba	Extended attributions & CVE Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 15:03:07 +00:00
Minos Galanakis	f3f27070a6	Added attributions & CVE Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 11:22:00 +00:00
minosgalanakis	5baf6883c6	Merge pull request #1529 from ronald-cron-arm/dtls Fixes relative to DTLS invalid/unexpected first record	2026-03-25 22:31:24 +00:00
Ronald Cron	1330606ca1	dtls: Fix adaptation to first ClientHello For each received ClientHello fragment, check that its epoch is zero and update the record-level sequence number. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	7a8fbc2100	Remove debug leftover Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	1141cd0fb6	Improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	f2f44a9c9f	Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	fbe388dc28	ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests In DTLS reassembly tests, the server may receive a close_notify alert at the end of a test. In this case, the Mbed TLS server logs an error, so these tests should not check for the absence of the string "error" in the server logs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	f285018fa3	Disable "DTLS proxy: 3d, (openssl\|gnutls) client, fragmentation" tests The tests fail intermittently on the CI with a frequency that significantly impacts CI throughput. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:22 +01:00
Ronald Cron	c9264ad227	dtls: Fix log level Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	140ebea442	dtls: parse_client_hello: Adapt mbedtls_ssl_read_record() error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	f9b7441542	dtls: Keep invalid/unexpected record header error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	0c301a686a	dtls: Improve comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	912ef74195	Update buffering when adapting to ClientHello message_seq Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	16c5dd99b3	Introduce ssl_buffering_shift_slots Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	676d74e4c7	dtls: Error out on invalid/unexpected record header Error out on invalid/unexpected record header when reading the DTLS 1.2 ClientHello. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	315c970fbe	dtls: Fix debug log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	ade56554a6	Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" This reverts commit `2e9b9681e6`. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-24 18:38:37 +01:00
Valerio Setti	63d1f7f6ef	Merge pull request #10649 from valeriosetti/skip-thread-cmake-search cmake: make Thread package search quiet	2026-03-23 23:34:05 +00:00
Valerio Setti	92cfa4e70e	cmake: make Threads package search quiet This prevents printing message "-- Could NOT find Threads (missing: Threads_FOUND)" on platforms like Zephyr where threading is not provided by standard libraries. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-23 15:43:46 +01:00
Gilles Peskine	aa40ca90d9	Move check_committed_generated_files to its own component This will probably help when a framework change causes the content of these files to change. See https://github.com/Mbed-TLS/mbedtls-test/issues/252 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:38:32 +01:00
Gilles Peskine	61cf7bdc90	Add Python requirements from framework/util Any `all.sh` component that runs a script that requires a more recent version of Python must have a `support_xxx` function that checks for the requisite Python version or package. At this time, there is no such requirement yet in the mbedtls repository. The directory `framework/util` is not yet checked by `pylint` or `mypy`, because we use older versions of these tools that don't work well with modern Python versions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:38:28 +01:00
Gilles Peskine	260992c0f4	check_committed_generated_files.py: use the new generate_files_helper module Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:37:45 +01:00
Gilles Peskine	4a21496d6f	Prepare to generalize check_option_lists.py We're going to have more committed generated files. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:37:45 +01:00
Gilles Peskine	7f4fe3943d	Merge pull request #10624 from gilles-peskine-arm/audit_validity_dates-move-to-framework Move some scripts to the framework	2026-03-19 12:19:00 +00:00
Ronald Cron	497abfa776	Merge pull request #10644 from minosgalanakis/mbedtls-release-sync MbedTLS 4.1.0 release-sync	2026-03-17 19:16:45 +00:00

1 2 3 4 5 ...

34440 Commits