TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-11 06:40:47 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,186 Commits 179 Branches 280 Tags
54bf8addd7bc409a080c663363889cced337c8af
Commit Graph

32186 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
54bf8addd7 Merge pull request #10366 from davidhorstmann-arm/clarify-file-generation-cc-3.6 
[Backport 3.6] Clarify use of `CC` and friends for file generation
 2025-08-20 09:48:26 +00:00
David Horstmann
8281e6a13b Clarify use of CC and friends for file generation 
Add more detail around how generation of configuration-independent files
chooses a C compiler. Mention that setting HOSTCC or CC is recommended
where there are multiple toolchains.

Mention that the fallback location is the cc executable, which may help
users troubleshooting when the file generation picks up the wrong
toolchain (as in Mbed-TLS/mbedtls#10360).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-08-19 18:14:30 +01:00
minosgalanakis
a53d8c5a33 Merge pull request #10350 from ariwo17/backport/add-pbes2-aes-testdata 
[BACKPORT] Issue #398: Add AES-CBC PBES2 test cases to match 3DES variants
 2025-08-11 15:04:24 +00:00
Ari Weiler-Ofek
45c781976c Update framework submodule pointer to merged Framework PR#194 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-08-07 19:01:10 +01:00
Ari Weiler-Ofek
afe7e54e3a Backport: add AES PBES2 test cases matching 3DES (including wrong and missing password) 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-08-07 19:01:06 +01:00
Ari Weiler-Ofek
3c086a9b0b Backport: add AES PBES2 test cases matching 3DES (correct password only) 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-08-07 18:59:11 +01:00
Gilles Peskine
8d524e8841 Merge pull request #10312 from ronald-cron-arm/dependency-on-generated-files 
Backport 3.6: cmake: library: Fix potential concurrent file generation
 2025-07-30 11:44:53 +00:00
Ronald Cron
5491fe3ee0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-21 09:45:14 +02:00
Ronald Cron
cbe5fa4d40 cmake: library: Add custom targets for generated files 
Add a custom target that depends on crypto
generated files, and make both the static and
shared crypto libraries depend on it.

This ensures that when both libraries are built,
the files are not generated concurrently
by the static and shared library targets.

Do the same for the TLS libraries.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-21 09:26:42 +02:00
Bence Szépkúti
8f4779c6fa Merge pull request #10303 from bensze01/freebsd-3.6 
[Backport 3.6] Clean up ci.requirements.txt
 2025-07-16 21:29:19 +00:00
Bence Szépkúti
222090abf6 Restrict CI-specific python requirements to Linux 
The dependencies declared in ci.requirements.txt are only used in
scripts that we run on the Linux CI.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-07-16 15:13:14 +02:00
Bence Szépkúti
9ecab503c2 Don't install cryptography on the FreeBSD CI 
Recent versions of cryptography require a Rust toolchain to install on
FreeBSD, which we do not have set up yet.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-07-16 15:13:13 +02:00
Bence Szépkúti
22dd79367c Freeze cryptography version on the CI at 35.0.0 
The version was unspecified because of our use of Python 3.5 on the CI,
whichi has since been eliminated.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-07-16 15:13:13 +02:00
Ronald Cron
cfbde81ad1 Merge pull request #10287 from davidhorstmann-arm/update-4.x-lts-timeline-3.6 
[Backport 3.6] Update note about the first 4.x LTS
 2025-07-09 14:45:06 +00:00
David Horstmann
ea073d0ee9 Update note about the first 4.x LTS 
The release date is yet to be determined, to allow time for 4.x to
stabilise.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-07-08 15:11:32 +01:00
Ronald Cron
a329f398e4 Merge pull request #10210 from gilles-peskine-arm/nv-seed-only-3.6 
3.6 only: Test a build with entropy only from NV seed
 2025-07-02 07:50:45 +00:00
minosgalanakis
1a22f21b74 Merge pull request #1381 from Mbed-TLS/mbedtls-3.6.4-mergeback 
Mbedtls 3.6.4 merge-back pr
 2025-06-30 22:06:11 +01:00
Minos Galanakis
5b9c7c5204 Revert "Added generated files" 
This reverts commit 59e8b3a6b0.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-30 18:33:00 +01:00
Manuel Pégourié-Gonnard
01b5d6a5be Merge pull request #10244 from felixc-arm/gcc-15-remove-wnoerror-3.6 
[3.6] Turn Wunterminated-string-initialization back into an error
 2025-06-26 07:08:56 +00:00
minosgalanakis
c765c831e5 Merge pull request #1373 from Mbed-TLS/mbedtls-3.6.4rc0-pr 
Mbedtls 3.6.4rc0
mbedtls-3.6.4 v3.6.4 		2025-06-25 20:56:00 +01:00
Minos Galanakis
59e8b3a6b0 Added generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-25 14:18:23 +01:00
Minos Galanakis
5374262f3b Version bump 3.6.4 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-25 14:07:55 +01:00
Minos Galanakis
c52f68fd21 Assemble ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-25 14:07:55 +01:00
Gilles Peskine
4cbf802231 Properly initialize SSL endpoint objects 
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.

Use a more systematic style for initializing the stack object as soon as
it's declared.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-25 14:07:55 +01:00
Gilles Peskine
ae9a5e86f3 Fix accidentally skipped test assertion 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-25 14:07:55 +01:00
minosgalanakis
b5bb58d00b Merge pull request #10249 from gilles-peskine-arm/tls-exporter-coverity-202505-3.6 
Backport 3.6: Fix SSL exporter tests
 2025-06-25 10:19:17 +00:00
Gilles Peskine
20eee55d9d Properly initialize SSL endpoint objects 
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.

Use a more systematic style for initializing the stack object as soon as
it's declared.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-24 17:26:35 +02:00
Gilles Peskine
971c02c8f6 Fix accidentally skipped test assertion 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-24 17:18:47 +02:00
Minos Galanakis
f36277558a Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.4rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-23 18:52:17 +01:00
David Horstmann
5e1e5b3e53 Merge pull request #10241 from ariwo17/backport-typo-fixes-3.6 
[BACKPORT] Fixed some minor typos in comments.
 2025-06-23 16:33:41 +00:00
Felix Conway
ea26c23ac5 Turn Wunterminated-string-initialization back into an error 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-23 14:13:36 +01:00
Ronald Cron
3527ea9b78 Merge pull request #10243 from ronald-cron-arm/mbedtls-3.6-release-sync 
The PR is based on mbedtls-3.6 HEAD and the merge queue is empty. No need to go through the merge queue, merging directly.
 2025-06-23 11:51:59 +02:00
Ronald Cron
bad1679623 Update framework pointer (release-sync) 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-06-23 09:32:12 +02:00
Ari Weiler-Ofek
ed134de3d1 Fixed the same typo in ssl-opt.sh 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-06-20 15:08:35 +01:00
David Horstmann
54ceaf7a53 Merge pull request #10200 from aslze/mbedtls-3.6 
[3.6] Fix build C++ apps with MSVC
 2025-06-19 14:25:50 +00:00
Ari Weiler-Ofek
fb2460ae0b Fixed some minor typos in comments. 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-06-19 15:15:30 +01:00
Ronald Cron
7df899211a fix: additional MSVC v142 build issue with tls1.3 configuration enabled. 
Signed-off-by: Cesar Cruz <cesar.cruz@philips.com>
Signed-off-by: ccrugoPhilips <cesar.cruz@philips.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-06-18 10:13:54 +02:00
David Horstmann
a84be59757 Merge pull request #1366 from gilles-peskine-arm/base64-decode-clean-3.6 
Backport 3.6: mbedtls_base64_decode: fix sloppiness
 2025-06-17 14:55:39 +01:00
Ronald Cron
d1f51696a6 Remove blank line 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-06-16 11:08:46 +02:00
Gilles Peskine
3c9ad42719 Merge pull request #1367 from gilles-peskine-arm/aesni_has_support-volatile-3.6 
Backport 3.6: Fix race condition in mbedtls_aesni_has_support
 2025-06-13 23:20:28 +02:00
Manuel Pégourié-Gonnard
d593c54b3c Merge pull request #10215 from felixc-arm/gcc-15-warning-3.6 
[3.6] Fix GCC 15 warning 'Wunterminated-string-initialization'
 2025-06-13 12:34:55 +00:00
Felix Conway
b8d14734fd Simplify changelog 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-13 09:33:24 +01:00
Gilles Peskine
853cfbdced Add a note about processor memory reordering 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-12 18:30:45 +02:00
Felix Conway
80ca13f07d Add changelog 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-12 13:28:26 +01:00
Felix Conway
766be1f8f4 Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING 
This macro applies __attribute__((nonstring)) when the compiler supports
it

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-12 11:13:33 +01:00
Gilles Peskine
51dccfb2a6 Improve some explanations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-11 18:47:31 +02:00
Gilles Peskine
03303d88fb Don't mutate dst_size 
This lead to `dst_size` not having the intended value in subsequent code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-11 18:24:26 +02:00
Felix Conway
2e1399f1e1 Add __attribute__ ((nonstring)) to remove unterminated-string-initialization warning 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-11 16:04:30 +01:00
Gilles Peskine
f5db3e9436 Note that GCM is also impacted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-11 10:45:41 +02:00
Gilles Peskine
a79525239f Merge pull request #1359 from Mbed-TLS/bugfix_1351_1352_1353_lms_drivers_3.6bp 
[3.6 Backport]Bugfix: lms/lmots driver hardening.
 2025-06-10 19:08:15 +02:00