mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-13 07:31:37 +02:00

Author	SHA1	Message	Date
Minos Galanakis	6804c92d7d	Merge tag 'mbedtls-4.1.0' into mbedtls-4.1.0_mergeback Mbed TLS 4.1.0 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-31 15:35:49 +01:00
Valerio Setti	32a3d5209c	Merge pull request #10626 from gilles-peskine-arm/check_committed_generated_files-create Add check_committed_generated_files.py	2026-03-30 10:50:04 +00:00
Minos Galanakis	0fe989b6b5	Update BRANCHES.md Signed-off-by: Minos Galanakis <minos.galanakis@arm.com> mbedtls-4.1.0 v4.1.0	2026-03-26 22:34:42 +00:00
Minos Galanakis	641fa2695c	Assemble ChangeLog ./framework/scripts/assemble_changelog.py Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:34:42 +00:00
Minos Galanakis	e89565f92a	Bump version ./scripts/bump_version.sh --version 4.1.0 \ --so-crypto 18 --so-tls 23 --so-x509 9 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:34:28 +00:00
Minos Galanakis	83d1ebc114	Updated tf psa-crypto submodule Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:20:06 +00:00
Minos Galanakis	43b89543ec	Updated framework submodule Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:20:01 +00:00
Minos Galanakis	308e7fb232	Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 22:18:31 +00:00
minosgalanakis	fc317141fe	Merge pull request #1534 from Mbed-TLS/release/changelog_fixes_4.1.0 [Release] Added attributions & CVE to ChangeLogs	2026-03-26 17:38:50 +00:00
Minos Galanakis	feb0dd04ba	Extended attributions & CVE Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 15:03:07 +00:00
Minos Galanakis	f3f27070a6	Added attributions & CVE Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-26 11:22:00 +00:00
minosgalanakis	5baf6883c6	Merge pull request #1529 from ronald-cron-arm/dtls Fixes relative to DTLS invalid/unexpected first record	2026-03-25 22:31:24 +00:00
Ronald Cron	1330606ca1	dtls: Fix adaptation to first ClientHello For each received ClientHello fragment, check that its epoch is zero and update the record-level sequence number. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	7a8fbc2100	Remove debug leftover Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	1141cd0fb6	Improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	f2f44a9c9f	Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	fbe388dc28	ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests In DTLS reassembly tests, the server may receive a close_notify alert at the end of a test. In this case, the Mbed TLS server logs an error, so these tests should not check for the absence of the string "error" in the server logs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:24 +01:00
Ronald Cron	f285018fa3	Disable "DTLS proxy: 3d, (openssl\|gnutls) client, fragmentation" tests The tests fail intermittently on the CI with a frequency that significantly impacts CI throughput. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:45:22 +01:00
Ronald Cron	c9264ad227	dtls: Fix log level Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	140ebea442	dtls: parse_client_hello: Adapt mbedtls_ssl_read_record() error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	f9b7441542	dtls: Keep invalid/unexpected record header error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	0c301a686a	dtls: Improve comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	912ef74195	Update buffering when adapting to ClientHello message_seq Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	16c5dd99b3	Introduce ssl_buffering_shift_slots Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	676d74e4c7	dtls: Error out on invalid/unexpected record header Error out on invalid/unexpected record header when reading the DTLS 1.2 ClientHello. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	315c970fbe	dtls: Fix debug log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-25 08:44:16 +01:00
Ronald Cron	ade56554a6	Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" This reverts commit `2e9b9681e6`. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-24 18:38:37 +01:00
Valerio Setti	63d1f7f6ef	Merge pull request #10649 from valeriosetti/skip-thread-cmake-search cmake: make Thread package search quiet	2026-03-23 23:34:05 +00:00
Valerio Setti	92cfa4e70e	cmake: make Threads package search quiet This prevents printing message "-- Could NOT find Threads (missing: Threads_FOUND)" on platforms like Zephyr where threading is not provided by standard libraries. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-23 15:43:46 +01:00
Gilles Peskine	aa40ca90d9	Move check_committed_generated_files to its own component This will probably help when a framework change causes the content of these files to change. See https://github.com/Mbed-TLS/mbedtls-test/issues/252 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:38:32 +01:00
Gilles Peskine	61cf7bdc90	Add Python requirements from framework/util Any `all.sh` component that runs a script that requires a more recent version of Python must have a `support_xxx` function that checks for the requisite Python version or package. At this time, there is no such requirement yet in the mbedtls repository. The directory `framework/util` is not yet checked by `pylint` or `mypy`, because we use older versions of these tools that don't work well with modern Python versions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:38:28 +01:00
Gilles Peskine	260992c0f4	check_committed_generated_files.py: use the new generate_files_helper module Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:37:45 +01:00
Gilles Peskine	4a21496d6f	Prepare to generalize check_option_lists.py We're going to have more committed generated files. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-23 15:37:45 +01:00
Gilles Peskine	7f4fe3943d	Merge pull request #10624 from gilles-peskine-arm/audit_validity_dates-move-to-framework Move some scripts to the framework	2026-03-19 12:19:00 +00:00
Ronald Cron	497abfa776	Merge pull request #10644 from minosgalanakis/mbedtls-release-sync MbedTLS 4.1.0 release-sync	2026-03-17 19:16:45 +00:00
Minos Galanakis	831ea1e621	Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-03-17 16:47:55 +00:00
Ronald Cron	9f19fe1874	Merge pull request #1466 from yanesca/1445_fix_signature_algorithm_injection Fix signature algorithm injection	2026-03-17 17:10:00 +01:00
Ronald Cron	a08cff3d40	Merge pull request #1483 from ronald-cron-arm/context_load_and_session_load_documentation Tighten context/session load and save APIs documentation	2026-03-17 14:11:39 +01:00
Ronald Cron	cb0b594a9d	Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure	2026-03-17 10:36:38 +00:00
Manuel Pégourié-Gonnard	d7f2a4cdc6	Merge pull request #10591 from valeriosetti/replace-legacy-rsa-symbols library: replace `MBEDTLS_RSA_C` with `PSA_WANT`	2026-03-17 10:35:15 +00:00
Ronald Cron	ccea2fd244	Improve change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-17 11:06:04 +01:00
Valerio Setti	e4d2126ad8	tests: ssl: replace dependency from RSA PSS to PKCS v1.5 in one handshake test Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 21:31:14 +01:00
David Horstmann	0862cf31b5	Merge pull request #10640 from davidhorstmann-arm/add-unused-fields-to-structs Add unused fields to structs	2026-03-16 14:40:03 +00:00
Ronald Cron	894cea1fa2	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-16 15:03:12 +01:00
Valerio Setti	2258cb7b5a	tests: pkcs7: ease requirements for parse tests replace PSA_HAVE_ALG_SOME_RSA_VERIFY with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00
Valerio Setti	0dfc52e740	tests: ssl: replace remaining occurrences of legacy RSA algorithms Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00
Valerio Setti	ed0aebd2c5	tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_SIGN Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00
Valerio Setti	2fab51329b	tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_VERIFY Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00
Valerio Setti	ff2630664a	tests: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00
Valerio Setti	ae885590fb	library: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC Follow the same pattern that was used in the past to remove dependency on MBEDTLS_RSA_C and use PSA_WANT instead. Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled since all PSA_WANT are converted to legacy build symbols. However when builtin drivers are not built (ex: in case of TF-M), then part of the code in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH it's not possible to declare that symbol in a configuration file because it's a legacy one and it will be rejected by buildtime checks. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-03-16 13:52:01 +01:00

1 2 3 4 5 ...

34425 Commits