TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 11:14:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,460 Commits 179 Branches 280 Tags
68319cbc80bff1a29221de05a7c4dd210a0ead41
Commit Graph

34460 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
valord577
68319cbc80 update ChangeLog 
Signed-off-by: valord577 <valord577@gmail.com>
 2026-04-22 11:05:04 +08:00
valord577
e022733f9f Merge branch 'Mbed-TLS:development' into patch-1 2026-04-22 10:41:51 +08:00
Ronald Cron
391af7c976 Merge pull request #10701 from minosgalanakis/docs/4.1.0_changelog_fixes 
ChangeLog: Fixed a reference to TF-PSA-Crypto
 2026-04-20 09:38:38 +00:00
Ronald Cron
518ed0337d Merge pull request #10672 from Maokaman1/fix/tls12-rsa-pss-sigalgs 
ssl: accept TLS 1.2 rsa_pss_rsae signature algorithms
 2026-04-20 08:03:39 +00:00
Viktor Sokolovskiy
f90e81c7f8 Pacify uncrustify 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-18 01:51:17 +03:00
Maokaman1
78336bb5bd Merge branch 'Mbed-TLS:development' into fix/tls12-rsa-pss-sigalgs 2026-04-17 19:13:43 +03:00
Minos Galanakis
935eb1a53b ChangeLog: Fixed a reference to TF-PSA-Crypto 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-04-17 16:59:05 +01:00
Viktor Sokolovskiy
3d61c38ea0 ssl: add TLS 1.2 RSA-PSS debug trace 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-17 17:36:31 +03:00
valord577
37b81f13c7 add ChangeLog 
Signed-off-by: valord577 <valord577@gmail.com>
 2026-04-16 15:17:32 +08:00
valord577
a3d3ede9d6 Fix build warning/error using llvm-mingw 
error logs refs: https://github.com/valord577/nativepkgs/actions/runs/24490614774/job/71574726128

Signed-off-by: valord577 <valord577@gmail.com>
 2026-04-16 14:31:55 +08:00
Viktor Sokolovskiy
2168fe9cda ssl: narrow TLS 1.2 RSA-PSS handling and add interop coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-16 04:36:48 +03:00
Gilles Peskine
8426c9bc51 Merge pull request #10684 from gilles-peskine-arm/maintainer-scripts-create-directory-dev 
development: Create a directory for maintainer-only Python scripts
 2026-04-15 08:19:36 +00:00
Gilles Peskine
8bf89416cf Merge pull request #10647 from gilles-peskine-arm/github-pr-template-add-4.1-mbedtls 
Add 1.1 line to the PR template
 2026-04-15 08:17:24 +00:00
Gilles Peskine
6b31bc6885 Unify TF-PSA-Crypto and mbedtls templates 
Following the team discussion, don't suggest "prerequisite" or "consuming"
in the template. Suggest linking all the pull requests in a group
everywhere.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-13 14:57:07 +02:00
Gilles Peskine
2a7d1ece77 Merge pull request #10676 from gilles-peskine-arm/analyze_outcomes-read_crypto 
Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover
 2026-04-13 09:24:21 +00:00
Gilles Peskine
cc134b0b94 Update crypto submodule with analyze_outcomes.py 
Update framework to match.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:49:14 +02:00
Gilles Peskine
9248af96b1 Create a directory for maintainer-only Python scripts 
This directory is currently excluded from `check-python-files.sh`, because
we run it on the CI in an old Python version that doesn't support some of
our new maintainer scripts.

There are no such scripts in mbedtls for now (only in TF-PSA-Crypto), but be
ready if we want to add some.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-09 19:39:42 +02:00
Gilles Peskine
806e1d365b Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 17:22:10 +02:00
Gilles Peskine
d25f03919a INTERNAL_TEST_CASES moved to a separate data-only module 
This way, when Mbed TLS's `analyze_outcomes.py` loads the python module from
TF-PSA-Crypto (because it needs to know the value of `INTERNAL_TEST_CASES`),
there's no risk that the subproject and the superproject will have different
requirements on auxiliary modules such as `mbedtls_framework.outcome_analysis`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 15:47:49 +02:00
Gilles Peskine
16a90a556e Add copyright line 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 15:31:52 +02:00
Viktor Sokolovskiy
f75c033ead ssl: add TLS 1.2 RSA-PSS regression coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-07 20:20:09 +03:00
Gilles Peskine
667a3f6442 Move test currently covered by crypto from uncovered list to ignored list 
If we can't read `INTERNAL_TEST_CASES` from
`tf-psa-crypto/tests/scripts/analyze_outcomes.py` because the script doesn't
exist, hard-code the legacy value of that information.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:47:24 +02:00
Gilles Peskine
1978e1bd6b Ignore test cases that TF-PSA-Crypto tells us to ignore 
If the `tf-psa-crypto` submodule has `tests/scripts/analyze_outcomes.py`,
require it to define a global variable `INTERNAL_TEST_CASES`. Those test
cases will be ignored in Mbed TLS's coverage analysis.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:47:13 +02:00
Gilles Peskine
bb5cfbbdec Move _has_word_re to the framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:06:39 +02:00
Gilles Peskine
68d6b07287 Rename IGNORED_TESTS to UNCOVERED_TESTS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:06:39 +02:00
Gilles Peskine
619f1acd75 Update framework with UNCOVERED_TESTS in outcome analysis 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:06:39 +02:00
Viktor Sokolovskiy
c064ba0edb ssl: accept TLS 1.2 rsa_pss_rsae signature schemes 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-04 03:57:04 +03:00
David Horstmann
0333486837 Merge pull request #10670 from gilles-peskine-arm/security-md-mention-compiler-4.x 
mbedtls: Mention compiler optimization in the threat model
 2026-04-01 15:43:26 +00:00
Gilles Peskine
d1f0ce8493 Be more specific about what compiler options we consider legitimate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:46 +02:00
Gilles Peskine
54ebb9b42d Mention the new advice about compiler options in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:46 +02:00
Gilles Peskine
be18f3f4a5 Add a section about compiler-introduced timing side channels 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:46 +02:00
Minos Galanakis
0cfd96499d Updated tf-psa-crypto submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:36:07 +01:00
Minos Galanakis
6804c92d7d Merge tag 'mbedtls-4.1.0' into mbedtls-4.1.0_mergeback 
Mbed TLS 4.1.0

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:35:49 +01:00
Valerio Setti
32a3d5209c Merge pull request #10626 from gilles-peskine-arm/check_committed_generated_files-create 
Add check_committed_generated_files.py
 2026-03-30 10:50:04 +00:00
Minos Galanakis
0fe989b6b5 Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
mbedtls-4.1.0 v4.1.0 		2026-03-26 22:34:42 +00:00
Minos Galanakis
641fa2695c Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:42 +00:00
Minos Galanakis
e89565f92a Bump version 
./scripts/bump_version.sh --version 4.1.0 \
  --so-crypto 18 --so-tls 23 --so-x509 9

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:28 +00:00
Minos Galanakis
83d1ebc114 Updated tf psa-crypto submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:20:06 +00:00
Minos Galanakis
43b89543ec Updated framework submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:20:01 +00:00
Minos Galanakis
308e7fb232 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:18:31 +00:00
minosgalanakis
fc317141fe Merge pull request #1534 from Mbed-TLS/release/changelog_fixes_4.1.0 
[Release] Added attributions & CVE to ChangeLogs
 2026-03-26 17:38:50 +00:00
Minos Galanakis
feb0dd04ba Extended attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 15:03:07 +00:00
Minos Galanakis
f3f27070a6 Added attributions & CVE 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 11:22:00 +00:00
minosgalanakis
5baf6883c6 Merge pull request #1529 from ronald-cron-arm/dtls 
Fixes relative to DTLS invalid/unexpected first record
 2026-03-25 22:31:24 +00:00
Ronald Cron
1330606ca1 dtls: Fix adaptation to first ClientHello 
For each received ClientHello fragment, check
that its epoch is zero and update the
record-level sequence number.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
7a8fbc2100 Remove debug leftover 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
1141cd0fb6 Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
f2f44a9c9f Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
fbe388dc28 ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests 
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
f285018fa3 Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests 
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:22 +01:00