Janos Follath
92dbfb34f0
SECURITY.md: make x509 data section more readable
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-20 13:47:03 +00:00
Janos Follath
7b2ad1c518
Clarify purpose and suitability of sample programs
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-19 15:00:22 +00:00
Janos Follath
baea194a04
Clarify CRL security guarantees
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-19 14:58:39 +00:00
Gilles Peskine
89141231d6
Merge pull request #10497 from JuhaPekkaa/juke/loglevel-change-3.6
...
Update log level for mbedtls_ssl_check_record and PSA-based ECDH computation (3.6)
2025-11-06 17:37:53 +00:00
Manuel Pégourié-Gonnard
1d0ccfae0d
Merge pull request #10452 from bjwtaylor/move-lcov-3.6
...
Move lcov 3.6
2025-11-06 11:12:04 +00:00
Juha-Pekka Kesonen
b11d969e2c
ssl_msg.c: change log level for record checking
...
Signed-off-by: Juha-Pekka <juha-pekka.kesonen@nordicsemi.no >
2025-11-05 15:06:02 +02:00
Juha-Pekka Kesonen
a535836d14
ssl_tls12: change log level for ECDH computation
...
Signed-off-by: Juha-Pekka <juha-pekka.kesonen@nordicsemi.no >
2025-11-05 15:05:23 +02:00
Ronald Cron
8d0641675c
Merge pull request #10483 from minosgalanakis/bugfix/update_prepare_release_3.6
...
[Backport]Update prepare_release.sh
2025-11-04 16:03:29 +00:00
Minos Galanakis
1c03c3e197
prepare_release.sh: Updated regex syntax
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-11-04 10:40:58 +00:00
Ben Taylor
753c1afcf8
Update lcov.sh patch to use CMake variable
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-11-04 09:45:37 +00:00
Valerio Setti
cc0385852d
Merge pull request #10471 from yanesca/fix_dead_code_231025
...
Fix dead code - 3.6 Backport
2025-10-31 12:49:57 +00:00
Valerio Setti
667e56a0a7
Merge pull request #10478 from Cube707/backport/iar-compiler-warning
...
[backport] add cast to fix IAR compiler errors
2025-10-31 12:33:11 +00:00
Minos Galanakis
ae80683fe2
Added documentation
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-30 09:48:59 +00:00
Minos Galanakis
fea16efc1c
prepare_release.sh: Adjusted build system matching patterns
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-30 09:48:59 +00:00
Minos Galanakis
9e7f033546
prepare_release.sh: Removed -r/-u modes
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-30 09:37:17 +00:00
Minos Galanakis
41325bca41
prepare_release.sh: Added psed helper function
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-30 09:28:20 +00:00
minosgalanakis
2cd2fae204
Merge pull request #10470 from Begasus/mbedtls-3.6
...
Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDIR path for headers installation
2025-10-29 15:21:38 +00:00
Jan Wille
8d59423fe5
format: apply suggestions (add spaces)
...
Signed-off-by: Jan Wille <jan.wille@siemens.com >
2025-10-29 15:50:57 +01:00
Jan Spannberger
73d5398f02
add cast to fix IAR compiler errors
...
IAR throws a warning "mixed ENUM with other type"
backport of a5384bdf09jan.spannberger@siemens.com >
2025-10-28 15:14:30 +01:00
Ben Taylor
82d2fb8720
Update lcov.sh paths in make files
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-10-24 12:03:59 +01:00
Ben Taylor
6d4abb4377
Remove lcov.sh as this will be moved to the framework
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-10-24 12:03:59 +01:00
Ben Taylor
567aadbd63
Update framework module
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-10-24 12:03:59 +01:00
Luc Schrijvers
7a399a6ed6
Add library/CMakeList.txt to the changes
...
Signed-off-by: Luc Schrijvers <begasus@gmail.com >
2025-10-24 13:00:40 +02:00
Schrijvers Luc
9644a688f3
Update ChangeLog.d/gnuinstalldirs_include.txt
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Schrijvers Luc <begasus@gmail.com >
2025-10-24 10:59:27 +02:00
Luc Schrijvers
08d88fcf72
add changelog change
...
Signed-off-by: Luc Schrijvers <begasus@gmail.com >
2025-10-24 09:32:02 +02:00
Janos Follath
94700198fb
Remove dead code
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2025-10-23 14:43:52 +01:00
Luc Schrijvers
b044efeb61
Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation
...
Signed-off-by: Luc Schrijvers <begasus@gmail.com >
2025-10-23 11:37:58 +02:00
Gilles Peskine
d80b9ff511
Merge pull request #10466 from minosgalanakis/bugfix/reset_gitignore_files
...
Revert "Added generated files"
2025-10-22 11:09:40 +00:00
Minos Galanakis
ddffba970b
Revert "Added generated files"
...
This reverts commit 335197e60cminos.galanakis@arm.com >
2025-10-22 10:51:01 +01:00
Gilles Peskine
6dacfdc59e
Merge pull request #10447 from valeriosetti/static-key-store-fix-size
...
[3.6] psa: improve buffer size computation for static key slots
2025-10-20 13:42:04 +00:00
Valerio Setti
a8ff9f76e9
changelog: add note about MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE improvements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-10-16 16:47:01 +02:00
Valerio Setti
5306324015
psa: crypto_extra: update documentation of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-10-16 16:36:50 +02:00
Minos Galanakis
5a3d0214b3
Merge tag 'mbedtls-3.6.5' into mbedtls-3.6.5_mergeback
...
Mbed TLS 3.6.5
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-15 18:41:13 +01:00
Valerio Setti
45574797e7
psa: crypto_extra: improve buffer size computation for static key slots
...
Take also MAC's key types into account when computing the size of the
buffer to store key material in static key slot configuration.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-10-15 16:22:39 +02:00
minosgalanakis
e185d7fd85
Merge pull request #1428 from Mbed-TLS/mbedtls-3.6.5rc0-pr
...
Mbedtls 3.6.5RC
2025-10-13 08:39:14 +01:00
Minos Galanakis
b1db32061c
Update BRANCHES.md
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Minos Galanakis
335197e60c
Added generated files
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Minos Galanakis
2e1245171c
Updated framework pointer
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Minos Galanakis
ad63800090
Version bump for mbedtls-3.5.6
...
./scripts/bump_version.sh --version 3.6.5
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Minos Galanakis
369ea7a041
Assemble ChangeLog
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Gilles Peskine
0c4a951b37
Be more precise about the user/peer ID limitation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
(cherry picked from commit 84a9b26b88minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Gilles Peskine
7e81fe32d0
Add storage format test case for JPAKE
...
The storage test generator doesn't support JPAKE at this time. So write a
test case manually.
The key is not exercised, since `psa_exercise_key()` doesn't support PAKE at
this time. But at least we can use this test case to ensure that we know how
the key is represented in storage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
(cherry picked from commit 98a4029d51minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
Gilles Peskine
90eac7fc7a
Document JPAKE limitations
...
Document limitations on the user ID, peer ID, primitive (elliptic curve) and
hash for `PSA_ALG_JPAKE`.
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/502
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/503
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/504
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
(cherry picked from commit 8ca2a5bf95minos.galanakis@arm.com >
2025-10-10 18:04:55 +01:00
minosgalanakis
46dc477c22
Merge pull request #10444 from gilles-peskine-arm/jpake-persistent-key-compat-3.6.5
...
Backport 3.6: PSA JPAKE: add storage test case and document limitations
2025-10-10 14:45:23 +00:00
Gilles Peskine
84a9b26b88
Be more precise about the user/peer ID limitation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-10-10 12:08:21 +02:00
Gilles Peskine
42ae2ac6ec
Merge pull request #10318 from keith-packard/gcc-14-3-array-bounds
...
Avoid invalid gcc 14.3 warning about array bounds in mbedtls_xor
2025-10-08 19:00:48 +00:00
Gilles Peskine
98a4029d51
Add storage format test case for JPAKE
...
The storage test generator doesn't support JPAKE at this time. So write a
test case manually.
The key is not exercised, since `psa_exercise_key()` doesn't support PAKE at
this time. But at least we can use this test case to ensure that we know how
the key is represented in storage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-10-08 17:39:23 +02:00
Gilles Peskine
8ca2a5bf95
Document JPAKE limitations
...
Document limitations on the user ID, peer ID, primitive (elliptic curve) and
hash for `PSA_ALG_JPAKE`.
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/502
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/503
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/504
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-10-08 17:39:23 +02:00
Keith Packard
292b96c0a6
Avoid invalid gcc 14.3 warning about array bounds in mbedtls_xor
...
The combination of the multi-byte loop with the single byte loop
confuses GCC 14.3's array bounds checker. When the loop size is
constant, check to see if it is a multiple of the multi-byte size and
bail early. As this will be evaluated at compile time, there should be
no run-time cost.
This change uses the __builtin_constant_p compile-time operation. To
check if that is supported, the change uses the existing
MBEDTLS_HAS_BUILTIN macro. That macro was defined later in
library/common.h than is needed for this change, so it was moved up to
join some other macros that looked similar.
Signed-off-by: Keith Packard <keithp@keithp.com >
2025-10-02 11:09:29 -07:00
Minos Galanakis
bafcf5bddf
Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.5rc0-pr
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-10-02 15:37:04 +01:00
