TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 11:14:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,469 Commits 179 Branches 280 Tags
ded271a8c424c58a50a823b8760b6034acf5b3e3
Commit Graph

34469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
ded271a8c4 Merge pull request #10696 from yiwu0b11/destdir_install_env_support-4.1 
Backport 4.1: Support DESTDIR for install and add build-system test
 2026-04-29 14:37:40 +00:00
Valerio Setti
5875ffa6fc Merge pull request #10713 from valeriosetti/backport-pr10650 
[backport 4.1] check_config: add missing check for TLS 1.3 key exchanges
 2026-04-24 14:32:42 +00:00
Valerio Setti
b4df7bb14d Merge pull request #10712 from valeriosetti/backport-pr10639 
[backport 4.1] library: check_config: remove RSA encryption requirement from ECDHE-RSA
 2026-04-24 07:30:58 +00:00
Valerio Setti
f2ab107392 check_config: fix error message for missing TLS 1.2 key exchanges 
Align the error message to the one used for the same check in TLS 1.3.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-23 14:51:52 +02:00
Valerio Setti
1caa7db5e8 check_config: add check for TLS 1.3 key exchanges 
When MBEDTLS_SSL_PROTO_TLS1_3 is enabled ensure that at least one of the
related key exchanges is also enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-23 14:51:48 +02:00
Valerio Setti
377cbb2055 tests: depends.py: extend pkalgs including PSA_WANT_ALG_RSA_PKCS1V15_SIGN 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-22 17:17:41 +02:00
Valerio Setti
9d4447fdc5 tests: depends.py: fix reverse dependency for RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-22 17:17:41 +02:00
Valerio Setti
2882b73697 library: check_config: remove RSA encryption requirement from ECDHE-RSA 
ECDHE-RSA only requires RSA signature, not encryption. This commits fixes
guards in "mbedtls_check_config.h".

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-04-22 17:17:41 +02:00
Ronald Cron
6a5e0139f8 Merge pull request #10703 from minosgalanakis/docs/4.1.0_changelog_fixes_bp 
ChangeLog 4.1 Fixed references to TF-PSA-Crypto
 2026-04-20 09:49:28 +00:00
Yi Wu
7c63e641e3 test: improve symlink checks 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
6c63f39eeb test: versioned symlink order fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
5bddf62a69 test: reorder if-else structure 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
9d88e0b200 test: add debug output and fix for win config 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
0dc58e196d ChangeLog fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
ee0f8cbc11 tests: fix DESTDIR install checks and add macOS compatibility 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
f645b06c38 ChangeLog fixes 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
9ffdbe5bf3 ChangeLog padding space fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
291fb02523 Test: add symlinks and dangling link check 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
ff66c4efb9 ChangeLog fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
f2d35a04ed ChangeLog newline fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
c839d60443 Add changelog 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Yi Wu
897daf3ea1 Support DESTDIR for install and add build-system test 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-20 10:48:29 +01:00
Ronald Cron
f9990f3289 Merge pull request #10704 from Maokaman1/fix/tls12-rsa-pss-sigalgs-4.1 
Backport 4.1: ssl: accept TLS 1.2 rsa_pss_rsae signature algorithms
 2026-04-20 08:03:21 +00:00
Viktor Sokolovskiy
4302c8dffb Pacify uncrustify 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-18 02:02:15 +03:00
Minos Galanakis
f9610844e6 ChangeLog: Fixed a reference to TF-PSA-Crypto 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-04-17 17:17:48 +01:00
Viktor Sokolovskiy
5fc28f4016 ssl: accept TLS 1.2 rsa_pss_rsae in client SKE 
Fix a TLS 1.2 client regression that caused valid ServerKeyExchange signatures using rsa_pss_rsae_* to be rejected.

Allow rsa_pss_rsae_* in the TLS 1.2 client ServerKeyExchange parse path when the algorithm is supported and was offered by the client. Add OpenSSL and GnuTLS interoperability coverage for TLS 1.2 servers that force rsa_pss_rsae_sha256.

Fixes #10668.

Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-17 19:16:20 +03:00
Gilles Peskine
e589739db1 Merge pull request #10685 from gilles-peskine-arm/maintainer-scripts-create-directory-4.1 
Backport 4.1: Create a directory for maintainer-only Python scripts
 2026-04-15 08:19:31 +00:00
Gilles Peskine
b116c4deff Merge pull request #10688 from gilles-peskine-arm/analyze_outcomes-read_crypto-4.1 
Backport 4.1: Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover
 2026-04-13 09:24:12 +00:00
Gilles Peskine
635d64362f Update crypto submodule with analyze_outcomes.py 
Update framework to match.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:48:05 +02:00
Gilles Peskine
a4144255f1 Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
eeb2e3379f INTERNAL_TEST_CASES moved to a separate data-only module 
This way, when Mbed TLS's `analyze_outcomes.py` loads the python module from
TF-PSA-Crypto (because it needs to know the value of `INTERNAL_TEST_CASES`),
there's no risk that the subproject and the superproject will have different
requirements on auxiliary modules such as `mbedtls_framework.outcome_analysis`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
824b4cde5a Add copyright line 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
7f78af02c4 Move test currently covered by crypto from uncovered list to ignored list 
If we can't read `INTERNAL_TEST_CASES` from
`tf-psa-crypto/tests/scripts/analyze_outcomes.py` because the script doesn't
exist, hard-code the legacy value of that information.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
ef7ff7e7fd Ignore test cases that TF-PSA-Crypto tells us to ignore 
If the `tf-psa-crypto` submodule has `tests/scripts/analyze_outcomes.py`,
require it to define a global variable `INTERNAL_TEST_CASES`. Those test
cases will be ignored in Mbed TLS's coverage analysis.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
f1d880203c Move _has_word_re to the framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
3233f2523c Rename IGNORED_TESTS to UNCOVERED_TESTS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
2b4ceb533b Update framework with UNCOVERED_TESTS in outcome analysis 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-10 14:43:46 +02:00
Gilles Peskine
16541a9a42 Create a directory for maintainer-only Python scripts 
This directory is currently excluded from `check-python-files.sh`, because
we run it on the CI in an old Python version that doesn't support some of
our new maintainer scripts.

There are no such scripts in mbedtls for now (only in TF-PSA-Crypto), but be
ready if we want to add some.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-09 19:39:20 +02:00
minosgalanakis
421f5d27fe Merge pull request #1548 from minosgalanakis/public-mbedtls-4.1 
Merge public changes into internal LTS 4.1 branch
 2026-04-02 22:40:53 +01:00
David Horstmann
521d2eb1fe Merge pull request #10669 from gilles-peskine-arm/security-md-mention-compiler-4.1 
Backport 4.1: Mention compiler optimization in the threat model
 2026-04-01 15:46:13 +00:00
Gilles Peskine
b43bdd7365 Be more specific about what compiler options we consider legitimate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:23 +02:00
Gilles Peskine
77a32fab9b Mention the new advice about compiler options in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:23 +02:00
Gilles Peskine
582d23e04c Add a section about compiler-introduced timing side channels 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-01 11:08:23 +02:00
Minos Galanakis
0cfd96499d Updated tf-psa-crypto submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:36:07 +01:00
Minos Galanakis
6804c92d7d Merge tag 'mbedtls-4.1.0' into mbedtls-4.1.0_mergeback 
Mbed TLS 4.1.0

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:35:49 +01:00
Valerio Setti
32a3d5209c Merge pull request #10626 from gilles-peskine-arm/check_committed_generated_files-create 
Add check_committed_generated_files.py
 2026-03-30 10:50:04 +00:00
Minos Galanakis
0fe989b6b5 Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
mbedtls-4.1.0 v4.1.0 		2026-03-26 22:34:42 +00:00
Minos Galanakis
641fa2695c Assemble ChangeLog 
./framework/scripts/assemble_changelog.py

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:42 +00:00
Minos Galanakis
e89565f92a Bump version 
./scripts/bump_version.sh --version 4.1.0 \
  --so-crypto 18 --so-tls 23 --so-x509 9

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:28 +00:00
Minos Galanakis
83d1ebc114 Updated tf psa-crypto submodule 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:20:06 +00:00