TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,346 Commits 177 Branches 276 Tags
v3.6.5
Commit Graph

32346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
minosgalanakis
e185d7fd85 Merge pull request #1428 from Mbed-TLS/mbedtls-3.6.5rc0-pr 
Mbedtls 3.6.5RC
mbedtls-3.6.5 v3.6.5 		2025-10-13 08:39:14 +01:00
Minos Galanakis
b1db32061c Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis
335197e60c Added generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis
2e1245171c Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis
ad63800090 Version bump for mbedtls-3.5.6 
./scripts/bump_version.sh --version 3.6.5

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis
369ea7a041 Assemble ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine
0c4a951b37 Be more precise about the user/peer ID limitation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 84a9b26b88)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine
7e81fe32d0 Add storage format test case for JPAKE 
The storage test generator doesn't support JPAKE at this time. So write a
test case manually.

The key is not exercised, since `psa_exercise_key()` doesn't support PAKE at
this time. But at least we can use this test case to ensure that we know how
the key is represented in storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 98a4029d51)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine
90eac7fc7a Document JPAKE limitations 
Document limitations on the user ID, peer ID, primitive (elliptic curve) and
hash for `PSA_ALG_JPAKE`.

https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/502
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/503
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/504

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 8ca2a5bf95)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis
bafcf5bddf Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.5rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-02 15:37:04 +01:00
Bence Szépkúti
299ce78166 Merge pull request #10417 from bensze01/abicheck-worktree-submodules-3.6 
[3.6 backport] Use submodule work trees during ABI check
 2025-09-30 09:41:11 +00:00
Manuel Pégourié-Gonnard
f2021e28c6 Merge pull request #10421 from gilles-peskine-arm/psa-transition-guide-20250630-3.6 
Update PSA transition guide for 3.6.5
 2025-09-30 09:21:13 +00:00
David Horstmann
3c5efcb61b Merge pull request #10427 from bjwtaylor/time_t-backport 
Backport 3.6: Replace cases of time_t with mbedtls_time_t
 2025-09-29 19:35:11 +00:00
Ben Taylor
6e73b2f2fd Backport time_t type conversions 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-29 15:35:28 +01:00
Gilles Peskine
8701fddbc5 Remove sentence about 1.0 that should not have been backported 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-29 15:18:37 +02:00
Bence Szépkúti
616f9fde62 Fix comment too long for pylint 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-29 14:24:25 +02:00
Manuel Pégourié-Gonnard
02b7707b10 Merge pull request #10419 from mpg/fix-udp-proxy-3.6 
[3.6] Fix includes in udp_proxy.c
 2025-09-29 10:48:02 +00:00
Bence Szépkúti
e45e5046ba Prevent unnecessary submodule fetches 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 20:28:25 +02:00
Bence Szépkúti
d040427111 Eliminate use of git worktree prune 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 15:47:01 +02:00
Bence Szépkúti
99fa0abc75 Use f-string literal 
This makes path-construction a bit more readable

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 15:47:01 +02:00
Gilles Peskine
1e9efcc1ab Update some references to the future 
The future is now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:15:13 +02:00
Gilles Peskine
106700481d Improve explanations of configuration translation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:11:02 +02:00
Gilles Peskine
f6a7be0673 Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:10:09 +02:00
Gilles Peskine
4f9d6e9451 update 1.0.0/4.0.0 release bullet point 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:05:17 +02:00
Gilles Peskine
b9eeace74a Update asymmetric cryptography 
Minor clarifications also done in the TF-PSA-Crypto 1.0 update.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:02:22 +02:00
Gilles Peskine
223fd448ea Miscellaneous improvements 
Partial backport of "Update all except "Asymmetric cryptography" for
TF-PSA-Crypto", including only clarifications and the extra information
about migrating to `MBEDTLS_PSA_CRYPTO_CONFIG` that are also relevant in
3.6.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:57:33 +02:00
Gilles Peskine
e7a9546dfa Fix section names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:49:19 +02:00
Gilles Peskine
f7f3ec460a A few updates for 3.6 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:49:19 +02:00
Manuel Pégourié-Gonnard
be407038bf Fix includes in udp_proxy.c 
The program uses atoi() unconditionally, so it should include stdlib.h
unconditionally. Previously this happened to be indirectly included by
some other header (via pk.h via ssl.h) but we should not rely on that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-09-26 12:22:58 +02:00
Bence Szépkúti
cdd166274e Use worktrees instead of fetches for submodules 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-25 17:41:27 +02:00
Manuel Pégourié-Gonnard
5cbbca45dd Merge pull request #8197 from gilles-peskine-arm/readme-20230913 
Backport 3.6: Update README about PSA
 2025-09-24 08:01:44 +00:00
Gilles Peskine
70135847cd Merge pull request #1425 from gilles-peskine-arm/restricted-3.6-merge-public-20250916 
3.6: : merge public into restricted 2025-09-16
 2025-09-17 21:05:31 +02:00
Gilles Peskine
aa611e4bef Update framework to the merge of the merge PR 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 18:22:30 +02:00
Gilles Peskine
b6bf893c70 Qualify "reference implementation" wording 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 14:04:10 +02:00
Gilles Peskine
263b6925a2 The PSA implementation is production-quality 
This has been the case for a while, but we forgot to update the readme.

Don't prominently label it a "reference" implementation. That implies that
it's a complete implementation, but it isn't: we do not intend to implement
every mechanism that the PSA specification has an encoding for. That also
tends to imply that it's for demonstration purposes and not ready for
production, but Mbed TLS is intended to be used in production.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 14:04:10 +02:00
Gilles Peskine
334dfa8799 Merge remote-tracking branch '3.6' into restricted-3.6-merge-public-20250916 
Conflicts:

* `framework`: update submodule to the merge of `main` and `main-restricted`.
 2025-09-16 16:16:53 +02:00
Gilles Peskine
64d4c3675a Merge pull request #1424 from gilles-peskine-arm/pkcs7-padding-error-timing-leak-cveid-3.6 
CVE ID for PKCS7 padding timing leak in psa_cipher_finish
 2025-09-16 16:10:56 +02:00
Gilles Peskine
d1244932f1 We have a CVE ID 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-16 10:39:29 +02:00
Gilles Peskine
c2b94d45d4 Merge pull request #10401 from gilles-peskine-arm/psa_can_do-declare-publicly-3.6 
Backport 3.6: Declare psa_can_do_cipher() publicly
 2025-09-15 12:02:50 +00:00
Janos Follath
753036edb3 Merge pull request #10336 from gilles-peskine-arm/generated-files-lib-build-3.6 
Backport 3.6: fix `make lib GEN_FILES=` sometimes requiring python
 2025-09-12 13:27:26 +00:00
Gilles Peskine
9a5444a3b8 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:11 +02:00
Gilles Peskine
6e1b66320a Improve documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:09 +02:00
Gilles Peskine
447134b704 Announce psa_can_do_cipher() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:08 +02:00
Gilles Peskine
3aee15b8e5 Declare psa_can_do_cipher() in a public header 
Integrators in a client-server architecture need to provide this function on
the client side.

Fixes mbedtls/issues#10341.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:07 +02:00
Manuel Pégourié-Gonnard
3e59e0ae08 Merge pull request #1411 from mpg/bypass-wrappers 
[3.6] Bypass GCD/modinv wrappers when possible
 2025-09-11 12:25:23 +02:00
Manuel Pégourié-Gonnard
c6b28b31ef Be explicit about modinv output range 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-09-11 09:58:45 +02:00
Janos Follath
f46aee2603 Merge pull request #1406 from gilles-peskine-arm/pkcs7-padding-error-timing-leak-3.6 
Backport 3.6: Fix timing leak in PSA CBC-PKCS7 decryption
 2025-09-08 16:33:22 +01:00
David Horstmann
fb7eba06b0 Merge pull request #10387 from davidhorstmann-arm/upgrade-python-packages-3.6 
[Backport 3.6] Upgrade packages in requirements.txt
 2025-09-08 15:31:46 +00:00
Gilles Peskine
cc908ad04c Remove redundant memset on freshly initialized buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-08 12:22:39 +02:00
Gilles Peskine
2d666646ba Changelog entry for PSA CBC-PKCS7 padding oracle fix 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-08 12:22:39 +02:00