espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2026-06-06 05:24:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
32,346 Commits 38 Branches 168 Tags
e185d7fd85499c8ce5ca2a54f5cf8fe7dbe3f8df
Commit Graph

32346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
minosgalanakis e185d7fd85 Merge pull request #1428 from Mbed-TLS/mbedtls-3.6.5rc0-pr 
Mbedtls 3.6.5RC
mbedtls-3.6.5 		2025-10-13 08:39:14 +01:00
Minos Galanakis b1db32061c Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis 335197e60c Added generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis 2e1245171c Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis ad63800090 Version bump for mbedtls-3.5.6 
./scripts/bump_version.sh --version 3.6.5

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis 369ea7a041 Assemble ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine 0c4a951b37 Be more precise about the user/peer ID limitation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 84a9b26b88)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine 7e81fe32d0 Add storage format test case for JPAKE 
The storage test generator doesn't support JPAKE at this time. So write a
test case manually.

The key is not exercised, since `psa_exercise_key()` doesn't support PAKE at
this time. But at least we can use this test case to ensure that we know how
the key is represented in storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 98a4029d51)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Gilles Peskine 90eac7fc7a Document JPAKE limitations 
Document limitations on the user ID, peer ID, primitive (elliptic curve) and
hash for `PSA_ALG_JPAKE`.

https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/502
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/503
https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/504

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(cherry picked from commit 8ca2a5bf95)
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-10 18:04:55 +01:00
Minos Galanakis bafcf5bddf Merge remote-tracking branch 'restricted/mbedtls-3.6-restricted' into mbedtls-3.6.5rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-10-02 15:37:04 +01:00
Bence Szépkúti 299ce78166 Merge pull request #10417 from bensze01/abicheck-worktree-submodules-3.6 
[3.6 backport] Use submodule work trees during ABI check
 2025-09-30 09:41:11 +00:00
Manuel Pégourié-Gonnard f2021e28c6 Merge pull request #10421 from gilles-peskine-arm/psa-transition-guide-20250630-3.6 
Update PSA transition guide for 3.6.5
 2025-09-30 09:21:13 +00:00
David Horstmann 3c5efcb61b Merge pull request #10427 from bjwtaylor/time_t-backport 
Backport 3.6: Replace cases of time_t with mbedtls_time_t
 2025-09-29 19:35:11 +00:00
Ben Taylor 6e73b2f2fd Backport time_t type conversions 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-29 15:35:28 +01:00
Gilles Peskine 8701fddbc5 Remove sentence about 1.0 that should not have been backported 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-29 15:18:37 +02:00
Bence Szépkúti 616f9fde62 Fix comment too long for pylint 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-29 14:24:25 +02:00
Manuel Pégourié-Gonnard 02b7707b10 Merge pull request #10419 from mpg/fix-udp-proxy-3.6 
[3.6] Fix includes in udp_proxy.c
 2025-09-29 10:48:02 +00:00
Bence Szépkúti e45e5046ba Prevent unnecessary submodule fetches 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 20:28:25 +02:00
Bence Szépkúti d040427111 Eliminate use of git worktree prune 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 15:47:01 +02:00
Bence Szépkúti 99fa0abc75 Use f-string literal 
This makes path-construction a bit more readable

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-26 15:47:01 +02:00
Gilles Peskine 1e9efcc1ab Update some references to the future 
The future is now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:15:13 +02:00
Gilles Peskine 106700481d Improve explanations of configuration translation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:11:02 +02:00
Gilles Peskine f6a7be0673 Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:10:09 +02:00
Gilles Peskine 4f9d6e9451 update 1.0.0/4.0.0 release bullet point 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:05:17 +02:00
Gilles Peskine b9eeace74a Update asymmetric cryptography 
Minor clarifications also done in the TF-PSA-Crypto 1.0 update.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 15:02:22 +02:00
Gilles Peskine 223fd448ea Miscellaneous improvements 
Partial backport of "Update all except "Asymmetric cryptography" for
TF-PSA-Crypto", including only clarifications and the extra information
about migrating to `MBEDTLS_PSA_CRYPTO_CONFIG` that are also relevant in
3.6.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:57:33 +02:00
Gilles Peskine e7a9546dfa Fix section names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:49:19 +02:00
Gilles Peskine f7f3ec460a A few updates for 3.6 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-26 14:49:19 +02:00
Manuel Pégourié-Gonnard be407038bf Fix includes in udp_proxy.c 
The program uses atoi() unconditionally, so it should include stdlib.h
unconditionally. Previously this happened to be indirectly included by
some other header (via pk.h via ssl.h) but we should not rely on that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-09-26 12:22:58 +02:00
Bence Szépkúti cdd166274e Use worktrees instead of fetches for submodules 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-09-25 17:41:27 +02:00
Manuel Pégourié-Gonnard 5cbbca45dd Merge pull request #8197 from gilles-peskine-arm/readme-20230913 
Backport 3.6: Update README about PSA
 2025-09-24 08:01:44 +00:00
Gilles Peskine 70135847cd Merge pull request #1425 from gilles-peskine-arm/restricted-3.6-merge-public-20250916 
3.6: : merge public into restricted 2025-09-16
 2025-09-17 21:05:31 +02:00
Gilles Peskine aa611e4bef Update framework to the merge of the merge PR 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 18:22:30 +02:00
Gilles Peskine b6bf893c70 Qualify "reference implementation" wording 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 14:04:10 +02:00
Gilles Peskine 263b6925a2 The PSA implementation is production-quality 
This has been the case for a while, but we forgot to update the readme.

Don't prominently label it a "reference" implementation. That implies that
it's a complete implementation, but it isn't: we do not intend to implement
every mechanism that the PSA specification has an encoding for. That also
tends to imply that it's for demonstration purposes and not ready for
production, but Mbed TLS is intended to be used in production.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 14:04:10 +02:00
Gilles Peskine 334dfa8799 Merge remote-tracking branch '3.6' into restricted-3.6-merge-public-20250916 
Conflicts:

* `framework`: update submodule to the merge of `main` and `main-restricted`.
 2025-09-16 16:16:53 +02:00
Gilles Peskine 64d4c3675a Merge pull request #1424 from gilles-peskine-arm/pkcs7-padding-error-timing-leak-cveid-3.6 
CVE ID for PKCS7 padding timing leak in psa_cipher_finish
 2025-09-16 16:10:56 +02:00
Gilles Peskine d1244932f1 We have a CVE ID 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-16 10:39:29 +02:00
Gilles Peskine c2b94d45d4 Merge pull request #10401 from gilles-peskine-arm/psa_can_do-declare-publicly-3.6 
Backport 3.6: Declare psa_can_do_cipher() publicly
 2025-09-15 12:02:50 +00:00
Janos Follath 753036edb3 Merge pull request #10336 from gilles-peskine-arm/generated-files-lib-build-3.6 
Backport 3.6: fix `make lib GEN_FILES=` sometimes requiring python
 2025-09-12 13:27:26 +00:00
Gilles Peskine 9a5444a3b8 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:11 +02:00
Gilles Peskine 6e1b66320a Improve documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:09 +02:00
Gilles Peskine 447134b704 Announce psa_can_do_cipher() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:08 +02:00
Gilles Peskine 3aee15b8e5 Declare psa_can_do_cipher() in a public header 
Integrators in a client-server architecture need to provide this function on
the client side.

Fixes mbedtls/issues#10341.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-12 11:27:07 +02:00
Manuel Pégourié-Gonnard 3e59e0ae08 Merge pull request #1411 from mpg/bypass-wrappers 
[3.6] Bypass GCD/modinv wrappers when possible
 2025-09-11 12:25:23 +02:00
Manuel Pégourié-Gonnard c6b28b31ef Be explicit about modinv output range 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-09-11 09:58:45 +02:00
Janos Follath f46aee2603 Merge pull request #1406 from gilles-peskine-arm/pkcs7-padding-error-timing-leak-3.6 
Backport 3.6: Fix timing leak in PSA CBC-PKCS7 decryption
 2025-09-08 16:33:22 +01:00
David Horstmann fb7eba06b0 Merge pull request #10387 from davidhorstmann-arm/upgrade-python-packages-3.6 
[Backport 3.6] Upgrade packages in requirements.txt
 2025-09-08 15:31:46 +00:00
Gilles Peskine cc908ad04c Remove redundant memset on freshly initialized buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-08 12:22:39 +02:00
Gilles Peskine 2d666646ba Changelog entry for PSA CBC-PKCS7 padding oracle fix 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-08 12:22:39 +02:00