Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: Mbed-TLS/mbedtls
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 06c466d869094390e1d48cb05649ea118b273f61
Choose a base ref
...
head repository: Mbed-TLS/mbedtls
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: da635ab65760bf1d6fe4abf0121aab2b6d2a5bad
Choose a head ref

Commits on Mar 6, 2023

  1. Fix llvm error: variable 'default_iv_length' may be used uninitialized

    Backport of #7210
    
    Signed-off-by: Sergey <sergio_nsk@yahoo.de>
    sergio-nsk authored Mar 6, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    04eb7c0 View commit details

Commits on Aug 22, 2023

  1. Remove comments that duplicate the 'msg' call just below

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 22, 2023
    Copy the full SHA
    2d04ce2 View commit details
  2. Fix inconsistencies in no-chachapoly test

    The original goal (#5072) was to run
    a test with ChaChaPoly disabled in PSA. It was actually implemented with GCM
    also partially disabled (legacy GCM enabled but PSA GCM disabled), which
    distracted from the objective. It's actually useful to test both with and
    without GCM, so test both. Don't test inconsistencies between legacy and PSA
    support because that's not a common case and not one we have particular
    reasons to test.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 22, 2023
    Copy the full SHA
    d4c85af View commit details
  3. Make malloc-0-null a user config file

    Having a wrapper made it harder to use: incompatible with setting
    MBEDTLS_CONFIG_FILE, harder to combine with other settings. It was also
    surprising since it was the only test config that was structured in that
    way.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 22, 2023
    Copy the full SHA
    2e70f1c View commit details
  4. Correct some msg messages in full config

    When MBEDTLS_USE_PSA_CRYPTO is disabled on a base of full, mention it.
    
    Don't explicitly mention MBEDTLS_PSA_CRYPTO_CONFIG when also mentioning
    PSA_WANT_xxx, since PSA_WANT symbols are only meaningful when
    MBEDTLS_PSA_CRYPTO_CONFIG is enabled.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 22, 2023
    Copy the full SHA
    168be01 View commit details
  5. Simplify the logic in a test

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 22, 2023
    Copy the full SHA
    56081de View commit details

Commits on Aug 23, 2023

  1. PSA_CRYPTO_DRIVER_TEST_ALL is incompatible with MBEDTLS_PSA_CRYPTO_CO…

    …NFIG
    
    Explain how PSA_CRYPTO_DRIVER_TEST_ALL works and why we have it. Note that
    it is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG.
    
    MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is in the full config, so there's no need to
    add it explicitly.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Aug 23, 2023
    Copy the full SHA
    8d77ec2 View commit details

Commits on Sep 7, 2023

  1. Fix boolean options in the wrong section

    Boolean options that modify the behavior of a module are supposed to be in
    the "feature support" section, not in the "configuration options" support:
    that section is documented to contain commented-out definitions with a
    value, for which the comment contains the default version. In particular,
    merely uncommenting a definition in the "configuration options" section is
    not supposed to change anything.
    
    Move the offending boolean options to the proper section.
    
    This causes those options to be enabled by `config.py full` unless
    explicitly excluded. For the moved options:
    
    * Everest is already explicitly excluded.
    * The ALT options need to link against a custom function, so exclude them.
    * `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is ok for testing, and is
      currently never tested in `all.sh`. With this commit, we will now test the
      library with it enabled in configurations based on `full`.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 7, 2023
    Copy the full SHA
    937b91e View commit details
  2. Update generated files

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 7, 2023
    Copy the full SHA
    e008890 View commit details

Commits on Sep 8, 2023

  1. Pacify pylint

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 8, 2023
    Copy the full SHA
    3a11771 View commit details

Commits on Sep 11, 2023

  1. Merge pull request #8173 from gilles-peskine-arm/config-boolean-optio…

    …ns-wrong-section-202309-2.28
    
    Backport 2.28: Fix boolean options in the wrong section
    daverodgman authored Sep 11, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    198fbc2 View commit details

Commits on Sep 12, 2023

  1. PSA config: Add comment about HKDF.

    Signed-off-by: Ronald Cron <ronald.cron@arm.com>
    ronald-cron-arm committed Sep 12, 2023
    Copy the full SHA
    fa9392a View commit details
  2. Allow "Mbed TLS" as the project name in Doxygen

    Previously the code only recognized the old spelling "mbed TLS", so it
    missed doxygen/input/doc_mainpage.h.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 12, 2023
    Copy the full SHA
    bd44d93 View commit details
  3. Update spelling "mbed TLS" to "Mbed TLS"

    The official spelling of the trade mark changed from all-lowercase "mbed"
    to normal proper noun capitalization "Mbed" a few years ago. We've been
    using the new spelling in new text but still have the old spelling in a
    lot of text. This commit updates most occurrences of "mbed TLS":
    
    ```
    sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
    ```
    
    Justification for the omissions:
    
    * `ChangeLog`: historical text.
    * `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
      occurrences are significant names in certificates and such. Changing
      the spelling would invalidate many signatures and tests.
    * `configs/tfm*`: this is an imported file. We'll follow the upstream
      updates.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 12, 2023
    Copy the full SHA
    f08ca83 View commit details
  4. More spelling corrections

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 12, 2023
    Copy the full SHA
    bd26a8d View commit details

Commits on Sep 13, 2023

  1. Merge pull request #8194 from gilles-peskine-arm/bump_version-doc_mai…

    …npage-2.28
    
    Backport 2.28: Update capitalization of "Mbed" and fix bump_version.sh
    daverodgman authored Sep 13, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    fcbcf57 View commit details
  2. aesni: define MBEDTLS_HAVE_X86

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 13, 2023
    Copy the full SHA
    5a09159 View commit details
  3. aesni: make AESNI only operate on X86 and X86_64

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 13, 2023
    Copy the full SHA
    dc5a88b View commit details
  4. aesni: refine the condition of MBEDTLS_HAVE_X86_64

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 13, 2023
    Copy the full SHA
    e707dc1 View commit details
  5. Merge pull request #8172 from ronald-cron-arm/psa-config-add-comment

    Backport 2.28: Add comment about HKDF in config_psa.h
    gilles-peskine-arm authored Sep 13, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    3d9978e View commit details
  6. Merge pull request #7211 from sergio-nsk/patch-3

    mbedtls-2.28: Fix llvm error: variable 'default_iv_length' may be used uninitialized
    gilles-peskine-arm authored Sep 13, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    5161645 View commit details

Commits on Sep 14, 2023

  1. padlock: introduce MBEDTLS_VIA_PADLOCK_HAVE_CODE

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 14, 2023
    Copy the full SHA
    7fb6fc6 View commit details

Commits on Sep 15, 2023

  1. Remove unneeded setting of ret from ssl programs

    Remove a coverity warning on unused values.
    
    Signed-off-by: Paul Elliott <paul.elliott@arm.com>
    paul-elliott-arm committed Sep 15, 2023
    Copy the full SHA
    2391649 View commit details

Commits on Sep 18, 2023

  1. Merge pull request #8218 from paul-elliott-arm/remove_unused_values_p…

    …rograms_2_28
    
    Backport 2.28: Remove unneeded setting of ret from ssl programs
    gilles-peskine-arm authored Sep 18, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    433aa1c View commit details
  2. Merge pull request #8103 from gilles-peskine-arm/7961-2.28

    Backport 2.28: parts of #7961
    gilles-peskine-arm authored Sep 18, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    3591cc6 View commit details

Commits on Sep 21, 2023

  1. Fix the comments of some guards

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 21, 2023
    Copy the full SHA
    20384f4 View commit details

Commits on Sep 22, 2023

  1. Remove all travis builds except for coverity_scan

    Signed-off-by: Paul Elliott <paul.elliott@arm.com>
    paul-elliott-arm committed Sep 22, 2023
    Copy the full SHA
    471425d View commit details

Commits on Sep 24, 2023

  1. Merge pull request #8245 from paul-elliott-arm/remove_travis_ci_2.28

    [Backport 2.28] Remove all travis builds except for coverity_scan
    gilles-peskine-arm authored Sep 24, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    b53e630 View commit details

Commits on Sep 26, 2023

  1. Fix comment

    Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
    lpy4105 committed Sep 26, 2023
    Copy the full SHA
    8068b08 View commit details
  2. Re-add python install of requirements to Travis CI.

    Also correct 'distro to 'dist' and update ubuntu to jammy and python
    to 3.10 to hopefully fend off future issues. Too much got removed
    when disabling travis and the Coverity scan build was failing on 'make
    generated-files', due to lack of installed python dependencies
    
    Signed-off-by: Paul Elliott <paul.elliott@arm.com>
    paul-elliott-arm committed Sep 26, 2023
    Copy the full SHA
    13481f0 View commit details
  3. Merge pull request #8209 from lpy4105/issue/8168/2.28_fix-aesni-selec…

    …tion
    
    2.28: Fix AESNI selection
    daverodgman authored Sep 26, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    7a8ec0f View commit details
  4. Merge pull request #8254 from paul-elliott-arm/fix_travis_coverity_bu…

    …ild_2_28
    
    [Backport 2.28] Re-add python install of requirements to Travis CI.
    daverodgman authored Sep 26, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    dce82cd View commit details

Commits on Sep 29, 2023

  1. Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT

    When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail
    
    Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
    JonathanWitthoeft authored and gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    bfb0b39 View commit details
  2. Make mbedtls_ecdsa_can_do definition unconditional

    Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
    JonathanWitthoeft authored and gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    930679a View commit details
  3. Adjust ChangeLog

    Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
    JonathanWitthoeft authored and gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    3ead877 View commit details
  4. Add new error code for SSL cache entry not found

    There was no good error to return in this case.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    917dd8b View commit details
  5. ssl_cache: return error codes on error

    mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() returned 1 on many error
    conditions. Change this to returning a negative MBEDTLS_ERR_xxx error code.
    
    Completeness: after this commit, there are no longer any occurrences of
    `return 1` or `ret = 1`.
    
    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    fe4d93a View commit details
  6. Changelog entry for mbedtls_ssl_cache error code fixes

    Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
    gilles-peskine-arm committed Sep 29, 2023
    Copy the full SHA
    5856fd3 View commit details
  7. Merge pull request #8279 from gilles-peskine-arm/mbedtls_ecdsa_can_do

    Backport 2.28: Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
    daverodgman authored Sep 29, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    8c28032 View commit details
  8. Merge pull request #8280 from gilles-peskine-arm/ssl_cache-negative_e…

    …rrors-2.28
    
    Backport 2.28: ssl_cache: misc improvements
    daverodgman authored Sep 29, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    da635ab View commit details
Showing with 408 additions and 432 deletions.
  1. +1 −1 .github/issue_template.md
  2. +13 −82 .travis.yml
  3. +1 −1 3rdparty/everest/include/everest/vs2010/inttypes.h
  4. +1 −1 3rdparty/everest/include/everest/vs2010/stdbool.h
  5. +1 −1 3rdparty/everest/include/everest/x25519.h
  6. +1 −1 3rdparty/everest/library/Hacl_Curve25519_joined.c
  7. +1 −1 3rdparty/everest/library/x25519.c
  8. +7 −7 CMakeLists.txt
  9. +4 −0 ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
  10. +3 −0 ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
  11. +1 −1 DartConfiguration.tcl
  12. +1 −1 configs/README.txt
  13. +2 −2 configs/config-mini-tls1_1.h
  14. +2 −2 configs/config-no-entropy.h
  15. +2 −2 configs/config-suite-b.h
  16. +2 −2 configs/config-thread.h
  17. +1 −1 doxygen/mbedtls.doxyfile
  18. +1 −1 include/CMakeLists.txt
  19. +17 −9 include/mbedtls/aesni.h
  20. +1 −1 include/mbedtls/check_config.h
  21. +1 −1 include/mbedtls/compat-1.3.h
  22. +88 −88 include/mbedtls/config.h
  23. +4 −0 include/mbedtls/config_psa.h
  24. +1 −1 include/mbedtls/ecp.h
  25. +1 −1 include/mbedtls/entropy_poll.h
  26. +3 −3 include/mbedtls/error.h
  27. +6 −2 include/mbedtls/padlock.h
  28. +1 −1 include/mbedtls/pkcs11.h
  29. +1 −1 include/mbedtls/platform_time.h
  30. +2 −0 include/mbedtls/ssl.h
  31. +8 −0 include/mbedtls/ssl_cache.h
  32. +1 −1 include/mbedtls/ssl_ciphersuites.h
  33. +2 −2 include/mbedtls/threading.h
  34. +6 −6 include/mbedtls/version.h
  35. +2 −2 include/mbedtls/x509_crt.h
  36. +1 −1 include/mbedtls/x509_csr.h
  37. +4 −4 library/CMakeLists.txt
  38. +6 −6 library/aes.c
  39. +1 −1 library/cipher.c
  40. +1 −1 library/cipher_wrap.c
  41. +13 −13 library/ecdsa.c
  42. +1 −1 library/ecjpake.c
  43. +2 −0 library/error.c
  44. +1 −1 library/md.c
  45. +1 −1 library/mps_common.h
  46. +1 −1 library/mps_error.h
  47. +1 −1 library/mps_reader.h
  48. +1 −1 library/mps_trace.h
  49. +2 −2 library/padlock.c
  50. +1 −1 library/psa_crypto.c
  51. +2 −2 library/psa_crypto_core.h
  52. +16 −16 library/ssl_cache.c
  53. +1 −1 library/ssl_ciphersuites.c
  54. +12 −0 library/version_features.c
  55. +0 −1 programs/ssl/dtls_client.c
  56. +0 −1 programs/ssl/dtls_server.c
  57. +1 −1 programs/ssl/ssl_fork_server.c
  58. +2 −2 programs/ssl/ssl_mail_client.c
  59. +1 −1 programs/ssl/ssl_pthread_server.c
  60. +1 −1 programs/ssl/ssl_server.c
  61. +1 −2 programs/ssl/ssl_server2.c
  62. +48 −48 programs/test/query_config.c
  63. +2 −2 scripts/bump_version.sh
  64. +5 −1 scripts/config.py
  65. +2 −2 scripts/footprint.sh
  66. +2 −2 scripts/generate_features.pl
  67. +1 −1 scripts/lcov.sh
  68. +3 −3 scripts/rename.pl
  69. +2 −2 tests/compat.sh
  70. +20 −0 tests/configs/user-config-for-test.h
  71. +1 −8 tests/configs/{config-wrapper-malloc-0-null.h → user-config-malloc-0-null.h}
  72. +1 −1 tests/data_files/Makefile
  73. +41 −54 tests/scripts/all.sh
  74. +1 −1 tests/scripts/basic-build-test.sh
  75. +1 −1 tests/scripts/check-doxy-blocks.pl
  76. +1 −1 tests/scripts/check-generated-files.sh
  77. +1 −1 tests/scripts/doxygen.sh
  78. +1 −1 tests/scripts/generate-afl-tests.sh
  79. +1 −1 tests/suites/test_suite_ecp.function
  80. +7 −10 tests/suites/test_suite_ssl.function
  81. +2 −2 tests/suites/test_suite_version.function
  82. +1 −1 tests/suites/test_suite_x509parse.function
2 changes: 1 addition & 1 deletion .github/issue_template.md
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ github issues for questions.
**OS**
Mbed OS|linux|windows|

**mbed TLS build:**
**Mbed TLS build:**
Version: x.x.x or git commit id
OS version: x.x.x
Configuration: please attach config.h file where possible
95 changes: 13 additions & 82 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,93 +1,24 @@
language: c
compiler: gcc
sudo: false
cache: ccache

jobs:
include:
- name: basic checks and reference configurations
addons:
apt:
packages:
- gnutls-bin
- doxygen
- graphviz
- gcc-arm-none-eabi
- libnewlib-arm-none-eabi
- gcc-arm-linux-gnueabi
- libc6-dev-armel-cross
language: python # Needed to get pip for Python 3
python: 3.5 # version from Ubuntu 16.04
install:
- scripts/min_requirements.py
script:
- tests/scripts/all.sh -k 'check_*'
- tests/scripts/all.sh -k test_default_out_of_box
- tests/scripts/all.sh -k test_ref_configs
- tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
# Declare python as our language. This way we get our chosen Python version,
# and pip is available. Gcc and clang are available anyway.
dist: jammy
os: linux
language: python
python: 3.10

- name: full configuration
os: linux
dist: focal
addons:
apt:
packages:
- clang-10
- gnutls-bin
env:
# Platform tests have an allocation that returns null
- ASAN_OPTIONS="allocator_may_return_null=1"
- MSAN_OPTIONS="allocator_may_return_null=1"
script:
# Do a manual build+test sequence rather than using all.sh,
# because there's no all.sh component that does what we want,
# which is a build with Clang >= 10 and ASan, running all the SSL
# testing.
# - The clang executable in the default PATH is Clang 7 on
# Travis's focal instances, but we want Clang >= 10.
# - Running all the SSL testing requires a specific set of
# OpenSSL and GnuTLS versions and we don't want to bother
# with those on Travis.
# So we explicitly select clang-10 as the compiler, and we
# have ad hoc restrictions on SSL testing based on what is
# passing at the time of writing. We will remove these limitations
# gradually.
- make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
- make test
- programs/test/selftest
- tests/scripts/test_psa_constant_names.py
# Exclude a few test cases that are failing mysteriously.
# https://github.com/Mbed-TLS/mbedtls/issues/6660
- tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list'
# Modern OpenSSL does not support null or ancient ciphers.
- tests/compat.sh -p OpenSSL -e 'NULL\|DES\|RC4'
- tests/scripts/travis-log-failure.sh
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
# Modern GnuTLS does not support DES.
# One NULL cipher suite is strangely missing in pre-1.2 protocol
# versions (it works with (D)TLS1.2, but don't bother).
- tests/compat.sh -p GnuTLS -e 'CAMELLIA\|DES\|TLS-RSA-WITH-NULL-SHA256'
- tests/scripts/travis-log-failure.sh
- tests/context-info.sh
cache: ccache

- name: Windows
os: windows
script:
- scripts/windows_msbuild.bat v141 # Visual Studio 2017
- visualc/VS2010/x64/Release/selftest.exe --ci
branches:
only:
coverity_scan

after_failure:
- tests/scripts/travis-log-failure.sh
install:
- $PYTHON scripts/min_requirements.py

env:
global:
- SEED=1
- secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="

- secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
addons:
apt:
packages:
- gnutls-bin
coverity_scan:
project:
name: "ARMmbed/mbedtls"
2 changes: 1 addition & 1 deletion 3rdparty/everest/include/everest/vs2010/inttypes.h
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/

#ifndef _INTTYPES_H_VS2010
2 changes: 1 addition & 1 deletion 3rdparty/everest/include/everest/vs2010/stdbool.h
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/

#ifndef _STDBOOL_H_VS2010
2 changes: 1 addition & 1 deletion 3rdparty/everest/include/everest/x25519.h
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/

#ifndef MBEDTLS_X25519_H
2 changes: 1 addition & 1 deletion 3rdparty/everest/library/Hacl_Curve25519_joined.c
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/

#include "common.h"
2 changes: 1 addition & 1 deletion 3rdparty/everest/library/x25519.c
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/

#include "common.h"
14 changes: 7 additions & 7 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -34,18 +34,18 @@ cmake_policy(SET CMP0011 NEW)
cmake_policy(SET CMP0012 NEW)

if(TEST_CPP)
project("mbed TLS" C CXX)
project("Mbed TLS" C CXX)
else()
project("mbed TLS" C)
project("Mbed TLS" C)
endif()

# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})

option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
option(USE_PKCS11_HELPER_LIBRARY "Build Mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build Mbed TLS with zlib library." OFF)

option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)

option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
@@ -57,9 +57,9 @@ string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")

# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
option(ENABLE_TESTING "Build mbed TLS tests." OFF)
option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
option(ENABLE_TESTING "Build mbed TLS tests." ON)
option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()

# Warning string - created as a list for compatibility with CMake 2.8
4 changes: 4 additions & 0 deletions ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Bugfix
* Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
error code on failure. Before, they returned 1 to indicate failure in
some cases involving a missing entry or a full cache.
3 changes: 3 additions & 0 deletions ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bugfix
* Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
2 changes: 1 addition & 1 deletion DartConfiguration.tcl
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Site: localhost
BuildName: mbed TLS-test
BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
2 changes: 1 addition & 1 deletion configs/README.txt
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ them, you can pick one of the following methods:
make

Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.
configuration file outside the Mbed TLS tree.
4 changes: 2 additions & 2 deletions configs/config-mini-tls1_1.h
Original file line number Diff line number Diff line change
@@ -33,13 +33,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME

/* mbed TLS feature support */
/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_1

/* mbed TLS modules */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
4 changes: 2 additions & 2 deletions configs/config-no-entropy.h
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME

/* mbed TLS feature support */
/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -53,7 +53,7 @@
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE

/* mbed TLS modules */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
4 changes: 2 additions & 2 deletions configs/config-suite-b.h
Original file line number Diff line number Diff line change
@@ -40,13 +40,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME

/* mbed TLS feature support */
/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS modules */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
4 changes: 2 additions & 2 deletions configs/config-thread.h
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM

/* mbed TLS feature support */
/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -50,7 +50,7 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_EXPORT_KEYS

/* mbed TLS modules */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
2 changes: 1 addition & 1 deletion doxygen/mbedtls.doxyfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
PROJECT_NAME = "mbed TLS v2.28.4"
PROJECT_NAME = "Mbed TLS v2.28.4"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
2 changes: 1 addition & 1 deletion include/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)

if(INSTALL_MBEDTLS_HEADERS)

26 changes: 17 additions & 9 deletions include/mbedtls/aesni.h
Original file line number Diff line number Diff line change
@@ -36,16 +36,20 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u

/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__)) && \
!defined(MBEDTLS_HAVE_X86_64)
#if !defined(MBEDTLS_HAVE_X86_64) && \
(defined(__amd64__) || defined(__x86_64__) || \
defined(_M_X64) || defined(_M_AMD64)) && \
!defined(_M_ARM64EC)
#define MBEDTLS_HAVE_X86_64
#endif

#if defined(MBEDTLS_AESNI_C)
#if !defined(MBEDTLS_HAVE_X86) && \
(defined(__i386__) || defined(_M_IX86))
#define MBEDTLS_HAVE_X86
#endif

#if defined(MBEDTLS_AESNI_C) && \
(defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))

/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
@@ -72,7 +76,11 @@
* favor the assembly-based implementation if it's available. We intend to
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
* likely remove the assembly implementation. */
#if defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_HAVE_ASM) && \
defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
@@ -168,6 +176,6 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
#endif

#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */
#endif /* MBEDTLS_AESNI_C && (MBEDTLS_HAVE_X86_64 || MBEDTLS_HAVE_X86) */

#endif /* MBEDTLS_AESNI_H */
2 changes: 1 addition & 1 deletion include/mbedtls/check_config.h
Original file line number Diff line number Diff line change
@@ -35,7 +35,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
#error "mbed TLS requires a platform with 8-bit chars"
#error "Mbed TLS requires a platform with 8-bit chars"
#endif

#if defined(_WIN32)
2 changes: 1 addition & 1 deletion include/mbedtls/compat-1.3.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/**
* \file compat-1.3.h
*
* \brief Compatibility definitions for using mbed TLS with client code written
* \brief Compatibility definitions for using Mbed TLS with client code written
* for the PolarSSL naming conventions.
*
* \deprecated Use the new names directly instead
Loading