Gilles Peskine
Gilles Peskine
In [`scripts/ci.requirements.txt`](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6.0/scripts/ci.requirements.txt), we impose a specific version of Pylint, because newer versions are likely to add additional checks that fail on our code. Unfortunately, newer versions of _Python_ can also...
`programs/ssl/ssl_client1.c` disables server authentication by default. (OPTIONAL then ignored except for printing a message.) ``` /* OPTIONAL is not optimal for security, * but makes interop easier in this simplified...
Validate asymmetric key data. Uses the OpenSSL 3 command line, because that turned out to be convenient. This will avoid a repeat of https://github.com/Mbed-TLS/mbedtls/pull/8986#discussion_r1562655123, and make reviewing future changes to...
During the preparation of Mbed TLS 4.0, we [pointed OSS-Fuzz to `mbedtls-3.6`](https://github.com/google/oss-fuzz/pull/11850), due to the likely instability of the `development` branch. The goal of this issue is to migrate OSS-Fuzz...
[OSS-Fuzz](https://github.com/google/oss-fuzz) runs three differential fuzzers that access low-level APIs in Mbed TLS: * [cryptofuzz](https://github.com/guidovranken/cryptofuzz): high level APIs (we're in the process of [adding PSA](https://github.com/Mbed-TLS/mbedtls/issues/8200)), many bignum functions, some ECC functions....
In `ssl-opt.sh`, we try to automatically infer dependencies of test cases involving certificates, including this code snippet: ``` case "$CMD_LINE" in *server2*|\ *server7*) # server2 and server7 certificates use RSA...
Starting from the `all.sh` component created in https://github.com/Mbed-TLS/mbedtls/issues/8962: 1. In that component, build Mbed TLS twice, in separate build directories: * Once with the configuration of `component_build_full_psa_crypto_client_without_crypto_provider`, but with some...
We have several configuration options that tweak performance/memory/code-size/side-channel-resistance compromises of a specific part of the library, without affecting the functional behavior of the library. In particular, they do not affect...
Move to Python 3.6 as the minimum Python version that actually works. This is the oldest Python version that we [promise to support in Mbed TLS 2.28 LTS](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-2.28/README.md#tool-versions). Take advantage...
Document that `make_generated_files.bat` needs a C compiler as `%CC%` or `cc` (for `c_build_helper` users: `generate_psa_tests.py`). ## PR checklist Please tick as appropriate and edit the reasons (e.g.: "backport: not needed...