Update mbedtls

.gitattributes

@@ -0,0 +1,2 @@
+# Classify all '.function' files as C for syntax highlighting purposes
+*.function linguist-language=C

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,6 +7,12 @@ assignees: ''
 
 ---
 
+**WARNING:** if the bug you are reporting has or may have security implications,
+we ask that you report it privately to
+<[email protected]>
+so that we can prepare and release a fix before publishing the details.
+See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md).
+
 ### Summary
 
 
@@ -25,6 +31,10 @@ Additional environment information:
 
 ### Actual behavior
 
+**WARNING:* if the actual behaviour suggests memory corruption (like a crash or an error
+from a memory checker), then the bug should be assumed to have security
+implications (until proven otherwise), and we ask what you report it privately,
+see the note at the top of this template.
 
 
 ### Steps to reproduce

.github/ISSUE_TEMPLATE/config.yml

@@ -4,5 +4,5 @@ contact_links:
       url: mailto:[email protected]
       about: Report a security vulnerability.
     - name: Mbed TLS mailing list
-      url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+      url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org
       about: Mbed TLS community support and general discussion.

.github/pull_request_template.md

@@ -1,36 +1,31 @@
-Notes:
-* Pull requests cannot be accepted until the PR follows the [contributing guidelines](../CONTRIBUTING.md). In particular, each commit must have at least one `Signed-off-by:` line from the committer to certify that the contribution is made under the terms of the [Developer Certificate of Origin](../dco.txt).
-* This is just a template, so feel free to use/remove the unnecessary things
 ## Description
-A few sentences describing the overall goals of the pull request's commits.
 
+Please write a few sentences describing the overall goals of the pull request's commits.
 
-## Status
-**READY/IN DEVELOPMENT/HOLD**
 
-## Requires Backporting
-When there is a bug fix, it should be backported to all maintained and supported branches.
-Changes do not have to be backported if:
-- This PR is a new feature\enhancement
-- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch
 
-Yes | NO  
-Which branch?
+## PR checklist
 
-## Migrations
-If there is any API change, what's the incentive and logic for it.
+Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
+If the provided content is part of the present PR remove the # symbol.
 
-YES | NO
+- [ ] **changelog** provided | not required because: 
+- [ ] **development PR** provided # | not required because: 
+- [ ] **TF-PSA-Crypto PR** provided # | not required because: 
+- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required
+- [ ] **3.6 PR** provided # | not required because: 
+- **tests**  provided | not required because: 
 
-## Additional comments
-Any additional information that could be of interest
 
-## Todos
-- [ ] Tests
-- [ ] Documentation
-- [ ] Changelog updated
-- [ ] Backported
 
+## Notes for the submitter
 
-## Steps to test or reproduce
-Outline the steps to test or reproduce the PR here.
+Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the
+checklist for PR contributors.
+
+Help make review efficient:
+* Multiple simple commits
+  - please structure your PR into a series of small commits, each of which does one thing
+* Avoid force-push
+  - please do not force-push to update your PR - just add new commit(s)
+* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process.

.gitignore

@@ -1,5 +1,8 @@
 # Random seed file created by test scripts and sample programs
 seedfile
+# Log files created by all.sh to reduce the logs in case a component runs
+# successfully
+quiet-make.*
 
 # CMake build artifacts:
 CMakeCache.txt
@@ -23,6 +26,15 @@ coverage-summary.txt
 # generated by scripts/memory.sh
 massif-*
 
+# Eclipse project files
+.cproject
+.project
+/.settings
+
+# Unix-like build artifacts:
+*.o
+*.s
+
 # MSVC build artifacts:
 *.exe
 *.pdb
@@ -52,3 +64,11 @@ massif-*
 /TAGS
 /cscope*.out
 /tags
+
+# clangd compilation database
+compile_commands.json
+# clangd index files
+/.cache/clangd/index/
+
+# VScode folder to store local debug files and configurations
+.vscode

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "framework"]
+	path = framework
+	url = https://github.com/Mbed-TLS/mbedtls-framework
+[submodule "tf-psa-crypto"]
+	path = tf-psa-crypto
+	url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git

.mypy.ini

@@ -1,4 +1,4 @@
 [mypy]
-mypy_path = scripts
+mypy_path = framework/scripts:scripts
 namespace_packages = True
 warn_unused_configs = True

.pylintrc

@@ -1,5 +1,6 @@
 [MASTER]
-init-hook='import sys; sys.path.append("scripts")'
+init-hook='import sys; sys.path.append("scripts"); sys.path.append("framework/scripts")'
+min-similarity-lines=10
 
 [BASIC]
 # We're ok with short funtion argument names.
@@ -69,7 +70,22 @@ disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-re
 # Don't diplay statistics. Just the facts.
 reports=no
 
+[STRING]
+# Complain about
+# ```
+# list_of_strings = [
+#    'foo' # <-- missing comma
+#    'bar',
+#    'corge',
+# ]
+# ```
+check-str-concat-over-line-jumps=yes
+
 [VARIABLES]
 # Allow unused variables if their name starts with an underscore.
 # [unused-argument]
 dummy-variables-rgx=_.*
+
+[SIMILARITIES]
+# Ignore imports when computing similarities.
+ignore-imports=yes

.readthedocs.yaml

@@ -0,0 +1,37 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Include all submodules in the build
+submodules:
+  include: all
+  recursive: true
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
+  jobs:
+    pre_build:
+    - ./framework/scripts/apidoc_full.sh
+    - breathe-apidoc -o docs/api apidoc/xml
+    post_build:
+    - |
+      # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line
+      if [ "$READTHEDOCS_VERSION" = "development" ]; then
+        "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml
+      fi
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  builder: dirhtml
+  configuration: docs/conf.py
+
+# Optionally declare the Python requirements required to build your docs
+python:
+  install:
+  - requirements: docs/requirements.txt

.travis.yml

@@ -1,68 +1,24 @@
 # Declare python as our language. This way we get our chosen Python version,
 # and pip is available. Gcc and clang are available anyway.
+dist: jammy
+os: linux
 language: python
-python: 3.5
-sudo: false
-cache: ccache
-
-jobs:
-  include:
-    - name: basic checks and reference configurations
-      addons:
-        apt:
-          packages:
-          - gnutls-bin
-          - doxygen
-          - graphviz
-          - gcc-arm-none-eabi
-          - libnewlib-arm-none-eabi
-          - gcc-arm-linux-gnueabi
-          - libc6-dev-armel-cross
-      script:
-        - tests/scripts/all.sh -k 'check_*'
-        - tests/scripts/all.sh -k test_default_out_of_box
-        - tests/scripts/all.sh -k test_ref_configs
-        - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
+python: 3.10
 
-    - name: full configuration
-      script:
-        - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+cache: ccache
 
-    - name: Windows
-      os: windows
-      # The language 'python' is currently unsupported on the
-      # Windows Build Environment. And 'generic' causes the job to get stuck
-      # on "Booting virtual machine".
-      language: c
-      before_install:
-        - choco install python --version=3.5.4
-      env:
-        # Add the directory where the Choco packages go
-        - PATH=/c/Python35:/c/Python35/Scripts:$PATH
-        - PYTHON=python.exe
-      script:
-        - type perl; perl --version
-        - type python; python --version
-        - scripts/make_generated_files.bat
-        # Logs appear out of sequence on Windows. Give time to catch up.
-        - sleep 5
-        - scripts/windows_msbuild.bat v141 # Visual Studio 2017
+branches:
+  only:
+    coverity_scan
 
-after_failure:
-- tests/scripts/travis-log-failure.sh
+install:
+  - $PYTHON scripts/min_requirements.py
 
 env:
   global:
     - SEED=1
-    - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
-
-install:
-  - $PYTHON scripts/min_requirements.py
-
+    - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
 addons:
-  apt:
-    packages:
-    - gnutls-bin
   coverity_scan:
     project:
       name: "ARMmbed/mbedtls"