Open
Conversation
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
8 times, most recently
from
e7efa71 to
264f581
Compare
|
I have read the CLA Document and I hereby sign the CLA You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
3 times, most recently
from
38419f3 to
491cbc8
Compare
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
from
491cbc8 to
45fa513
Compare
Signed-off-by: seanjin99 <[email protected]>
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
from
e8d8d01 to
e11b55a
Compare
…lidation in ta.c Signed-off-by: seanjin99 <[email protected]>
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
from
7be405b to
12eb685
Compare
…lienttest target Signed-off-by: seanjin99 <[email protected]>
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
from
fee51d5 to
119d4e2
Compare
Owner
Author
|
I have read the CLA Document and I hereby sign the CLA |
Owner
Author
|
I have read the CLA Document and I hereby sign the CLA |
Signed-off-by: seanjin99 <[email protected]>
Signed-off-by: seanjin99 <[email protected]>
Signed-off-by: seanjin99 <[email protected]>
- Add check_c_compiler_flag() for analyzer warning suppressions - Suppress test output with CMAKE_REQUIRED_QUIET - Apply clang-tidy flags only on GitHub Actions CI - Fixes macOS build while preserving CI analyzer functionality - Code cleanup: refactor digest.c, restore cmac_context do-while pattern - Remove dead code: MBEDTLS_ALLOW_PRIVATE_ACCESS, empty if statements
Analyzer flags only work when --analyze is enabled, so checking them
without analyzer active gives false results. Use ENV{CI} consistently
to apply flags only on GitHub Actions where analyzer is enabled.
GitHub Actions uses clang-tidy, not the Clang Static Analyzer. The -Wno-analyzer-* flags don't exist in clang-tidy and cause build failures. Removed all analyzer-specific warning suppressions from external libraries.
- Fixed root key initialization race conditions in otp.c * Added thread-safe initialization using C11 once_flag and call_once * Replaced unprotected static variables with call_once pattern * Added init_root_key() and init_common_root_key() initialization functions * Added failure tracking for proper error handling - Removed unnecessary mutex from rand_bytes() in rand.c * mbedTLS already provides thread-safety via MBEDTLS_THREADING_C * Eliminates lock contention with 255+ concurrent threads Test Results: - SaCryptoCipherMultipleThread.processMultipleThread now passes 10/10 runs - Previously failed consistently due to HMAC signature mismatches - Performance: 248-419ms with 255 concurrent threads
- Fixed session double-check locking race in client_session() - Removed unprotected read of session variable before mutex - All session checks now properly protected by mutex - Prevents race where one thread reads while another writes - Applied mbedTLS 3.6.2 CTR counter performance optimization - Backported optimized counter increment (32-bit word operations) - Added ctr.h header with mbedtls_ctr_increment_counter() - Modified patch_mbedtls.cmake to apply optimization during build - Fixed unused variable warning in aes.c Verified with ThreadSanitizer: 0 races detected Multi-threaded tests (255 threads): All passed
seanjin99
force-pushed
the
mbedTLS2.6.10
branch
from
cb2aec7 to
72cd458
Compare
…-sample, entropy, double-free fixes - Header rename: pkcs8.h/test_helpers.h -> *_mbedtls.h/*_openssl.h to avoid shadowing - CMake: FetchContent offline mode, -march=native switch, pthread/GTest/OpenSSL fixes - CENC: sa_subsample_length_s struct size fix (1031 tests), offset propagation (multi-sample) - EC ElGamal: parameter struct conversion for ARM32 size_t vs uint64_t (70 tests) - symmetric: CTR cipher reinit from key length instead of stale context - typej: double-free fix (NULL after free on error path) - hardware_rng: /dev/hwrng -> /dev/urandom fallback with read validation - random(): chunked CTR-DRBG generation for >1024 byte requests - object_store tests: proper cleanup to eliminate leak warnings - sa_ta_types.h: _Static_assert for sa_subsample_length_s == 16 bytes - Compiler warning fixes for ARM32 cross-compilation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
mbedTLS implementation