commit 485c5ac261abc9ecce9427f16a6a23580bbc989d
author David Vincze <david.vincze@arm.com> Fri Mar 21 11:14:56 2025 +0000
committer Anton Komlev <Anton.Komlev@arm.com> Tue Mar 25 12:21:23 2025 +0100
tree 3046a04aec0d7a9b5713ebb029faa69ef34c68ec
parent ca7756d53a1bf10f55d78a89eb18d0c21f854850

Crypto: Update to Mbed TLS 3.6.3

- Bump Mbed TLS version to 3.6.3,
- Re-align mbedtls/psa interface headers,
- Rebase patch files and fix 0005.

Change-Id: I7a21c95f64d9d7e82b1167dd5fdc7b196b049808
Signed-off-by: David Vincze <david.vincze@arm.com>

interface/include/mbedtls/gcm.h

diff --git a/interface/include/mbedtls/gcm.h b/interface/include/mbedtls/gcm.h
index 98faa43..390ed4c 100644
--- a/interface/include/mbedtls/gcm.h
+++ b/interface/include/mbedtls/gcm.h
@@ -115,10 +115,9 @@
 /**
  * \brief           This function performs GCM encryption or decryption of a buffer.
  *
- * \note            For encryption, the output buffer can be the same as the
- *                  input buffer. For decryption, the output buffer cannot be
- *                  the same as input buffer. If the buffers overlap, the output
- *                  buffer must trail at least 8 Bytes behind the input buffer.
+ * \note            The output buffer \p output can be the same as the input
+ *                  buffer \p input. If \p output is greater than \p input, they
+ *                  cannot overlap.
  *
  * \warning         When this function performs a decryption, it outputs the
  *                  authentication tag and does not verify that the data is
@@ -179,9 +178,11 @@
  * \brief           This function performs a GCM authenticated decryption of a
  *                  buffer.
  *
- * \note            For decryption, the output buffer cannot be the same as
- *                  input buffer. If the buffers overlap, the output buffer
- *                  must trail at least 8 Bytes behind the input buffer.
+ * \note            The output buffer \p output can be the same as the input
+ *                  buffer \p input. If \p output is greater than \p input, they
+ *                  cannot overlap. Implementations which require
+ *                  MBEDTLS_GCM_ALT to be enabled may not provide support for
+ *                  overlapping buffers.
  *
  * \param ctx       The GCM context. This must be initialized.
  * \param length    The length of the ciphertext to decrypt, which is also
@@ -287,9 +288,11 @@
  *                    to this function during an operation, then it is
  *                    correct to use \p output_size = \p input_length.
  *
- * \note            For decryption, the output buffer cannot be the same as
- *                  input buffer. If the buffers overlap, the output buffer
- *                  must trail at least 8 Bytes behind the input buffer.
+ * \note            The output buffer \p output can be the same as the input
+ *                  buffer \p input. If \p output is greater than \p input, they
+ *                  cannot overlap. Implementations which require
+ *                  MBEDTLS_GCM_ALT to be enabled may not provide support for
+ *                  overlapping buffers.
  *
  * \param ctx           The GCM context. This must be initialized.
  * \param input         The buffer holding the input data. If \p input_length