Update mbedtls to version 3.6.4

vendor/mbedtls/.gitattributes

@@ -0,0 +1,2 @@
+# Classify all '.function' files as C for syntax highlighting purposes
+*.function linguist-language=C

vendor/mbedtls/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: To report a bug, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Summary
+
+
+
+### System information
+
+Mbed TLS version (number or commit id): 
+Operating system and version: 
+Configuration (if not default, please attach `mbedtls_config.h`): 
+Compiler and options (if you used a pre-built binary, please indicate how you obtained it): 
+Additional environment information: 
+
+### Expected behavior
+
+
+
+### Actual behavior
+
+
+
+### Steps to reproduce
+
+
+
+### Additional information
+

vendor/mbedtls/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+    - name: Mbed TLS security team
+      url: mailto:mbed-tls-security@lists.trustedfirmware.org
+      about: Report a security vulnerability.
+    - name: Mbed TLS mailing list
+      url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org
+      about: Mbed TLS community support and general discussion.

vendor/mbedtls/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Enhancement request
+about: To request an enhancement, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Suggested enhancement
+
+
+
+### Justification
+
+Mbed TLS needs this because 
+

vendor/mbedtls/.github/pull_request_template.md

@@ -0,0 +1,28 @@
+## Description
+
+Please write a few sentences describing the overall goals of the pull request's commits.
+
+
+
+## PR checklist
+
+Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
+
+- [ ] **changelog** provided, or not required
+- [ ] **3.6 backport** done, or not required
+- [ ] **2.28 backport** done, or not required
+- [ ] **tests** provided, or not required
+
+
+
+## Notes for the submitter
+
+Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the
+checklist for PR contributors.
+
+Help make review efficient:
+* Multiple simple commits
+  - please structure your PR into a series of small commits, each of which does one thing
+* Avoid force-push
+  - please do not force-push to update your PR - just add new commit(s)
+* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process.

vendor/mbedtls/.gitignore

@@ -0,0 +1,76 @@
+# Random seed file created by test scripts and sample programs
+seedfile
+# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
+00000000ffffff52.psa_its
+# Log files created by all.sh to reduce the logs in case a component runs
+# successfully
+quiet-make.*
+
+# CMake build artifacts:
+CMakeCache.txt
+CMakeFiles
+CTestTestfile.cmake
+cmake_install.cmake
+Testing
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+# MSVC files generated by CMake:
+/*.sln
+/*.vcxproj
+/*.filters
+
+# Test coverage build artifacts:
+Coverage
+*.gcno
+*.gcda
+coverage-summary.txt
+
+# generated by scripts/memory.sh
+massif-*
+
+# Eclipse project files
+.cproject
+.project
+/.settings
+
+# Unix-like build artifacts:
+*.o
+*.s
+
+# MSVC build artifacts:
+*.exe
+*.pdb
+*.ilk
+*.lib
+
+# Python build artifacts:
+*.pyc
+
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+
+# Microsoft CMake extension for Visual Studio Code generates a build directory by default
+/build/
+
+# Generated documentation:
+/apidoc
+
+# PSA Crypto compliance test repo, cloned by test_psa_compliance.py
+/psa-arch-tests
+
+# Editor navigation files:
+/GPATH
+/GRTAGS
+/GSYMS
+/GTAGS
+/TAGS
+/cscope*.out
+/tags
+
+# clangd compilation database
+compile_commands.json
+# clangd index files
+/.cache/clangd/index/
+
+# VScode folder to store local debug files and configurations
+.vscode

vendor/mbedtls/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "framework"]
+	path = framework
+	url = https://github.com/Mbed-TLS/mbedtls-framework

vendor/mbedtls/.globalrc

@@ -0,0 +1,3 @@
+default:\
+    :langmap=c\:.c.h.function:\
+

vendor/mbedtls/.mypy.ini

@@ -0,0 +1,4 @@
+[mypy]
+mypy_path = framework/scripts:scripts
+namespace_packages = True
+warn_unused_configs = True

vendor/mbedtls/.pylintrc

@@ -0,0 +1,91 @@
+[MASTER]
+init-hook='import sys; sys.path.append("scripts"); sys.path.append("framework/scripts")'
+min-similarity-lines=10
+
+[BASIC]
+# We're ok with short funtion argument names.
+# [invalid-name]
+argument-rgx=[a-z_][a-z0-9_]*$
+
+# Allow filter and map.
+# [bad-builtin]
+bad-functions=input
+
+# We prefer docstrings, but we don't require them on all functions.
+# Require them only on long functions (for some value of long).
+# [missing-docstring]
+docstring-min-length=10
+
+# No upper limit on method names. Pylint <2.1.0 has an upper limit of 30.
+# [invalid-name]
+method-rgx=[a-z_][a-z0-9_]{2,}$
+
+# Allow module names containing a dash (but no underscore or uppercase letter).
+# They are whole programs, not meant to be included by another module.
+# [invalid-name]
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$
+
+# Some functions don't need docstrings.
+# [missing-docstring]
+no-docstring-rgx=(run_)?main$
+
+# We're ok with short local or global variable names.
+# [invalid-name]
+variable-rgx=[a-z_][a-z0-9_]*$
+
+[DESIGN]
+# Allow more than the default 7 attributes.
+# [too-many-instance-attributes]
+max-attributes=15
+
+[FORMAT]
+# Allow longer modules than the default recommended maximum.
+# [too-many-lines]
+max-module-lines=2000
+
+[MESSAGES CONTROL]
+# * locally-disabled, locally-enabled: If we disable or enable a message
+#   locally, it's by design. There's no need to clutter the Pylint output
+#   with this information.
+# * logging-format-interpolation: Pylint warns about things like
+#   ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
+#   This is of minor utility (mainly a performance gain when there are
+#   many messages that use formatting and are below the log level).
+#   Some versions of Pylint (including 1.8, which is the version on
+#   Ubuntu 18.04) only recognize old-style format strings using '%',
+#   and complain about something like ``log.info('{}', foo)`` with
+#   logging-too-many-args (Pylint supports new-style formatting if
+#   declared globally with logging_format_style under [LOGGING] but
+#   this requires Pylint >=2.2).
+# * no-else-return: Allow the perfectly reasonable idiom
+#    if condition1:
+#        return value1
+#    else:
+#        return value2
+# * unnecessary-pass: If we take the trouble of adding a line with "pass",
+#   it's because we think the code is clearer that way.
+disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
+
+[REPORTS]
+# Don't diplay statistics. Just the facts.
+reports=no
+
+[STRING]
+# Complain about
+# ```
+# list_of_strings = [
+#    'foo' # <-- missing comma
+#    'bar',
+#    'corge',
+# ]
+# ```
+check-str-concat-over-line-jumps=yes
+
+[VARIABLES]
+# Allow unused variables if their name starts with an underscore.
+# [unused-argument]
+dummy-variables-rgx=_.*
+
+[SIMILARITIES]
+# Ignore imports when computing similarities.
+ignore-imports=yes

vendor/mbedtls/.readthedocs.yaml

@@ -0,0 +1,37 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Include the framework submodule in the build
+submodules:
+  include:
+  - framework
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
+  jobs:
+    pre_build:
+    - ./framework/scripts/apidoc_full.sh
+    - breathe-apidoc -o docs/api apidoc/xml
+    post_build:
+    - |
+      # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line
+      if [ "$READTHEDOCS_VERSION" = "development" ]; then
+        "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml
+      fi
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  builder: dirhtml
+  configuration: docs/conf.py
+
+# Optionally declare the Python requirements required to build your docs
+python:
+  install:
+  - requirements: docs/requirements.txt

vendor/mbedtls/.travis.yml

@@ -0,0 +1,28 @@
+# Declare python as our language. This way we get our chosen Python version,
+# and pip is available. Gcc and clang are available anyway.
+dist: jammy
+os: linux
+language: python
+python: 3.10
+
+cache: ccache
+
+branches:
+  only:
+    coverity_scan
+
+install:
+  - $PYTHON scripts/min_requirements.py
+
+env:
+  global:
+    - SEED=1
+    - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
+addons:
+  coverity_scan:
+    project:
+      name: "ARMmbed/mbedtls"
+    notification_email: support-mbedtls@arm.com
+    build_command_prepend:
+    build_command: make
+    branch_pattern: coverity_scan