linux/meta-openembedded.git/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb, branch master

mbedtls: upgrade 2.28.2 -> 2.28.3

2023-06-28T20:53:12+00:00

Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024. ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj

mbedtls: add ptest

2023-03-22T16:10:39+00:00

Results: $ ptest-runner mbedtls START: ptest-runner 2023-03-20T08:11 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_aes.cbc PASS: test_suite_aes.cfb PASS: test_suite_aes.ecb PASS: test_suite_aes.ofb PASS: test_suite_aes.rest PASS: test_suite_aes.xts PASS: test_suite_arc4 PASS: test_suite_aria PASS: test_suite_asn1parse PASS: test_suite_asn1write PASS: test_suite_base64 PASS: test_suite_bignum.generated PASS: test_suite_bignum.misc PASS: test_suite_blowfish PASS: test_suite_camellia PASS: test_suite_ccm PASS: test_suite_chacha20 PASS: test_suite_chachapoly PASS: test_suite_cipher.aes PASS: test_suite_cipher.arc4 PASS: test_suite_cipher.aria PASS: test_suite_cipher.blowfish PASS: test_suite_cipher.camellia PASS: test_suite_cipher.ccm PASS: test_suite_cipher.chacha20 PASS: test_suite_cipher.chachapoly PASS: test_suite_cipher.des PASS: test_suite_cipher.gcm PASS: test_suite_cipher.misc PASS: test_suite_cipher.nist_kw PASS: test_suite_cipher.null PASS: test_suite_cipher.padding PASS: test_suite_cmac PASS: test_suite_constant_time PASS: test_suite_constant_time_hmac PASS: test_suite_ctr_drbg PASS: test_suite_debug PASS: test_suite_des PASS: test_suite_dhm PASS: test_suite_ecdh PASS: test_suite_ecdsa PASS: test_suite_ecjpake PASS: test_suite_ecp PASS: test_suite_entropy PASS: test_suite_error PASS: test_suite_gcm.aes128_de PASS: test_suite_gcm.aes128_en PASS: test_suite_gcm.aes192_de PASS: test_suite_gcm.aes192_en PASS: test_suite_gcm.aes256_de PASS: test_suite_gcm.aes256_en PASS: test_suite_gcm.camellia PASS: test_suite_gcm.misc PASS: test_suite_hkdf PASS: test_suite_hmac_drbg.misc PASS: test_suite_hmac_drbg.nopr PASS: test_suite_hmac_drbg.no_reseed PASS: test_suite_hmac_drbg.pr PASS: test_suite_md PASS: test_suite_mdx PASS: test_suite_memory_buffer_alloc PASS: test_suite_mps PASS: test_suite_net PASS: test_suite_nist_kw PASS: test_suite_oid PASS: test_suite_pem PASS: test_suite_pk PASS: test_suite_pkcs12 PASS: test_suite_pkcs1_v15 PASS: test_suite_pkcs1_v21 PASS: test_suite_pkcs5 PASS: test_suite_pkparse PASS: test_suite_pkwrite PASS: test_suite_poly1305 PASS: test_suite_psa_crypto PASS: test_suite_psa_crypto_attributes PASS: test_suite_psa_crypto_driver_wrappers PASS: test_suite_psa_crypto_entropy PASS: test_suite_psa_crypto_generate_key.generated PASS: test_suite_psa_crypto_hash PASS: test_suite_psa_crypto_init PASS: test_suite_psa_crypto_metadata PASS: test_suite_psa_crypto_not_supported.generated PASS: test_suite_psa_crypto_not_supported.misc PASS: test_suite_psa_crypto_op_fail.generated PASS: test_suite_psa_crypto_op_fail.misc PASS: test_suite_psa_crypto_persistent_key PASS: test_suite_psa_crypto_se_driver_hal PASS: test_suite_psa_crypto_se_driver_hal_mocks PASS: test_suite_psa_crypto_slot_management PASS: test_suite_psa_crypto_storage_format.current PASS: test_suite_psa_crypto_storage_format.misc PASS: test_suite_psa_crypto_storage_format.v0 PASS: test_suite_psa_its PASS: test_suite_random PASS: test_suite_rsa PASS: test_suite_shax PASS: test_suite_ssl PASS: test_suite_timing PASS: test_suite_version PASS: test_suite_x509parse PASS: test_suite_x509write PASS: test_suite_xtea DURATION: 83 END: /usr/lib/mbedtls/ptest 2023-03-20T08:13 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj

mbedtls: set up /usr/bin/hello as alternative

2023-02-26T08:17:45+00:00

As mbedtls installs this rather generically-named /usr/bin/hello binary, it conflicts with the one provided by lmbench, hence set it up as an alternative to avoid conflicts when both are installed to rootfs or SDK. Signed-off-by: Denys Dmytriyenko Signed-off-by: Khem Raj

mbedtls: export source files/headers needed by ATF

2023-01-28T01:06:52+00:00

Arm Trusted Firmware uses a list of mbedtls source files/headers to build a static library used for crypto functionality: https://github.com/ARM-software/arm-trusted-firmware/blob/master/drivers/auth/mbedtls/mbedtls_common.mk#L10 At the moment, any ATF version that wants to build with yocto and enable for example secure boot, needs to download and patch a version of mbedtls separately, e.g. : https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb#n10 This commit enables a simple way for ATF recipes to use the existing oe version of mbedtls by adding it as a dependency, and simply extending the build flags with: EXTRA_OEMAKE += 'MBEDTLS_DIR="${STAGING_DATADIR}/mbedtls-source"' Signed-off-by: Beniamin Sandu Signed-off-by: Khem Raj

mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393

2023-01-26T21:16:34+00:00

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. References: https://nvd.nist.gov/vuln/detail/CVE-2022-46392 https://nvd.nist.gov/vuln/detail/CVE-2022-46393 Upstream patches: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 Signed-off-by: Stefan Ghinea Signed-off-by: Khem Raj