From 1c5c88389a5933027e4d57d6871e3ac0eeb06afb Mon Sep 17 00:00:00 2001
From: Mark Jonas <toertel@gmail.com>
Date: Thu, 10 Feb 2022 19:44:56 +0100
Subject: mbedtls: Upgrade to 2.28.0

Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.

https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 ...001-ssl_tls-Increase-size-of-padbuf-to-64.patch | 34 ----------------
 .../recipes-connectivity/mbedtls/mbedtls_2.26.0.bb | 45 ----------------------
 .../recipes-connectivity/mbedtls/mbedtls_2.28.0.bb | 44 +++++++++++++++++++++
 3 files changed, 44 insertions(+), 79 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-ssl_tls-Increase-size-of-padbuf-to-64.patch
 delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_2.26.0.bb
 create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb

(limited to 'meta-networking')

diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-ssl_tls-Increase-size-of-padbuf-to-64.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-ssl_tls-Increase-size-of-padbuf-to-64.patch
deleted file mode 100644
index f3ba04f51f..0000000000
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-ssl_tls-Increase-size-of-padbuf-to-64.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From c3d7321d59e959b357a7d3d69782d9105f3d04aa Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 1 Mar 2021 21:04:57 -0800
-Subject: [PATCH] ssl_tls: Increase size of padbuf to 64
-
-This fixes warnings with gcc11
-
-git/library/ssl_tls.c: In function 'ssl_calc_finished_tls_sha384':
-git/library/ssl_tls.c:3267:5: error: 'mbedtls_sha512_finish_ret' accessing 64 bytes in a region of size 48 [-Werror=stringop-overflow=]
- 3267 |     finish( &sha512, padbuf );
-      |     ^~~~~~~~~~~~~~~~~~~~~~~~~
-git/library/ssl_tls.c:3267:5: note: referencing argument 2 of type 'unsigned char *'
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- library/ssl_tls.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/library/ssl_tls.c b/library/ssl_tls.c
-index a1a5859f0..4c98a4104 100644
---- a/library/ssl_tls.c
-+++ b/library/ssl_tls.c
-@@ -3205,7 +3205,7 @@ static void ssl_calc_finished_tls_sha384(
- {
-     int len = 12;
-     const char *sender;
--    unsigned char padbuf[48];
-+    unsigned char padbuf[64];
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
-     size_t hash_size;
-     psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
--- 
-2.30.1
-
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.26.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.26.0.bb
deleted file mode 100644
index b62ed04ce6..0000000000
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.26.0.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-SUMMARY = "Lightweight crypto and SSL/TLS library"
-DESCRIPTION = "mbedtls is a lean open source crypto library          \
-for providing SSL and TLS support in your programs. It offers        \
-an intuitive API and documented header files, so you can actually    \
-understand what the code does. It features:                          \
-                                                                     \
- - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
-   Camellia and XTEA                                                 \
- - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
- - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
- - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
-   ECDSA and ECDH                                                    \
- - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
- - Abstraction layers for ciphers, hashes, public key operations,    \
-   platform abstraction and threading                                \
-"
-
-HOMEPAGE = "https://tls.mbed.org/"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SECTION = "libs"
-
-S = "${WORKDIR}/git"
-SRCREV = "e483a77c85e1f9c1dd2eb1c5a8f552d2617fe400"
-SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development"
-SRC_URI += "file://0001-ssl_tls-Increase-size-of-padbuf-to-64.patch"
-
-inherit cmake
-
-PACKAGECONFIG ??= "shared-libs programs"
-PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
-PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
-PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
-
-EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
-
-PROVIDES += "polarssl"
-RPROVIDES:${PN} = "polarssl"
-
-PACKAGES =+ "${PN}-programs"
-FILES:${PN}-programs = "${bindir}/"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb
new file mode 100644
index 0000000000..d4a9c7bf8d
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb
@@ -0,0 +1,44 @@
+SUMMARY = "Lightweight crypto and SSL/TLS library"
+DESCRIPTION = "mbedtls is a lean open source crypto library          \
+for providing SSL and TLS support in your programs. It offers        \
+an intuitive API and documented header files, so you can actually    \
+understand what the code does. It features:                          \
+                                                                     \
+ - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
+   Camellia and XTEA                                                 \
+ - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
+ - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
+ - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
+   ECDSA and ECDH                                                    \
+ - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
+ - Abstraction layers for ciphers, hashes, public key operations,    \
+   platform abstraction and threading                                \
+"
+
+HOMEPAGE = "https://tls.mbed.org/"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SECTION = "libs"
+
+S = "${WORKDIR}/git"
+SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0"
+SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
+
+inherit cmake
+
+PACKAGECONFIG ??= "shared-libs programs"
+PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
+PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
+PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
+
+EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
+
+PROVIDES += "polarssl"
+RPROVIDES:${PN} = "polarssl"
+
+PACKAGES =+ "${PN}-programs"
+FILES:${PN}-programs = "${bindir}/"
+
+BBCLASSEXTEND = "native nativesdk"
-- 
cgit v1.2.3-54-g00ecf