summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: upgrade 2.28.2 -> 2.28.3Yi Zhao2023-06-281-76/+0
| | | | | | | | | | | Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024. ChangeLog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mbedtls: add ptestYi Zhao2023-03-221-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Results: $ ptest-runner mbedtls START: ptest-runner 2023-03-20T08:11 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_aes.cbc PASS: test_suite_aes.cfb PASS: test_suite_aes.ecb PASS: test_suite_aes.ofb PASS: test_suite_aes.rest PASS: test_suite_aes.xts PASS: test_suite_arc4 PASS: test_suite_aria PASS: test_suite_asn1parse PASS: test_suite_asn1write PASS: test_suite_base64 PASS: test_suite_bignum.generated PASS: test_suite_bignum.misc PASS: test_suite_blowfish PASS: test_suite_camellia PASS: test_suite_ccm PASS: test_suite_chacha20 PASS: test_suite_chachapoly PASS: test_suite_cipher.aes PASS: test_suite_cipher.arc4 PASS: test_suite_cipher.aria PASS: test_suite_cipher.blowfish PASS: test_suite_cipher.camellia PASS: test_suite_cipher.ccm PASS: test_suite_cipher.chacha20 PASS: test_suite_cipher.chachapoly PASS: test_suite_cipher.des PASS: test_suite_cipher.gcm PASS: test_suite_cipher.misc PASS: test_suite_cipher.nist_kw PASS: test_suite_cipher.null PASS: test_suite_cipher.padding PASS: test_suite_cmac PASS: test_suite_constant_time PASS: test_suite_constant_time_hmac PASS: test_suite_ctr_drbg PASS: test_suite_debug PASS: test_suite_des PASS: test_suite_dhm PASS: test_suite_ecdh PASS: test_suite_ecdsa PASS: test_suite_ecjpake PASS: test_suite_ecp PASS: test_suite_entropy PASS: test_suite_error PASS: test_suite_gcm.aes128_de PASS: test_suite_gcm.aes128_en PASS: test_suite_gcm.aes192_de PASS: test_suite_gcm.aes192_en PASS: test_suite_gcm.aes256_de PASS: test_suite_gcm.aes256_en PASS: test_suite_gcm.camellia PASS: test_suite_gcm.misc PASS: test_suite_hkdf PASS: test_suite_hmac_drbg.misc PASS: test_suite_hmac_drbg.nopr PASS: test_suite_hmac_drbg.no_reseed PASS: test_suite_hmac_drbg.pr PASS: test_suite_md PASS: test_suite_mdx PASS: test_suite_memory_buffer_alloc PASS: test_suite_mps PASS: test_suite_net PASS: test_suite_nist_kw PASS: test_suite_oid PASS: test_suite_pem PASS: test_suite_pk PASS: test_suite_pkcs12 PASS: test_suite_pkcs1_v15 PASS: test_suite_pkcs1_v21 PASS: test_suite_pkcs5 PASS: test_suite_pkparse PASS: test_suite_pkwrite PASS: test_suite_poly1305 PASS: test_suite_psa_crypto PASS: test_suite_psa_crypto_attributes PASS: test_suite_psa_crypto_driver_wrappers PASS: test_suite_psa_crypto_entropy PASS: test_suite_psa_crypto_generate_key.generated PASS: test_suite_psa_crypto_hash PASS: test_suite_psa_crypto_init PASS: test_suite_psa_crypto_metadata PASS: test_suite_psa_crypto_not_supported.generated PASS: test_suite_psa_crypto_not_supported.misc PASS: test_suite_psa_crypto_op_fail.generated PASS: test_suite_psa_crypto_op_fail.misc PASS: test_suite_psa_crypto_persistent_key PASS: test_suite_psa_crypto_se_driver_hal PASS: test_suite_psa_crypto_se_driver_hal_mocks PASS: test_suite_psa_crypto_slot_management PASS: test_suite_psa_crypto_storage_format.current PASS: test_suite_psa_crypto_storage_format.misc PASS: test_suite_psa_crypto_storage_format.v0 PASS: test_suite_psa_its PASS: test_suite_random PASS: test_suite_rsa PASS: test_suite_shax PASS: test_suite_ssl PASS: test_suite_timing PASS: test_suite_version PASS: test_suite_x509parse PASS: test_suite_x509write PASS: test_suite_xtea DURATION: 83 END: /usr/lib/mbedtls/ptest 2023-03-20T08:13 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: set up /usr/bin/hello as alternativeDenys Dmytriyenko2023-02-261-1/+4
| | | | | | | | | As mbedtls installs this rather generically-named /usr/bin/hello binary, it conflicts with the one provided by lmbench, hence set it up as an alternative to avoid conflicts when both are installed to rootfs or SDK. Signed-off-by: Denys Dmytriyenko <denis@denix.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: export source files/headers needed by ATFBeniamin Sandu2023-01-271-0/+6
| | | | | | | | | | | | | | | | | | | Arm Trusted Firmware uses a list of mbedtls source files/headers to build a static library used for crypto functionality: https://github.com/ARM-software/arm-trusted-firmware/blob/master/drivers/auth/mbedtls/mbedtls_common.mk#L10 At the moment, any ATF version that wants to build with yocto and enable for example secure boot, needs to download and patch a version of mbedtls separately, e.g. : https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb#n10 This commit enables a simple way for ATF recipes to use the existing oe version of mbedtls by adding it as a dependency, and simply extending the build flags with: EXTRA_OEMAKE += 'MBEDTLS_DIR="${STAGING_DATADIR}/mbedtls-source"' Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393Stefan Ghinea2023-01-261-0/+57
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. References: https://nvd.nist.gov/vuln/detail/CVE-2022-46392 https://nvd.nist.gov/vuln/detail/CVE-2022-46393 Upstream patches: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>