Skip to content
This repository has been archived by the owner on Oct 25, 2023. It is now read-only.

Commit

Permalink
Feature/update mbedtls (aws#2219)
Browse files Browse the repository at this point in the history
* Update Mbed TLS submodule pointer to v2.16.7
* Update aws_mbedtls_config.h for Mbed TLS v2.16.7
* Update README.md to include information on Mbed TLS
  • Loading branch information
yanjos-dev authored and VanNamDinh committed Jul 6, 2020
1 parent 8898049 commit 2dd732c
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
[submodule "mbedtls"]
path = libraries/3rdparty/mbedtls
url = https://github.com/ARMmbed/mbedtls.git
branch = mbedtls-2.16.6
branch = mbedtls-2.16.7
[submodule "libraries/abstractions/pkcs11/psa"]
path = libraries/abstractions/pkcs11/psa
url = https://github.com/Linaro/freertos-pkcs11-psa.git
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,6 @@ The following MCU boards are supported for FreeRTOS:

## amazon-freeRTOS/projects
The ```./projects``` folder contains the IDE test and demo projects for each vendor and their boards. The majority of boards can be built with both IDE and cmake (there are some exceptions!). Please refer to the Getting Started Guides above for board specific instructions.

## Mbed TLS License
This repository uses Mbed TLS under Apache 2.0
2 changes: 1 addition & 1 deletion libraries/3rdparty/mbedtls
51 changes: 50 additions & 1 deletion libraries/3rdparty/mbedtls_config/aws_mbedtls_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@
*/
/*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
* GNU General Public License v2.0 or later.
*
* **********
* Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
Expand All @@ -23,6 +29,27 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* **********
*
* **********
* GNU General Public License v2.0 or later:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/

Expand Down Expand Up @@ -770,6 +797,28 @@
*/
#define MBEDTLS_ECP_NIST_OPTIM

/**
* \def MBEDTLS_ECP_NO_INTERNAL_RNG
*
* When this option is disabled, mbedtls_ecp_mul() will make use of an
* internal RNG when called with a NULL \c f_rng argument, in order to protect
* against some side-channel attacks.
*
* This protection introduces a dependency of the ECP module on one of the
* DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very
* constrained applications that don't require this protection (for example,
* because you're only doing signature verification, so not manipulating any
* secret, or because local/physical side-channel attacks are outside your
* threat model), it might be desirable to get rid of that dependency.
*
* \warning Enabling this option makes some uses of ECP vulnerable to some
* side-channel attacks. Only enable it if you know that's not a problem for
* your use case.
*
* Uncomment this macro to disable some counter-measures in ECP.
*/
//#define MBEDTLS_ECP_NO_INTERNAL_RNG

/**
* \def MBEDTLS_ECP_RESTARTABLE
*
Expand Down

0 comments on commit 2dd732c

Please sign in to comment.