diff --git a/.gitmodules b/.gitmodules index 7279d3f35f2..dc534708b49 100644 --- a/.gitmodules +++ b/.gitmodules @@ -26,7 +26,7 @@ [submodule "mbedtls"] path = libraries/3rdparty/mbedtls url = https://github.com/ARMmbed/mbedtls.git - branch = mbedtls-2.16.6 + branch = mbedtls-2.16.7 [submodule "libraries/abstractions/pkcs11/psa"] path = libraries/abstractions/pkcs11/psa url = https://github.com/Linaro/freertos-pkcs11-psa.git diff --git a/README.md b/README.md index a0e420197da..04e68156cbb 100644 --- a/README.md +++ b/README.md @@ -87,3 +87,6 @@ The following MCU boards are supported for FreeRTOS: ## amazon-freeRTOS/projects The ```./projects``` folder contains the IDE test and demo projects for each vendor and their boards. The majority of boards can be built with both IDE and cmake (there are some exceptions!). Please refer to the Getting Started Guides above for board specific instructions. + +## Mbed TLS License +This repository uses Mbed TLS under Apache 2.0 diff --git a/libraries/3rdparty/mbedtls b/libraries/3rdparty/mbedtls index 2a1d9332d55..abc460236f1 160000 --- a/libraries/3rdparty/mbedtls +++ b/libraries/3rdparty/mbedtls @@ -1 +1 @@ -Subproject commit 2a1d9332d55d1270084232e42df08fdb08129f1b +Subproject commit abc460236f17be148036e2c7e07e6a05f938b656 diff --git a/libraries/3rdparty/mbedtls_config/aws_mbedtls_config.h b/libraries/3rdparty/mbedtls_config/aws_mbedtls_config.h index 6e2788604f5..d798c5a17ab 100644 --- a/libraries/3rdparty/mbedtls_config/aws_mbedtls_config.h +++ b/libraries/3rdparty/mbedtls_config/aws_mbedtls_config.h @@ -9,7 +9,13 @@ */ /* * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,6 +29,27 @@ * See the License for the specific language governing permissions and * limitations under the License. * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + * * This file is part of mbed TLS (https://tls.mbed.org) */ @@ -770,6 +797,28 @@ */ #define MBEDTLS_ECP_NIST_OPTIM +/** + * \def MBEDTLS_ECP_NO_INTERNAL_RNG + * + * When this option is disabled, mbedtls_ecp_mul() will make use of an + * internal RNG when called with a NULL \c f_rng argument, in order to protect + * against some side-channel attacks. + * + * This protection introduces a dependency of the ECP module on one of the + * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very + * constrained applications that don't require this protection (for example, + * because you're only doing signature verification, so not manipulating any + * secret, or because local/physical side-channel attacks are outside your + * threat model), it might be desirable to get rid of that dependency. + * + * \warning Enabling this option makes some uses of ECP vulnerable to some + * side-channel attacks. Only enable it if you know that's not a problem for + * your use case. + * + * Uncomment this macro to disable some counter-measures in ECP. + */ +//#define MBEDTLS_ECP_NO_INTERNAL_RNG + /** * \def MBEDTLS_ECP_RESTARTABLE *