commit | 118fd33a37478562d83f3d0da8ae41ece2fa369f | [log] [tgz] |
---|---|---|
author | Ryan Everett <ryan.everett@arm.com> | Mon Dec 09 16:00:38 2024 +0000 |
committer | Ryan Everett <ryan.everett@arm.com> | Mon Dec 09 16:00:38 2024 +0000 |
tree | 8d3f06381ec755084675263298d4ce6477b183c8 | |
parent | 6d6948f5b8ed04b644743cf91c9b04af5f543482 [diff] |
feat(mbedtls): mbedtls config update for v3.6.2 This new update to the LTS branch of MbedTLS provides the fix for a buffer underrun vulnerability. TF-A does not use the previously vulnerable functions `mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`. Full patch notes to this MbedTLS update can be found at https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2. We now enforce the mbedtls version to be greater than or equal to 3.6.2 in our default configs. Change-Id: I79027f6c741ab3f419f7b555321507e6a78b977b Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/include/drivers/auth/mbedtls/default_mbedtls_config.h b/include/drivers/auth/mbedtls/default_mbedtls_config.h index 6ed9397..12a5fe1 100644 --- a/include/drivers/auth/mbedtls/default_mbedtls_config.h +++ b/include/drivers/auth/mbedtls/default_mbedtls_config.h
@@ -11,6 +11,11 @@ */ /* + * This file is compatible with versions >= 3.6.2 + */ +#define MBEDTLS_CONFIG_VERSION 0x03060200 + +/* * Key algorithms currently supported on mbed TLS libraries */ #define TF_MBEDTLS_RSA 1