mbedtls: Update mbedTLS 2.16.2 #2
Conversation
ioannisg
force-pushed
the
mbedtls_2.16.2
branch
from
52dfced to
a4c2448
Compare
Bump mbedTLS version to 2.16.2. Origin: ARMmbed/mbedTLS License: Apache-2.0 URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2 commit: d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
ioannisg
force-pushed
the
mbedtls_2.16.2
branch
from
a4c2448 to
c7ce45f
Compare
@d3zd3z yes, this matches the upstream code. I did the following
One thing I had to do, also, was to maintain the modification we describe in README: |
|
@d3zd3z you can see the related Zephyr PR, with the updated mbedtls here: zephyrproject-rtos/zephyr#18172 |
There was a problem hiding this comment.
See Mbed-TLS/mbedtls#2392
And 3437a1b
The way you are fixing the uninitialized variable warning was not accepted, but a different proposal was chosen, which was then applied to Zephyr's mbedtls ahead of it being merged in the real mbedtls.
But for some reason that PR did not get enough attention to get merged upstream.
In this merge you seem to be reverting that local fix.
|
I'm going to try and pick that up. |
|
@pfalcon Thanks. Are you able to push to Andy's branch to take the PR from where he left it? |
I doubt that. If you have specific instructions how to achieve that, feel free to share. (It always amazed me that github allows in some cases to do that. That has questionable implications from security to copyright/impersonation.) |
This patch fixes an issue with an uninitialized variable in the x509 mbedtls feature. I sent a related patch to the mbedtls project so that this can be fixed in the future. Mbed-TLS/mbedtls#2392 Signed-off-by: Andy Gross <andy.gross@linaro.org>
ioannisg
force-pushed
the
mbedtls_2.16.2
branch
from
55ea7db to
044b383
Compare
|
@pfalcon @aescolar brought back the patch by @agross-oss (i.e. what was added on top of the 2.16.0 bump), instead of my fix. I'll run, now, a CI on zephyr using the current PR tip. |
| * \note With TLS, this currently only affects ApplicationData (sent | ||
| * with \c mbedtls_ssl_read()), not handshake messages. | ||
| * With DTLS, this affects both ApplicationData and handshake. | ||
| * \note On the client side, the maximum fragment length extension |
There was a problem hiding this comment.
@rlubos: Worth reading this change. I'm not sure if we use max fragment length ext anywhere, but if we do, looks like we'll need to call extra code now.
|
Ok, I tested new version using sockets/big_http_download sample with overlay-tls.conf (downloading https://www.7-zip.org:443/a/7z1805.exe). Everything's ok, downloaded 24MB in total (few repetitions). |
Ok, so revamped version of that patch was merged to both 2.16 and 2.18 mbedTLS branches: Mbed-TLS/mbedtls#2795, Mbed-TLS/mbedtls#2813, so we'll pick it up on next update. |
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com> Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Bump mbedTLS version to 2.16.2.
Origin: ARMmbed/mbedTLS
License: Apache-2.0
URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2
commit: d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb
Signed-off-by: Ioannis Glaropoulos Ioannis.Glaropoulos@nordicsemi.no