Update mbedtls to 3.6.2

os-d · jyao1 · commit ca4854be3325 · 2024-11-22T18:06:04.000+08:00
Mbed TLS 3.6.2 is the latest release in the long-term support 3.6.x series. It brings in some critical security fixes and is the recommended release of Mbed TLS from that community. One of the fixes updates the certifi version referenced by Mbed TLS to one that fixes this CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-37920. CVE scanning tools pick up the version of certifi in Mbed TLS 3.6.0 and report libspdm in violation. Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
diff --git a/README.md b/README.md
@@ -167,7 +167,7 @@ For other architectures, refer to [build](https://github.com/DMTF/libspdm/blob/m
 
 ### Cryptography Library
 
-1) [Mbed TLS](https://tls.mbed.org) as cryptography library. Version 3.6.0.
+1) [Mbed TLS](https://tls.mbed.org) as cryptography library. Version 3.6.2.
 
 2) [OpenSSL](https://www.openssl.org) as cryptography library. Version 3.0.9.
 
diff --git a/os_stub/mbedtlslib/include/mbedtls/libspdm_mbedtls_config.h b/os_stub/mbedtlslib/include/mbedtls/libspdm_mbedtls_config.h
@@ -3473,7 +3473,7 @@
  *
  * This module adds support for SHA3.
  */
-/* #define MBEDTLS_SHA3_C */
+#define MBEDTLS_SHA3_C
 
 /**
  * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
diff --git a/os_stub/mbedtlslib/mbedtls b/os_stub/mbedtlslib/mbedtls
@@ -1 +1 @@
-Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206
+Subproject commit 107ea89daaefb9867ea9121002fbbdf926780e98
diff --git a/os_stub/mbedtlslib/version.txt b/os_stub/mbedtlslib/version.txt
@@ -1 +1 @@
-3.6.0
+3.6.2

Original file line number	Diff line number	Diff line change
`@@ -3473,7 +3473,7 @@`
`3473`	`3473`	`*`
`3474`	`3474`	`* This module adds support for SHA3.`
`3475`	`3475`	`*/`
`3476`		`-/* #define MBEDTLS_SHA3_C */`
	`3476`	`+#define MBEDTLS_SHA3_C`
`3477`	`3477`
`3478`	`3478`	`/**`
`3479`	`3479`	`* \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT`