Commit Graph

27 Commits

Author SHA1 Message Date
Gilles Peskine
0ca801af76
Merge pull request #732 from gabor-mezei-arm/689_bp216_zeroising_of_plaintext_buffers
[Backport 2.16] Zeroising of plaintext buffers in mbedtls_ssl_read()
2020-08-12 18:51:44 +02:00
gabor-mezei-arm
b394b43cf8 Add missing newline
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-07-31 16:00:06 +02:00
gabor-mezei-arm
3eaa10389d Zeroising of plaintext buffers to erase unused application data from memory
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-07-31 15:57:26 +02:00
Manuel Pégourié-Gonnard
8be9d3b833 Add ChangeLog entry for base blinding protection
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-24 11:55:29 +02:00
Janos Follath
49e6caf12e Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-26 11:33:34 +01:00
Manuel Pégourié-Gonnard
3a1944a187
Merge pull request #704 from mpg/l13-hw-starts-finish-2.16-restricted
[backport 2.16] Use starts/finish around Lucky 13 dummy compressions
2020-06-23 10:43:30 +02:00
Manuel Pégourié-Gonnard
2df5857dbe Remove SHA-1 as a fallback option
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-18 12:17:59 +02:00
Manuel Pégourié-Gonnard
20cd85c6e1 Use starts/finish around Lucky 13 dummy compressions
Fixes #3246

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-18 11:40:43 +02:00
Manuel Pégourié-Gonnard
2d91c30f4c Update dependencies documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-17 12:26:54 +02:00
Manuel Pégourié-Gonnard
84fd657240 Add Security ChangeLog entry for lack of blinding
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 10:52:36 +02:00
Manuel Pégourié-Gonnard
23983f30de Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-16 10:51:42 +02:00
Hanno Becker
f8f61aad0f Uniformize bounds checks using new macro
This commit uses the previously defined macro to uniformize
bounds checks in several places. It also adds bounds checks to
the ClientHello writing function that were previously missing.
Also, the functions adding extensions to the ClientHello message
can now fail if the buffer is too small or a different error
condition occurs, and moreover they take an additional buffer
end parameter to free them from the assumption that one is
writing to the default output buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-11 14:21:24 +02:00
Janos Follath
001eb3cec4
Merge pull request #3411 from gilles-peskine-arm/montmul-cmp-branch-2.16
Backport 2.16: Remove a secret-dependent branch in Montgomery multiplication
2020-06-09 12:40:30 +01:00
Gilles Peskine
5f5695077d Add changelog entry: fix #3394
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-09 11:31:30 +02:00
Manuel Pégourié-Gonnard
62b293df5b
Merge pull request #3352 from gilles-peskine-arm/fix-ecp-mul-memory-leak-2.16
Backport 2.16: Fix potential memory leak in EC multiplication
2020-06-05 11:44:02 +02:00
Jonas
7c0f1c3067 Add Changelog entry for #3318
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-06-04 13:38:32 +02:00
Manuel Pégourié-Gonnard
2d727dfe64
Merge pull request #3372 from gilles-peskine-arm/check-files-changelog-2.16
Backport 2.16: Check changelog entries on CI
2020-06-02 09:38:44 +02:00
Gilles Peskine
934080e731 Fix an LTS version number in a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:32:43 +02:00
Gilles Peskine
cd29f862f6 Normalize line endings
Convert all text files to Unix line endings unless they're Windows
stuff.

Make sure that all text files have a trailing newline.

Remove whitespace at the end of lines.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 18:31:24 +02:00
Gilles Peskine
2dfc9fe293 Fix #3328
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-28 11:59:59 +02:00
Gilles Peskine
8b34fef0a8
Merge pull request #2710 from k-stachowiak/unified-exit-in-examples-2.16
Backport 2.16: Unify the example programs' termination
2020-05-12 10:46:36 +02:00
Gilles Peskine
543e6c5a7e Add changelog entry file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 22:17:08 +02:00
Gilles Peskine
4796c19516
Merge pull request #3283 from gilles-peskine-arm/changelog-20200421-2.16
2.16 only: Add missing changelog entry for PRs since 2.16.6
2020-04-28 13:10:40 +02:00
Manuel Pégourié-Gonnard
899f63805a
Merge pull request #3205 from irwir/fix_vcxproj-2.16
[backport 2.16] Finalize fixing bugs in .vcxproj files
2020-04-28 13:03:30 +02:00
Gilles Peskine
08fc4aaec0 Add changelog entry for #3197: x509_crt max_pathlen int overflow fix
Backport of #3192

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-28 12:13:10 +02:00
Gilles Peskine
cff94e33b0 Copy the changelog entry assembling script from development
This commit is the combined cherry-pick of the following commits:
dba4de0a12
b695d5e30a
7c3f7cdeae
4d977a4f40
e248e83f9f
eebf24f7a8
6e97c43959
c68c7c8864
ac0f0860f1
42f384c186
98a53aa399
13dc634282
7fa3eb7d44
28af958ea4
8f46bbf46f
27a1facd48
afc9db8bb7
a26079613a
da14e8225e
37d670a1e1
974349d40e
d8b6c77388
2b242495e1
6e91009cfe
566407d6f6
8c4a84c5de
5e39c9e94f
974232f045
40b3f411ec

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-21 18:34:06 +02:00
irwir
3d9b798f60 [backport 2.16] Finalize fixing bugs in .vcxproj files
This is the 2.16 backport of #2853

Signed-off-by: irwir <irwir@users.noreply.github.com>
2020-04-19 17:09:42 +03:00