Lines Matching refs:padding

405    * mbedtls_pem_read_buffer() now performs a check on the padding data of
408      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
640      that the output after decryption may include CBC padding. Consider moving
644    * Improve padding calculations in CBC decryption, NIST key unwrapping and
647      time code, which could allow a padding oracle attack if the attacker
768      this call accidentally applied a default padding mode chosen at compile
859      to read non-public fields for padding mode and hash id from
3004      either used both encrypt and decrypt key schedules, or which perform padding.
3200      decryption that could lead to a Bleichenbacher-style padding oracle
3502    * Fix decryption for zero length messages (which contain all padding) when a
3956      MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding.
3957      Note, this padding mode is not used by the TLS protocol. Found and fixed by
4314    * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
5000    * Very large records using more than 224 bytes of padding were incorrectly
5002    * Very large records using less padding could cause a buffer overread of up
5044    * Fix false reject in padding check in ssl_decrypt_buf() for CBC
5290    * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
5291      (ISO/IEC 7816-4) padding and zero padding in the cipher layer
5587    * Removed timing differences due to bad padding from
5594    * Debug messages about padding errors during SSL message decryption are
5602      ssl_decrypt_buf() due to badly formatted padding
5745    * Debug messages about padding errors during SSL message decryption are
5751    * Removed timing differences due to bad padding from
6190       Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
6268     * Fixed a bug in ssl_encrypt_buf (incorrect padding was