Lines Matching refs:in
7 with RFC-5116 and could lead to session key recovery in very long TLS
8 sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
11 * Fixed potential stack corruption in mbedtls_x509write_crt_der() and
13 without checking whether there is enough space in the destination. The
21 * Added a script to print build environment info for diagnostic use in test
28 * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users
36 * Fix dependency issue in Makefile to allow parallel builds.
37 * Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
45 * Fix conditional statement that would cause a 1 byte overread in
52 * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
58 * Fix potential byte overread when verifying malformed SERVER_HELLO in
60 * Fix check for validity of date when parsing in mbedtls_x509_get_time().
78 naming collision in projects which also have files with the common name
87 * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
89 * Fix potential integer overflow to buffer overflow in
91 (not triggerable remotely in (D)TLS).
92 * Fix a potential integer underflow to buffer overread in
93 mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
101 * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
102 arguments where the same (in-place doubling). Found and fixed by Janos
105 in the previous patch release. Found by Robert Scheck. #390 #391
106 * Fix issue in Makefile that prevented building using armar. #386
108 ECDSA was disabled in config.h . The leak didn't occur by default.
111 in the trusted certificate list.
112 * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
113 buffer after DER certificates to be included in the raw representation.
115 * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
119 * Fix issue in ssl_fork_server which was preventing it from functioning. #429
120 * Fix memory leaks in test framework
121 * Fix test in ssl-opt.sh that does not run properly with valgrind
128 * Disabled SSLv3 in the default configuration.
139 remotely in SSL/TLS. Found by Rafał Przywara. #367
140 * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
146 * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
147 * Fix bug in certificate validation that caused valid chains to be rejected
149 Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280
150 * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by
154 datagram if a single record in a datagram is unexpected, instead only
155 drop the record and look at subsequent records (if any are present) in
167 * Fix potential buffer overflow in some asn1_write_xxx() functions.
176 * Experimental support for EC J-PAKE as defined in Thread 1.0.0.
183 resulting in some valid X.509 being incorrectly rejected. Found and fix
195 * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
197 * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314
198 * Fix bug in ASN.1 encoding of booleans that caused generated CA
213 once in the same handhake and mbedtls_ssl_conf_psk() was used.
216 * Fix stack buffer overflow in pkcs12 decryption (used by
219 * Fix potential buffer overflow in mbedtls_mpi_read_string().
220 Found by Guido Vranken, Intelworks. Not exploitable remotely in the context
221 of TLS, but might be in other uses. On 32 bit machines, requires reading a
224 * Fix potential random memory allocation in mbedtls_pem_read_buffer()
226 Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
228 * Fix possible heap buffer overflow in base64_encoded() when the input
230 Intelworks. Not trigerrable remotely in TLS.
234 * Fix potential heap buffer overflow in servers that perform client
240 * Fix compile error in net.c with musl libc. Found and patch provided by
245 * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
247 * Fixed paths for check_config.h in example config files. (Found by bachp)
263 * Fix off-by-one error in parsing Supported Point Format extension that
267 * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow
271 (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie
284 * Fix segfault in the benchmark program when benchmarking DHM.
289 * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
291 * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be
294 * Fix bug in Makefile that caused programs not to be installed correctly
296 * Fix bug in Makefile that prevented from installing without building the
302 * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
304 * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
313 * Fix memory corruption in pkey programs (found by yankuncheng) (#210)
339 * Expanded configurability of security parameters in the SSL module with
350 provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt
355 * Headers are now found in the 'mbedtls' directory (previously 'polarssl').
373 * The following functions have been introduced and must be used in callback
382 * On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in
393 * The following functions changed prototype to avoid an in-out length
411 * Test certificates in certs.c are no longer guaranteed to be nul-terminated
421 (support for renegotiation now needs explicit enabling in config.h).
423 in config.h
451 * md_init_ctx() is deprecated in favour of md_setup(), that adds a third
455 * Renamed a few headers to include _internal in the name. Those headers are
460 * Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
467 * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
472 * Support for RSA_ALT contexts in the PK layer is now optional. Since is is
473 enabled in the default configuration, this is only noticeable if using a
526 * Add support for bit strings in X.509 names (request by Fredrik Axelsson).
527 * Add support for id-at-uniqueIdentifier in X.509 names.
528 * Add support for overriding snprintf() (except on Windows) and exit() in
530 * Add an option to use macros instead of function pointers in the platform
548 * Fix bug in entropy.c when THREADING_C is also enabled that caused
552 * Fix bug in ssl_mail_client when password is longer that username (found
554 * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
562 ssl_write() is called before the handshake is finished (introduced in
564 * Fix bug in pk_parse_key() that caused some valid private EC keys to be
566 * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
567 * Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
568 * Fix hardclock() (only used in the benchmarking program) with some
570 * Fix warnings from mingw64 in timing.c (found by kxjklele).
571 * Fix potential unintended sign extension in asn1_get_len() on 64-bit
573 * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
575 POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
576 in 1.3.10).
577 * Add missing extern "C" guard in aesni.h (reported by amir zamani).
578 * Add missing dependency on SHA-256 in some x509 programs (reported by
584 * Remove bias in mpi_gen_prime (contributed by Pascal Junod).
594 performance impact was bad for some users (this was introduced in 1.3.10).
595 * Move from SHA-1 to SHA-256 in example programs using signatures
599 * Change #include lines in test files to use double quotes instead of angle
601 * Remove dependency on sscanf() in X.509 parsing modules.
605 * NULL pointer dereference in the buffer-based allocator when the buffer is
619 Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
647 * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
649 * Fix potential undefined behaviour in Camellia.
650 * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
652 * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
665 * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
666 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
669 * Forbid repeated extensions in X.509 certificates.
670 * debug_print_buf() now prints a text view in addition to hexadecimal.
671 * A specific error is now returned when there are ciphersuites in common
678 * Use platform.h in all test suites and programs.
682 * Lowest common hash was selected from signature_algorithms extension in
683 TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
692 * Support escaping of commas in x509_string_to_names()
693 * Fix compile error in ssl_pthread_server (found by Julian Ospald).
695 * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
697 * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
704 * ssl_close_notify() could send more than one message in some circumstances
708 * Fix compile error with armcc in mpi_is_prime()
709 * Fix potential bad read in parsing ServerHello (found by Adrien
717 * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
721 * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
723 * Accept spaces at end of line or end of buffer in base64_decode().
736 * Support for parsing and verifying RSASSA-PSS signatures in the X.509
738 * Blowfish in the cipher layer now supports variable length keys.
740 * Optimize for RAM usage in example config.h for NSA Suite B profile.
749 * Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
754 * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
760 * Fix in debug_print_msg()
761 * Enforce alignment in the buffer allocator even if buffer is not aligned
770 * Very small records were incorrectly rejected when truncated HMAC was in
771 use with some ciphersuites and versions (RC4 in all versions, CBC with
778 been removed in 1.3.6.)
780 CA for use as an end entity certificate. (This had been removed in
785 * Fix off-by-one error in parsing Supported Point Format extension that
791 * Fix base64_decode() to return and check length correctly (in case of
805 checked and filled in the relevant module headers
812 * Only iterate over actual certificates in ssl_write_certificate_request()
814 * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan
817 * Fix false reject in padding check in ssl_decrypt_buf() for CBC
819 * Improve interoperability by not writing extension length in ClientHello /
825 * Fix dependencies issues in X.509 test suite.
827 * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
846 * Reject certificates with times not in UTC, per RFC 5280.
849 * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
852 This affects certificates in the user-supplied chain except the top
855 * Prevent potential NULL pointer dereference in ssl_read_record() (found by
861 * Potential memory leak in mpi_exp_mod() when error occurs during
863 * Fixed malloc/free default #define in platform.c (found by Gergely Budai).
866 * Fix #include path in ecdsa.h which wasn't accepted by some compilers.
875 * Potential buffer overwrite in pem_write_buffer() because of low length
877 * EC curves constants, which should be only in ROM since 1.3.3, were also
878 stored in RAM due to missing 'const's (found by Gergely Budai).
890 * Support for reading EC keys that use SpecifiedECDomain in some cases.
918 * Fixed bug in RSA PKCS#1 v1.5 "reversed" operations
920 * Fixed version-major intolerance in server
922 * Fixed dependency issues in test suite
928 * Fixed bug with session tickets and non-blocking I/O in the unlikely case
934 * ssl_init() was leaving a dirty pointer in ssl_context if malloc of
936 * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc
938 * Fix typo in rsa_copy() that impacted PKCS#1 v2 contexts
949 * Potential memory leak in bignum_selftest()
954 * Assembly format fixes in bn_mul.h
962 * EC key generation support in gen_key app
967 * Support for IPv6 in the NET module
976 * More constant-time checks in the RSA module
978 * Curves are now stored fully in ROM
979 * Memory usage optimizations in ECP module
983 * Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int
988 * Potential memory leak in ssl_ticket_keys_init()
989 * Memory leak in benchmark application
991 * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by
993 * Fixed potential overflow in certificate size verification in
1007 * Padding checks in cipher layer are now constant-time
1008 * Value comparisons in SSL layer are now constant-time
1009 * Support for serialNumber, postalAddress and postalCode in X509 names
1013 * More stringent checks in cipher layer
1040 * Possible naming collision in dhm_context
1064 (ISO/IEC 7816-4) padding and zero padding in the cipher layer
1071 * Support for multiple active certificate / key pairs in SSL servers for
1098 * Fixed parse error in ssl_parse_certificate_request()
1100 * Support for AIX header locations in net.c module
1111 * Fix potential invalid memory read in the server, that allows a client to
1113 * Fix potential invalid memory read in certificate parsing, that allows a
1120 * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
1121 * Fix hardclock() (only used in the benchmarking program) with some
1123 * Fix warnings from mingw64 in timing.c (found by kxjklele).
1124 * Fix potential unintended sign extension in asn1_get_len() on 64-bit
1129 this will be made in the 1.2 branch at this point.
1145 * Fix potential undefined behaviour in Camellia.
1146 * Fix memory leaks in PKCS#5 and PKCS#12.
1149 * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
1150 in 1.2.12).
1151 * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
1165 * Forbid repeated extensions in X.509 certificates.
1176 * Fix potential bad read in parsing ServerHello (found by Adrien
1178 * ssl_close_notify() could send more than one message in some circumstances
1182 * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
1193 * Accept spaces at end of line or end of buffer in base64_decode().
1206 * Reject certificates with times not in UTC, per RFC 5280.
1216 * Prevent potential NULL pointer dereference in ssl_read_record() (found by
1227 * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by
1229 * Fixed potential overflow in certificate size verification in
1231 * Fix ASM format in bn_mul.h
1232 * Potential memory leak in bignum_selftest()
1235 * Fix bug in RSA PKCS#1 v1.5 "reversed" operations
1237 * Fixed version-major intolerance in server
1241 * ssl_init() was leaving a dirty pointer in ssl_context if malloc of
1243 * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc
1247 * Potential memory leak in mpi_exp_mod() when error occurs during
1249 * Improve interoperability by not writing extension length in ClientHello
1255 * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
1262 * Fix base64_decode() to return and check length correctly (in case of
1270 * Fixed memory leak in RSA as a result of introduction of blinding
1285 * Fixed potential negative value misinterpretation in load_file()
1293 * Centralized module option values in config.h to allow user-defined
1302 symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
1308 * Secure renegotiation extension should only be sent in case client
1310 * Fixed offset for cert_type list in ssl_parse_certificate_request()
1318 * Fixed values for 2-key Triple DES in cipher layer
1339 * Fixed memory leak in ssl_free() and ssl_reset() for active session
1358 * Removed further timing differences during SSL message decryption in
1374 * Removed timing differences during SSL message decryption in
1385 * Handle future version properly in ssl_write_certificate_request()
1386 * Correctly handle CertificateRequest message in client for <= TLS 1.1
1401 * Fixed dependency on POLARSSL_SHA4_C in SSL modules
1411 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
1413 * Fixed possible segfault in mpi_shift_r() (found by Manuel
1433 * Added support for Hardware Acceleration hooking in SSL/TLS
1460 in SSL/TLS
1466 * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
1468 * Fixed potential heap corruption in x509_name allocation
1493 * Potential negative value misinterpretation in load_file()
1505 * Fixed values for 2-key Triple DES in cipher layer
1522 * Removed timing differences during SSL message decryption in
1538 * Fixed possible segfault in mpi_shift_r() (found by Manuel
1540 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
1555 * Fixed potential heap corruption in x509_name allocation
1564 * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
1575 * Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
1579 * Fixed bug in CTR_CRBG selftest
1597 * Documentation for AES and Camellia in modes CTR and CFB128 clarified.
1605 * Changed the defined key-length of DES ciphers in cipher.h to include the
1606 parity bits, to prevent mistakes in copying data. (Closes ticket #33)
1615 a consequence in library code and programs
1630 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
1634 * Improved build support for s390x and sparc64 in bignum.h
1635 * Fixed MS Visual C++ name clash with int64 in sha4.h
1636 * Corrected removal of leading "00:" in printing serial numbers in
1649 * Undid faulty bug fix in ssl_write() when flushing old data (Ticket
1669 t_int and t_dbl to t_uint and t_udbl in the process
1698 does not zeroize memory in advance anymore. Use rsa_init()
1705 * Fixed bug in ssl_write() when flushing old data (Fixed ticket
1736 * Fixed a possible Man-in-the-Middle attack on the
1750 * Improvements to support integration in other
1762 * x509parse_time_expired() checks time in addition to
1780 * Removed dependency on rand() in rsa_pkcs1_encrypt().
1784 * Some SSL defines were renamed in order to avoid
1791 * Fixed deadlock in rsa_pkcs1_encrypt() on failing random
1796 * Fixed Makefile in library that was mistakenly merged
1803 * Added support for GeneralizedTime in X509 parsing
1811 in a function to allow easy future expansion
1819 * Fixed bug resulting in failure to send the last
1820 certificate in the chain in ssl_write_certificate() and
1824 * Fixed algorithmic bug in mpi_is_prime() (found by
1835 * Changed typo in #ifdef in x509parse.c (found
1850 * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
1862 * Prevented use of long long in bignum if
1865 * Fixed incorrect handling of negative strings in
1867 * Fixed segfault on handling empty rsa_context in
1871 value in mpi_add_abs() (found by code coverage tests).
1873 value in mpi_sub_abs() (found by code coverage tests).
1875 value in mpi_mod_mpi() and mpi_mod_int(). Resulting
1884 SHA-512 in rsa_pkcs1_sign()
1887 * Fixed a bug in mpi_gcd() so that it also works when both
1895 * Fixed minor memory leak in x509parse_crt() and added better
1902 * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
1904 * Fixed an off-by-one buffer allocation in ssl_set_hostname()
1918 * Fixed dangerous bug that can cause a heap overflow in
1927 * Enabled support for large files by default in aescrypt2.c
1929 * Fixed a bug in ssl_write() that caused the same payload to
1930 be sent twice in non-blocking mode when send returns EAGAIN
1932 not be swapped in the SSLv2 ClientHello (found by Greg Robson)
1938 * Correctly handle the case in padlock_xcryptcbc() when input or
1941 * Fixed a memory leak in x509parse_crt() which was reported by Greg
1955 serial number, setup correct server port in the ssl client example
1965 * Updated rsa_gen_key() so that ctx->N is always nbits in size
1978 * Added lots of debugging output in the SSL/TLS functions
1987 * Fixed a bug in mpi_read_binary() on 64-bit platforms
1989 * Fixed a long standing memory leak in mpi_is_prime()
1990 * Replaced realloc with malloc in mpi_grow(), and set
1991 the sign of zero as positive in mpi_init() (reported
1997 * Fixed a bug in ssl_tls.c which sometimes prevented SSL
1999 * Fixed a couple bugs in the VS6 and UNIX Makefiles
2000 * Fixed the "PIC register ebx clobbered in asm" bug
2007 * Rewrote README.txt in program/ssl/ca to better explain
2012 * Ciphers used in SSL/TLS can now be disabled at compile
2021 * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock
2041 * Fixed a bug in ssl_encrypt_buf (incorrect padding was
2042 generated) and in ssl_parse_client_hello (max. client
2044 * Fixed another bug in ssl_parse_client_hello: clients with
2046 * Fixed a couple memory leak in x509_read.c
2053 * Fixed a bug in the CBC code, thanks to dowst; also,
2064 * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
2065 * Fixed a bug reported by Adrian Rüegsegger in x509_read_key
2066 * Fixed a bug reported by Torsten Lauter in ssl_read_record
2067 * Fixed a bug in rsa_check_privkey that would wrongly cause
2069 * Fixed a bug in mpi_is_prime that caused some primes to fail