Lines Matching refs:to
7 with RFC-5116 and could lead to session key recovery in very long TLS
12 mbedtls_x509write_csr_der() when the signature is copied to the buffer
19 * Added hardware entropy selftest to verify that the hardware entropy source
21 * Added a script to print build environment info for diagnostic use in test
23 * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
29 to configure the minimum number of bytes for entropy sources using the
33 * Fix for platform time abstraction to avoid dependency issues where a build
35 configuration consistency checks to check_config.h
36 * Fix dependency issue in Makefile to allow parallel builds.
47 * Fixed pthread implementation to avoid unintended double initialisations
52 * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
70 missing self-tests to the test suites, to ensure self-tests are only
72 * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len().
77 * Renamed source file library/net.c to library/net_sockets.c to avoid
80 deprecated, and its contents moved to net_sockets.h.
81 * Changed the strategy for X.509 certificate parsing and validation, to no
89 * Fix potential integer overflow to buffer overflow in
92 * Fix a potential integer underflow to buffer overread in
104 * Fix potential build failures related to the 'apidoc' target, introduced
109 * Fix an issue that caused valid certificates to be rejected whenever an
113 buffer after DER certificates to be included in the raw representation.
117 * Fix issue that caused a crash if invalid curves were passed to
122 * Fix unchecked calls to mmbedtls_md_setup(). Fix by Brian Murray. #502
127 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
137 * Fix potential double free when mbedtls_asn1_store_named_data() fails to
140 * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
142 SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
147 * Fix bug in certificate validation that caused valid chains to be rejected
178 * Added a key extraction callback to accees the master secret and key
189 * Fixed a bug causing some handshakes to fail due to some non-fatal alerts
192 size/curve against the profile. Before that, there was no way to set a
195 * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
199 certificates to be rejected by some applications, including OS X
209 * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
222 string of close to or larger than 1GB to exploit; on 64 bit machines, would
223 require reading a string of close to or larger than 2^62 bytes.
236 unless you allow third parties to pick trust CAs for client auth.
245 * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
257 tries to continue the handshake after it failed (a misuse of the API).
264 caused some handshakes to fail.
267 * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow
274 MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new
281 * Primary open source license changed to Apache 2.0 license.
289 * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
291 * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be
294 * Fix bug in Makefile that caused programs not to be installed correctly
302 * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
305 result trying to unlock an unlocked mutex on invalid input (found by
317 * It is now possible to #include a user-provided configuration file at the
323 * Prepend a "thread identifier" to debug messages (issue pointed out by
325 * Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
332 * Ability to override core functions from MDx, SHAx, AES and DES modules
334 ability to override the whole module.
335 * New server-side implementation of session tickets that rotate keys to
346 You now need to link to all of them if you use TLS for example.
347 * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
348 Some names have been further changed to make them more consistent.
364 Note that for mbedtls_ssl_setup(), you need to be done setting up the
368 ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()
370 changed from ssl_context to ssl_config.
383 place of mbedtls_ssl_conf_session_tickets() to enable session tickets.
391 mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated)
392 mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated)
393 * The following functions changed prototype to avoid an in-out length
400 changed type to "mbedtls_net_context *".
408 mbedtls_x509write_crt_set_key_usage() changed from int to unsigned.
409 * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
411 * Test certificates in certs.c are no longer guaranteed to be nul-terminated
415 length parameter to include the terminating null byte for PEM input.
416 * Signature of mpi_mul_mpi() changed to make the last argument unsigned
419 (Thanks to Mansour Moufid for helping with the replacement.)
420 * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION
424 * net_connect() and net_bind() have a new 'proto' argument to choose
426 Their 'port' argument type is changed to a string.
440 * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3).
444 been removed (compiler is required to support 32-bit operations).
455 * Renamed a few headers to include _internal in the name. Those headers are
456 not supposed to be included by users.
460 * Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
461 * x509_crt.key_usage changed from unsigned char to unsigned int.
475 * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
489 * Compiler is required to support C99 types such as long long and uint32_t.
502 * With UDP sockets, it is no longer necessary to call net_bind() again
508 * Reduced ROM fooprint of SHA-256 and added an option to reduce it even
514 * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
523 * Add x509_crt_verify_info() to display certificate verification results.
530 * Add an option to use macros instead of function pointers in the platform
533 cross-compilation easier (thanks to Alon Bar-Lev).
540 * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
542 * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
547 * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
549 entropy_free() to crash (thanks to Rafał Przywara).
564 * Fix bug in pk_parse_key() that caused some valid private EC keys to be
580 * Fix bug related to ssl_set_curves(): the client didn't check that the
595 * Move from SHA-1 to SHA-256 in example programs using signatures
599 * Change #include lines in test files to use double quotes instead of angle
618 * Fix timing difference that could theoretically lead to a
626 * Add function pk_check_pair() to test if public and private keys match.
628 * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
636 * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
654 * Fix assembly selection for MIPS64 (thanks to James Cowgill).
656 to a failed verification (found by Fredrik Axelsson).
665 * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
666 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
670 * debug_print_buf() now prints a text view in addition to hexadecimal.
672 but none of them is usable due to external factors such as no certificate
674 * It is now possible to disable negotiation of truncated HMAC server-side
714 standard defining how to use SHA-2 with SSL 3.0).
716 ambiguous on how to encode some packets with SSL 3.0).
721 * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
730 It was possible to crash the server (and client) using crafted messages
734 * Add CCM module and cipher mode to Cipher Layer
741 * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
745 * Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
746 ciphersuites to use and save some memory if the list is small.
751 * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
763 * Stricter check on SSL ClientHello internal sizes compared to actual packet
776 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
777 * Restore ability to use a v1 cert as a CA if trusted locally. (This had
779 * Restore ability to locally trust a self-signed cert that is not a proper
786 caused some handshakes to fail.
788 exchange that caused some handshakes to fail with other implementations.
791 * Fix base64_decode() to return and check length correctly (in case of
793 * Fix mpi_write_string() to write "00" as hex output for empty MPI (found
798 * debug_set_log_mode() added to determine raw or full logging
799 * debug_set_threshold() added to ignore messages over threshold level
800 * version_check_feature() added to check for compile-time options at
821 * rsa_check_pubkey() now allows an E up to N
822 * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
835 * Add option 'use_dev_random' to gen_key application
845 * Use UTC time to check certificate validity.
870 * oid_get_numeric_string() used to truncate the output without returning an
878 stored in RAM due to missing 'const's (found by Gergely Budai).
883 * Option to set the Curve preference order (disabled by default)
885 * Ability to provide alternate timing implementation
886 * Ability to force the entropy module to use SHA-256 as its basis
897 * Improvements to the CMake build system, contributed by Julian Ospald.
900 * Revamped the compat.sh interoperatibility script to include support for
903 * Improvements to tests/Makefile, contributed by Oden Eriksson.
906 * Forbid change of server certificate during renegotiation to prevent
916 * ecp_gen_keypair() does more tries to prevent failure because of
939 * x509_get_current_time() uses localtime_r() to prevent thread issues
963 * Support for adhering to client ciphersuite order preference
1002 * PK tests added to test framework
1015 * Prevent possible alignment warnings on casting from char * to 'aligned *'
1016 * Misc fixes and additions to dependency checks
1020 * Defines to handle UEFI environment under MSVC
1053 * Ability to specify allowed ciphersuites based on the protocol version.
1072 the same host (Not to be confused with SNI!)
1075 * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
1079 * Internals for SSL module adapted to have separate IV pointer that is
1081 * Moved all OID functionality to a separate module. RSA function
1086 * Ability to disable server_name extension (RFC 6066)
1087 * Renamed error_strerror() to the less conflicting polarssl_strerror()
1088 (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
1089 * SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
1104 * RSA blinding on CRT operations to counter timing attacks
1111 * Fix potential invalid memory read in the server, that allows a client to
1114 client to crash the server remotely if client authentication is enabled
1128 Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
1153 * Fix assembly selection for MIPS64 (thanks to James Cowgill).
1155 to a failed verification (found by Fredrik Axelsson).
1166 * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
1201 * Improvements to the CMake build system, contributed by Julian Ospald.
1204 * Improvements to tests/Makefile, contributed by Oden Eriksson.
1205 * Use UTC time to check certificate validity.
1207 * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
1211 * Forbid change of server certificate during renegotiation to prevent
1219 It was possible to crash the server (and client) using crafted messages
1245 * x509_get_current_time() uses localtime_r() to prevent thread issues
1251 * rsa_check_pubkey() now allows an E up to N
1252 * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
1256 * Stricter check on SSL ClientHello internal sizes compared to actual packet
1262 * Fix base64_decode() to return and check length correctly (in case of
1267 * Changed RSA blinding to a slower but thread-safe version
1279 * Fixed potential memory leak when failing to resume a session
1286 * RSA blinding on CRT operations to counter timing attacks
1293 * Centralized module option values in config.h to allow user-defined
1301 * Added mechanism to provide alternative implementations for all
1317 * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
1322 * A possible DoS during the SSL Handshake, due to faulty parsing of
1327 * Ability to specify allowed ciphersuites based on the protocol version.
1331 * Test suites made smaller to accommodate Raspberry Pi
1335 * GCM adapted to support sizes > 2^29
1340 * Corrected GCM counter incrementation to use only 32-bits instead of
1348 rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
1360 * Removed timing differences due to bad padding from
1366 * Allow enabling of dummy error_strerror() to support some use-cases
1375 ssl_decrypt_buf() due to badly formatted padding
1379 * More advanced SSL ciphersuite representation and moved to more dynamic
1381 * Added ssl_handshake_step() to allow single stepping the handshake process
1395 * Added p_hw_data to ssl_context for context specific hardware acceleration
1411 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
1431 * Added GCM suites to TLS 1.2 (RFC 5288)
1445 * Added option to add minimum accepted SSL/TLS protocol version
1452 * Moved out_msg to out_hdr + 32 to support hardware acceleration
1453 * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
1454 to not match CN if subjectAltName extension is present (Closes ticket #56)
1455 * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
1456 POLARSSL_MODE_CFB, to also handle different block size CFB modes.
1462 * Moved from unsigned long to fixed width uint32_t types throughout code
1463 * Renamed ciphersuites naming scheme to IANA reserved names
1476 * mpi_add_abs() now correctly handles adding short numbers to long numbers
1487 * Fixed potential memory leak when failing to resume a session
1509 * A possible DoS during the SSL Handshake, due to faulty parsing of
1517 * Allow enabling of dummy error_strerror() to support some use-cases
1524 * Removed timing differences due to bad padding from
1532 * mpi_add_abs() now correctly handles adding short numbers to long numbers
1540 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
1560 * Fixed random MPI generation to not generate more size than requested.
1570 * Fixed generation of DHM parameters to correct length (found by Ruslan
1583 * Added ssl_session_reset() to allow better multi-connection pools of
1584 SSL contexts without needing to set all non-connection-specific
1585 data and pointers again. Adapted ssl_server to use this functionality.
1586 * Added ssl_set_max_version() to allow clients to offer a lower maximum
1587 supported version to a server to help buggy server implementations.
1598 * Fixed rsa_encrypt and rsa_decrypt examples to use public key for
1600 * Inceased maximum size of ASN1 length reads to 32-bits.
1601 * Added an EXPLICIT tag number parameter to x509_get_ext()
1605 * Changed the defined key-length of DES ciphers in cipher.h to include the
1606 parity bits, to prevent mistakes in copying data. (Closes ticket #33)
1607 * Loads of minimal changes to better support WINCE as a build target
1608 (Credits go to Marco Lizza)
1609 * Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
1613 * Changed the used random function pointer to more flexible format. Renamed
1614 havege_rand() to havege_random() to prevent mistakes. Lots of changes as
1616 * Moved all examples programs to use the new entropy and CTR_DRBG
1617 * Added permissive certificate parsing to x509parse_crt() and
1628 * Allowed X509 key usage parsing to accept 4 byte values instead of the
1654 * Added additional Cipher Block Modes to symmetric ciphers
1655 (AES CTR, Camellia CTR, XTEA CBC) including the option to
1659 * A error_strerror function() has been added to translate between
1669 t_int and t_dbl to t_uint and t_udbl in the process
1715 * Added crl_app program to allow easy reading and
1719 * Parsing of PEM files moved to separate module (Fixes
1720 ticket #13). Also possible to remove PEM support for
1732 to negotiate anonymous connection (Fixes ticket #12,
1737 Diffie Hellman key exchange (thanks to Larry Highsmith,
1745 * Improved X509 certificate parsing to include extended
1750 * Improvements to support integration in other
1756 verification to allow external blacklisting
1757 + Additional example programs to show usage
1762 * x509parse_time_expired() checks time in addition to
1765 of ssl_session have been renamed to ciphersuites and
1781 Now using random fuction provided to function and
1784 * Some SSL defines were renamed in order to avoid
1801 * Added option parsing for host and port selection to
1804 * Added cert_app program to allow easy reading and
1811 in a function to allow easy future expansion
1812 * Changed symmetric cipher functions to
1814 * Changed ARC4 to use separate input/output buffer
1819 * Fixed bug resulting in failure to send the last
1840 * Added CMake makefiles as alternative to regular Makefiles.
1849 * RSA_RAW renamed to SIG_RSA_RAW for consistency.
1852 to indicate invalid key lengths.
1888 input numbers are even and added testcases to check
1907 * Added support for CRL revocation to x509parse_verify() and
1913 * Migrated XySSL to PolarSSL
1929 * Fixed a bug in ssl_write() that caused the same payload to
1939 ouput data is non-aligned by falling back to the software
1942 Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
1944 * Fixed x509_get_ext() to accept some rare certificates which have
1950 * Added an option to enable/disable the BN assembly code
1951 * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1)
1953 selftest and benchmark to not test ciphers that have been disabled
1954 * Updated x509parse_cert_info() to correctly display byte 0 of the
1957 peer may cause xyssl to loop indefinitely by sending a certificate
1961 * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin)
1962 * Modified ssl_parse_client_key_exchange() to protect against
1966 * Fixed assembly PPC compilation errors on Mac OS X, thanks to
1971 * Modified the HMAC functions to handle keys larger
1972 than 64 bytes, thanks to Stephane Desneux and gary ng
1973 * Fixed ssl_read_record() to properly update the handshake
1976 * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan
1983 * Updated the RSA PKCS#1 code to allow choosing between
1985 * Updated ssl_read() to skip 0-length records from OpenSSL
1986 * Fixed the make install target to comply with *BSD make
1988 * mpi_is_prime() speedups, thanks to Kevin McLaughlin
2003 * Fixed the net_set_*block routines, thanks to Andreas
2007 * Rewrote README.txt in program/ssl/ca to better explain
2008 how to create a test PKI
2013 time, to reduce the memory footprint on embedded systems
2015 havege_struct for this processor, thanks to David Patiño
2017 thanks to Peking University and the OSU Open Source Lab
2030 (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris
2033 size of 16384 bytes to be rejected
2039 * Various improvement to the modular exponentiation code
2040 * Rewrote the headers to generate the API docs with doxygen
2043 version was not properly set), thanks to Didier Rebeix
2051 * Multiple fixes to enhance the compatibility with g++,
2052 thanks to Xosé Antón Otero Ferreira
2053 * Fixed a bug in the CBC code, thanks to dowst; also,
2055 * Updated rsa_pkcs1_sign to handle arbitrary large inputs
2057 and 486 processors, thanks to Arnaud Cornet
2061 * Updated timing.c to support ARM and MIPS arch
2062 * Updated the MPI code to support 8086 on MSVC 1.5
2064 * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
2068 valid RSA keys to be dismissed (thanks to oldwolf)
2069 * Fixed a bug in mpi_is_prime that caused some primes to fail
2072 I'd also like to thank Younès Hafri for the CRUX linux port,