Lines Matching full:with
41 * Added an example program showing how to hash with the PSA API.
44 * AES-NI is now supported in Windows builds with clang and clang-cl.
51 (the cipher and PSA interfaces). This option is incompatible with modes
52 that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
74 and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
93 with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
109 key pair with a custom public exponent.
121 called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
126 with the same content as a PSA key.
160 when an SSL context is reset with the mbedtls_ssl_session_reset() API.
172 was able to successfully establish a TLS 1.2 connection with the server.
177 * Fix the build with CMake when Everest or P256-m is enabled through
189 * Fix parsing of CSRs with critical extensions.
192 tickets compared to peer using a millisecond clock (observed with GnuTLS).
199 (psa_asymmetric_[en|de]crypt) with opaque keys.
201 * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
223 * Fix the restoration of the ALPN when loading serialized connection with
247 to select only some of the parameters / groups, with the macros
297 Starting with this release, it is necessary to declare which curves are
348 algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
363 * Add support for the FFDH algorithm and DH key types in PSA, with
367 * It is now possible to generate certificates with SubjectAltNames.
385 When compiling with gcc -Os on Aarch64, AES-XTS improves
415 mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
419 * Add a possibility to generate CSR's with RCF822 and directoryName subtype
430 new implementation with a much smaller footprint, but some minor
438 * In configurations with ARIA or Camellia but not AES, the value of
441 only used in relation with CMAC which does not support these ciphers.
450 RSA OAEP decryption. With the previous implementation, some compilers
469 In TLS 1.2, the affected configurations are those with
497 built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
506 * Fix crypt_and_hash decryption fail when used with a stream cipher
513 tfm_mbedcrypto_config_profile_medium.h with
519 * Fix CCM* with no tag being not supported in a build with CCM as the only
521 * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
523 with all TLS support disabled. Fixes #6628.
528 is called with zero length and padlock is not enabled.
530 with a very minimal configuration. Fixes #7625.
543 * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
546 * Fix undefined symbols in some builds using TLS 1.3 with a custom
553 * Fix the build with CMake when Everest or P256-m is enabled through
558 compiling with gcc, clang or armclang and -O0.
571 * When using CBC with the cipher module, the requirement to call
579 * Fix builds on Windows with clang
623 (MBEDTLS_ECP_PF_COMPRESSED) with mbedtls_ecp_point_read_binary()
624 (and callers) for Short Weierstrass curves with prime p where p = 3 mod 4
655 * Add support for AES with the Armv8-A Cryptographic Extension on
666 * AES-NI is now supported with Visual Studio.
668 is disabled, when compiling with GCC or Clang or a compatible compiler
670 gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like
672 * It is now possible to use a PSA-held (opaque) password with the TLS 1.2
682 * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit
688 (most notably builds with Visual Studio), leaving them vulnerable to
700 calculation on the client side. It prevents a server with more accurate
708 be toggled with config.py.
719 * Fix behavior of certain sample programs which could, when run with no
727 possible to verify RSA PSS signatures with the pk module, which was
732 * Reject OIDs with overlong-encoded subidentifiers when converting
734 * Reject OIDs with subidentifier values exceeding UINT_MAX. Such
739 descriptions, which started appearing with Clang 15. Fixes #6960.
749 * Fix a compilation error when PSA Crypto is built with support for
756 * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
768 signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to
771 visualc/VS2010 to visualc/VS2013 as we do not support building with versions
801 RFC 9146, which is not interoperable with the draft-05 version.
802 If you need to communicate with peers that use earlier versions of
804 to 1, but then you won't be able to communicate with peers that use the
806 If you need to interoperate with both classes of peers with the
811 * When building with PSA drivers using generate_driver_wrappers.py, or
825 * make: enable building unversioned shared library, with e.g.:
830 Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
832 * Some modules can now use PSA drivers for hashes, including with no
841 the entropy module. As a consequence, for now the only way to build with
886 MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
901 * Fix an issue where an adversary with access to precise enough information
912 * Fix an issue with in-tree CMake builds in releases with GEN_FILES
915 * Fix a long-standing build failure when building x86 PIC code with old
921 Fixes 'file not found with <angled> include' error
922 when building with Xcode.
927 * Fix an interoperability failure between an Mbed TLS client with both
932 * Fix a compilation error when using CMake with an IAR toolchain.
942 configurations with only one encryption type enabled in TLS 1.2.
944 with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
945 * Fix compilation errors when trying to build with
950 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
952 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
956 signature with an invalid public key, in some cases. Reported by
971 with A > 0 created an unintended representation of the value 0 which was
981 when both operands are 0 and the left operand is represented with 0 limbs.
1007 * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
1009 length with 12, but did not inform the caller about it. Fixes #4301.
1026 documented as such. Use opaque drivers with the interface enabled by
1030 TLS 1.3 handshake should now be configured with
1041 * Add an accessor function to get the configuration associated with
1049 Register callback with mbedtls_ssl_conf_cert_cb().
1051 mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
1069 * Introduce mbedtls_ssl_hs_cb_t typedef for use with
1082 file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
1094 negotiates TLS 1.3 or TLS 1.2 with TLS servers.
1095 * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
1110 * Opaque pre-shared keys for TLS, provisioned with
1116 * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259.
1126 * Fix potential memory leak inside mbedtls_ssl_cache_set() with
1133 MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
1137 * Fix a buffer overread in DTLS ClientHello parsing in servers with
1143 and possibly up to 571 bytes with a custom cookie check function.
1174 * The TLS 1.3 implementation is now compatible with the
1183 * Fix a race condition in out-of-source builds with CMake when generated data
1185 * Fix the library search path when building a shared library with CMake
1191 * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
1201 * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211.
1228 on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
1232 represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
1257 AEAD functions is not an AEAD algorithm. This aligns them with the
1261 * Assume source files are in UTF-8 when using MSVC with CMake.
1262 * Fix runtime library install location when building with CMake and MinGW.
1265 Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
1281 * You can configure groups for a TLS key exchange with the new function
1342 if the output buffer is in memory that is shared with an untrusted
1346 oracle vulnerability if the output buffer is in memory that is shared with
1349 mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
1366 for bignum multiplication that broke some bignum operations with
1371 functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
1373 This does not concern the implementation provided with Mbed TLS,
1374 where this function cannot fail, or full-module replacements with
1377 happen with an alternative implementation of the underlying hash module.
1400 all algorithms that can be used with psa_{sign,verify}_hash(), including
1402 * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
1406 * Fix an uninitialized variable warning in test_suite_ssl.function with GCC
1441 * Indicate in the error returned if the nonce length used with
1458 with a more complex CPU usually have an operating system interface that
1460 interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
1489 * Update AEAD output size macros to bring them in line with the PSA Crypto
1520 * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C.
1528 a key-value store with keys being session IDs and values
1542 * For multi-part AEAD operations with the cipher module, calling
1545 anything with the currently implemented AEADs, so in practice it was
1559 key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
1619 * The library now uses the %zu format specifier with the printf() family of
1636 certificates signed with SHA-1 due to the known attacks against SHA-1.
1678 * The RSA module no longer supports private-key operations with the public
1718 using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
1725 signature with a specific salt length. This function allows to validate
1764 * Fix an issue where an adversary with access to precise enough information
1769 * Fix an issue where an adversary with access to precise enough timing
1783 to create is not valid, bringing them in line with version 1.0.0 of the
1789 in line with version 1.0.0 of the specification. Fix #4162.
1796 mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
1802 set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
1809 * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
1812 * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
1827 (when the encrypt-then-MAC extension is not in use) with some ALT
1834 * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
1836 * Fix a resource leak in a test suite with an alternative AES
1846 signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
1848 * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
1849 A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
1850 could not be triggered by code that constructed A with one of the
1852 those always built an mpi object with at least one limb.
1857 * The PSA API no longer allows the creation or destruction of keys with a
1874 * Fix memsan build false positive in x509_crt.c with clang 11
1881 * When building the test suites with GNU make, invoke python3 or python, not
1887 MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
1892 mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
1897 zero digits when operating from values constructed with an mpi_read
1908 the config file in a way that's compatible with the config file format
1923 with version 1.0.0 of the specification.
1925 in bits rather than bytes, with an additional flag to indicate if the
1928 with version 1.0.0 of the specification.
1961 random generator with mbedtls_xxx functions. See the documentation of
1972 mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
1983 only called with |A| >= |B|. Reported by Guido Vranken in #4042.
1989 * Fix a stack buffer overflow with mbedtls_net_poll() and
1998 wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
2016 consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
2055 mbedtls_cipher_auth_decrypt_ext(). Please note that with AEAD ciphers,
2064 * In PSA, allow using a key declared with a base key agreement algorithm
2066 agreement algorithm in use matches the algorithm the key was declared with.
2079 the last major gap to compliance with the PSA Cryptography specification
2090 size of the output buffer when used with NIST_KW. As a result, code using
2091 those functions as documented with NIST_KW could have a buffer overwrite
2092 of up to 15 bytes, with consequences ranging up to arbitrary code
2137 psa_cipher_* functions compliant with the PSA Crypto API specification.
2140 only the curves that support ECDSA, filter the list with
2147 * Fix handling of EOF against 0xff bytes and on platforms with unsigned
2151 CCM, which allowed encryption with a non-standard length field.
2160 * Attempting to create a volatile key with a non-zero key identifier now
2163 * Attempting to create or register a key with a key identifier in the vendor
2173 * In PEM writing functions, fill the trailing part of the buffer with null
2178 * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
2200 group families to psa_ecc_family_t and psa_dh_family_t, in line with the
2210 through PSA Crypto with a volatile lifetime. Reported in #3288 and
2224 mbedtls_x509_crt_verify()) with the actual certificate name: when the
2235 certificates were never considered as revoked. On builds with
2239 revocationDate field, in accordance with RFC 5280. Reported by
2253 Diffie-Hellman. An adversary with precise enough timing and memory access
2281 * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
2304 these applications with password-protected key files. Analogously but for
2317 device, keys created with the old lifetime value will not be readable or
2327 dump of an SSL context saved with mbedtls_ssl_context_save().
2349 mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
2350 f_rng argument. An attacker with access to precise enough timing and
2367 The actual effect with almost every compiler is the intended
2369 * Fix issue with a detected HW accelerated record error not being exposed
2371 * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
2394 when receiving a connection with CID, when these fields were shifted
2419 files in tests/src. When building with make or cmake, the files in
2426 * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
2443 * Fix issue in DTLS handling of new associations with the same parameters
2445 the server could cause it to drop established associations with
2449 * Fix side channel in ECC code that allowed an adversary with access to
2466 a warning with some compilers. Fix contributed by irwir in #2856.
2491 operation. The overread only happens with cryptographically low
2508 values are aligned with the upcoming release of the PSA Crypto API
2513 PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330
2517 * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by
2527 accept some RSA keys with invalid values by silently fixing those values.
2541 default configuration, on a platform with a single entropy source, the
2563 failures could happen with alternative implementations of AES. Bug
2573 change it with mbedtls_ctr_drbg_set_nonce_len().
2591 * Fix a buffer overflow in the PSA HMAC code when using a long key with an
2624 TLS sessions with tools like Wireshark.
2664 with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally
2690 * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument
2699 * Fix to allow building test suites with any warning that detects unused
2703 * Fix build failure when building with mingw on Windows by including
2708 * Enable Suite B with subset of ECP curves. Make sure the code compiles even
2744 * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
2753 * Fix build failure when building with mingw on Windows by including
2769 * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest.
2787 incoming record with the correct connection data even after the peer has
2806 used with negative inputs. Found by Guido Vranken in #2404. Credit to
2875 * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
2957 that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
2994 the PSA Crypto API from Mbed Crypto when additionally used with the
3047 primes with high probability. This does not have an impact on the
3048 security of TLS, but can matter in other contexts with numbers chosen
3072 signature always used a salt with the same length as the hash, and returned
3075 that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
3137 conflict with C runtime usage. Found and fixed by irwir.
3155 * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
3177 with the peer, as well as by a new per-connection MTU option, set using
3196 * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
3202 interoperability issues with BouncyCastle. Raised by milenamil in #1157.
3203 * Replace printf with mbedtls_printf in the ARIA module. Found by
3208 with TLS versions 1.1 and earlier when the server requested authentication
3215 * Fix undefined shifts with negative values in certificates parsing
3226 * Improve compatibility with some alternative CCM implementations by using
3239 exploiting timing measurements. With DTLS, the attacker could perform
3240 this recovery by sending many messages in the same connection. With TLS
3253 targeting an internal MD/SHA buffer. With TLS or if
3301 i386 with SSE2. Found by László Langó. Fixes #1550
3308 CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
3310 to the connection being terminated. Seen most often with OpenSSL using
3313 * Fix ssl_client2 example to send application data with 0-length content
3321 * Fail when receiving a TLS alert message with an invalid length, or invalid
3324 when calling with a NULL salt and non-zero salt_len. Contributed by
3340 * Add support for the XTS block cipher mode with AES (AES-XTS).
3347 * Fix the cert_write example to handle certificates signed with elliptic
3351 * Fix compilation warnings with IAR toolchain, on 32 bit platform.
3368 * Extend the platform module with a util component that contains
3379 * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
3395 trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
3401 algorithms section is too short. In builds with debug output, the overread
3402 data is output with the debug data.
3405 offer or a ciphersuite that cannot be used with the TLS or DTLS version
3419 * Extend the public API with the function of mbedtls_net_poll() to allow user
3501 HMAC functions with non-HMAC ciphersuites. Independently contributed
3517 HMAC extension, Mbed TLS can now interoperate with other
3518 compliant implementations, but this breaks interoperability with
3527 HMAC key of a single, uninterrupted connection (with no
3555 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
3558 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347
3590 * Use (void) when defining functions with no parameters. Contributed by
3627 * Make mbedtls_mpi_read_binary() constant-time with respect to the input
3654 with alternative implementation:
3660 with an alternative implementation:
3686 * Deprecate usage of RSA primitives with non-matching key-type
3687 (e.g. signing with a public key).
3714 dates on leap years with 100 and 400 intervals are handled correctly. Found
3716 * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
3721 * Fix variable used before assignment compilation warnings with IAR
3732 writing routines that prevented these functions to work with alternative
3758 * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c.
3760 * Fix an issue in the cipher decryption with the mode
3786 new ones with return codes. In particular, this modifies the
3803 triggered remotely from either side. (With authmode set to 'required'
3820 API consistent with mbed TLS 2.5.0. Specifically removed the inline
3827 * With authmode set to optional, the TLS handshake is now aborted if the
3876 The issue could only happen client-side with renegotiation enabled.
3881 certificate verification. SHA-1 can be turned back on with a compile-time
3891 and with GCC using the -Wpedantic compilation option.
3893 resulting in compatibility problems with Chrome. Found by hfloyrd. #823
3978 triggered remotely for example with a maliciously constructed certificate
3993 x509_csr.c that are reported when building mbed TLS with a config.h that
4039 with RFC-5116 and could lead to session key recovery in very long TLS
4094 * Fix compatibility issue with Internet Explorer client authentication,
4110 naming collision in projects which also have files with the common name
4114 longer disregard certificates with unrecognised fields.
4153 * Fix test in ssl-opt.sh that does not run properly with valgrind
4157 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
4159 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
4185 with some peers over unreliable links. Avoid dropping an entire DTLS
4217 * Fix build error with configurations where ECDHE-PSK is the only key
4219 * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
4225 minimum key size for end-entity certificates with RSA keys. Found by
4272 * Fix compile error in net.c with musl libc. Found and patch provided by
4278 domain names are compliant with RFC 1035.
4287 https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4304 callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be
4307 handshake with the same context. (See RFC 6347 section 4.2.8.)
4317 * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
4325 * Fix compile error with armcc 5 with --gnu option.
4331 with make.
4332 * Fix link error when building shared libraries for Windows with make.
4340 * Fix memory corruption on client with overlong PSK identity, around
4365 with custom implementation (eg hardware accelerated), complementing the
4371 * Expanded configurability of security parameters in the SSL module with
4404 additional callback for read-with-timeout).
4438 * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
4451 (Thanks to Mansour Moufid for helping with the replacement.)
4524 * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with
4531 instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing
4534 * With UDP sockets, it is no longer necessary to call net_bind() again
4546 * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
4556 * Add support for reading DH parameters with privateValueLength included
4573 warnings on use of deprecated functions (with GCC and Clang only).
4578 * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
4579 * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
4600 * Fix hardclock() (only used in the benchmarking program) with some
4622 * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
4632 brackets for uniformity with the rest of the code.
4666 * Add support for getrandom() syscall on recent Linux kernels with Glibc or
4674 * Stack buffer overflow if ctr_drbg_update() is called with too large
4677 if memory_buffer_alloc_init() was called with buf not aligned and len not
4679 * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
4691 issue with some servers when a zero-length extension was sent. (Reported
4698 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
4705 with a suitable (extended)KeyUsage or curve or no PSK set.
4707 at runtime with ssl_set_truncated_hmac().
4734 * Server-initiated renegotiation would fail with non-blocking I/O if the
4737 with non-blocking I/O.
4740 * Fix compile error with armcc in mpi_is_prime()
4746 standard defining how to use SHA-2 with SSL 3.0).
4748 ambiguous on how to encode some packets with SSL 3.0).
4756 * X.509 certificates with more than one AttributeTypeAndValue per
4771 * Add example config.h for PSK with CCM, optimized for low RAM usage.
4799 * Fix symlink command for cross compiling with CMake (found by Andre
4803 use with some ciphersuites and versions (RC4 in all versions, CBC with
4806 rejected with CBC-based ciphersuites and TLS >= 1.1
4808 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
4819 * Fix possible miscomputation of the premaster secret with DHE-PSK key
4820 exchange that caused some handshakes to fail with other implementations.
4821 (Failure rate <= 1/255 with common DHM moduli.)
4840 * AES-NI now compiles with "old" assemblers too
4860 * Fix detection of Clang on some Apple platforms with CMake
4878 * Reject certificates with times not in UTC, per RFC 5280.
4930 * Work around a bug of the version of Clang shipped by Apple with Mavericks
4943 * Fixed possible buffer overflow with overlong PSK
4951 * Fixed testing with out-of-source builds using cmake
4960 * Fixed bug with session tickets and non-blocking I/O in the unlikely case
4983 * ssl_mail_client now terminates lines with CRLF, instead of LF
5007 * Dropped use of readdir_r() instead of readdir() with threading support
5016 * Fixed X.509 hostname comparison (with non-regular characters)
5050 * cert_write with selfsign should use issuer_name as subject_name
5069 * Compile errors with POLARSSL_RSA_NO_CRT
5070 * Header files with 'polarssl/'
5098 * Certificate Request (CSR) generation with extensions (key_usage,
5100 * X509 Certificate writing with extensions (basic_constraints,
5104 the same host (Not to be confused with SNI!)
5120 (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
5126 * Support faulty X509 v1 certificates with extensions
5153 * Fix hardclock() (only used in the benchmarking program) with some
5157 platforms (found with Coverity Scan).
5179 * Stack buffer overflow if ctr_drbg_update() is called with too large
5190 issue with some servers when a zero-length extension was sent. (Reported
5211 with non-blocking I/O.
5221 * X.509 certificates with more than one AttributeTypeAndValue per
5234 * Work around a bug of the version of Clang shipped by Apple with Mavericks
5238 * Reject certificates with times not in UTC, per RFC 5280.
5255 * Fixed X.509 hostname comparison (with non-regular characters)
5266 * ssl_mail_client now terminates lines with CRLF, instead of LF
5268 * Fixed testing with out-of-source builds using cmake
5374 * Fixes for 64-bit compilation with MS Visual Studio
5400 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5402 interoperability can be switched on/off with the flag
5447 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
5485 * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
5504 * Handle encryption with private key and decryption with public key as per
5509 with carry rollover (found by Ruslan Yushchenko)
5551 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5565 with carry rollover
5574 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
5576 * Handle encryption with private key and decryption with public key as per
5609 * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
5636 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
5650 x509parse_crtfile(). With permissive parsing the parsing does not stop on
5662 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
5665 appended with '....' after first 28 octets
5667 * Fixed MS Visual C++ name clash with int64 in sha4.h
5673 * Expanded cipher layer with support for CFB128 and CTR mode
5705 is now done with a PLUS instead of an OR as error codes
5724 with random data (Fixed ticket #10)
5739 * Fixed proper handling of RSASSA-PSS verification with variable
5745 * Parsing PEM private keys encrypted with DES and AES
5799 with the generic cipher layer and is better naming
5923 one way hash functions with the PKCS#1 v1.5 signing and
5988 * Fixed a critical denial-of-service with X.509 cert. verification:
6018 * Fixed the make install target to comply with *BSD make
6022 * Replaced realloc with malloc in mpi_grow(), and set
6030 connections from being established with non-blocking I/O
6064 * Fixed a bug that caused valid packets with a payload
6072 * Rewrote the headers to generate the API docs with doxygen
6076 * Fixed another bug in ssl_parse_client_hello: clients with
6083 * Multiple fixes to enhance the compatibility with g++,
6088 * Updated timing.c for improved compatibility with i386