Lines Matching refs:on
65 * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code
67 GCM modules no longer depend on MBEDTLS_CIPHER_C. Also,
72 decryption still unconditionally depend on MBEDTLS_CIPHER_C.
78 hardware accelerated AES is not present (around 13-23% on 64-bit Arm).
107 performance by around 30% on 64-bit Intel; 125% on Armv7-M.
165 * When negotiating TLS version on server side, do not fall back to the
173 Reported by alluettiv on GitHub.
201 * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
210 * mbedtls_pem_read_buffer() now performs a check on the padding data of
213 mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
268 attacker or a remote attacker who is close to the victim on the network
341 key exchanges based on ECDH(E) to work, this requires
354 TLS 1.3 depending on the capabilities and preferences of TLS clients.
365 on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative
385 When compiling with gcc -Os on Aarch64, AES-XTS improves
516 proposes an handshake based on PSK only key exchange mode or at least
522 * Fix a compilation error on some platforms when including mbedtls/ssl.h
550 error code on failure. Before, they returned 1 to indicate failure in
579 * Fix builds on Windows with clang
595 direct dependency of X509 on BIGNUM_C.
620 size and improving performance (depending on compiler and target
655 * Add support for AES with the Armv8-A Cryptographic Extension on
682 * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit
684 attacks. This is configured by MBEDTLS_AESCE_C, which is on by default.
686 * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
700 calculation on the client side. It prevents a server with more accurate
710 used on a shared secret from a key agreement since its input must be
724 certificate parsing, but only on subsequent calls to
759 modules, which would then fail if run on a CPU without the SHA3
789 to best results when tested on Cortex-M4 and Intel i7.
792 compiler target flags on the command line; the library now sets target
807 same build of Mbed TLS, please let us know about your situation on the
845 properly negotiate/accept hashes based on their availability in PSA.
848 provided by PSA drivers. (See previous entry for limitation on RSA-PSS
936 * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When
937 MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an
939 * Fix a build issue on Windows using CMake where the source and build
940 directories could not be on different drives. Fixes #5751.
949 Change mbedtls_x509_get_name() to clean up allocated objects on error.
973 consequence on cryptography code, but might affect applications that call
1012 * The library will no longer compile out of the box on a platform without
1129 disabled on stdio files, to stop secrets loaded from said files being
1141 when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
1176 * Fix unit tests that used 0 as the file UID. This failed on some
1186 on Windows.
1202 * Fix compilation error when using C++ Builder on Windows. Reported by
1224 Finished message on the network cannot be satisfied. Fixes #5499.
1228 on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
1231 * Fix a null pointer dereference when performing some operations on zero
1245 make to break on a clean checkout. Fixes #5340.
1260 temporary variable on the heap. Suggested by Sergey Kanatov in #5304.
1285 X.509 parsing, and finally the field fd of mbedtls_net_context on
1297 * Remove the partial support for running unit tests via Greentea on Mbed OS,
1308 supported on GCC-like compilers and on MSVC and can be configured through
1356 * The GNU makefiles invoke python3 in preference to python except on Windows.
1358 on Linux. Fix this. Fixes #4774.
1365 * Fix missing constraints on x86_64 and aarch64 assembly code
1402 * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
1431 * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the
1432 code size by about 80B on an M0 build. This option only gated an ability
1450 generated by the CMake build system on Unix-like systems. This is not
1490 API version 1.0 spec. This version of the spec parameterizes them on the
1509 * The interface of the GCM module has changed to remove restrictions on
1544 was unclear on this point, and this function happened to never do
1644 More details on PCKS#11 wrapper removal can be found in the mailing list
1653 primes based on RFC 5114 and RFC 3526 from library code and tests:
1707 now determined automatically based on supported curves.
1740 modules had undocumented constraints on their context types. These
1795 mbedtls_mpi_read_string() was called on "-0", or when
1816 * Fix test suite code on platforms where int32_t is not int, such as
1831 timing module on Mbed OS. Fixes #4633.
1835 MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
1838 * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
1842 * psa_verify_hash() was relying on implementation-specific behavior of
1855 effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
1865 applicable RFC: on an invalid Finished message value, an
1883 * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
1884 When that flag is on, standard GNU C printf format specifiers
1997 * Fix memory leak that occured when calling psa_close_key() on a
2002 is enabled, on platforms where initializing a mutex allocates resources.
2008 enabled on platforms where freeing a mutex twice is not safe.
2010 when MBEDTLS_THREADING_C is enabled on platforms where initializing
2018 used to validate digital signatures on certificates and MUST mark the
2047 warning on CMake 3.19.0. #3801
2093 execution depending on the location of the output buffer.
2104 * Fix a compliance issue whereby we were not checking the tag on the
2132 * Use socklen_t on Android and other POSIX-compliant system
2135 * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input
2143 an ECC key pair on Curve25519 or secp244k1.
2147 * Fix handling of EOF against 0xff bytes and on platforms with unsigned
2148 chars. Fixes a build failure on platforms where char is unsigned. Fixes
2155 * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
2165 * Fix build failures on GCC 11. Fixes #3782.
2179 option on. In this configuration key management methods that are required
2188 must be erased, or manually upgraded based on the key storage format
2216 * Support building on e2k (Elbrus) architecture: correctly enable
2234 available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
2281 * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
2285 * Fix bug in redirection of unit test outputs on platforms where stdout is
2292 previously could lead to stack overflow on constrained devices.
2316 instead of the keys' lifetime. If the library is upgraded on an existing
2336 * Added support to entropy_poll for the kern.arandom syscall supported on
2373 * Fix potential linker errors on dual world platforms by inlining
2388 * Fix building library/net_sockets.c and the ssl_mail_client program on
2401 * Fix minor performance issue in operations on Curve25519 caused by using a
2418 * The unit tests now rely on header files in tests/include/test and source
2422 * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
2541 default configuration, on a platform with a single entropy source, the
2559 timings on the comparison in the key generation enabled the attacker to
2571 initial seeding. The default nonce length is chosen based on the key size
2644 about 1 bit of information on average and could cause the value to be
2665 verified and significantly faster, but is only supported on x86 platforms
2681 mbedtls_ecdh_can_do() on each result to check whether each algorithm is
2703 * Fix build failure when building with mingw on Windows by including
2717 * Fix the build on ARMv5TE in ARM mode to not use assembly instructions
2726 uninitialized variable warnings on some recent toolchains (GCC8, etc).
2729 functionally incorrect code on bigendian systems which don't have
2738 docker-env.sh) to simplify running test suites on a Linux host. Contributed
2753 * Fix build failure when building with mingw on Windows by including
2822 sequence on failure. Found and fix suggested by Philippe Antoine.
2847 at the cost of additional lifetime constraints on the input
2880 previously lead to a stack overflow on constrained targets.
2904 instead of relying on other header files that they include.
2910 for platforms that don't provide it. Based on contributions by Joris Aerts
2922 been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
2923 * Ciphersuites based on 3DES now have the lowest priority by default when
2932 changed, but requirements on parameters have been made more explicit in
2977 on some toolchains. Reported by phoenixmcallister. Fixes #2170.
3006 attack. In TLS, this affects servers that accept ciphersuites based on
3020 * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
3047 primes with high probability. This does not have an impact on the
3131 test the handling of large packets and small packets on the client side
3132 in the same way as on the server side.
3163 * Fix build failures on platforms where only gmtime() is available but
3236 * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
3249 * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
3250 1.2, that allowed a local attacker, able to execute code on the local
3260 on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
3261 execute code on the local machine as well as manipulate network packets,
3280 * Add support for key wrapping modes based on AES as defined by
3286 * Fix compilation error on C++, because of a variable named new.
3288 * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
3311 TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
3328 * Allow overriding the time on Windows via the platform-time abstraction.
3351 * Fix compilation warnings with IAR toolchain, on 32 bit platform.
3425 This function is necessary to determine when it is safe to idle on the
3439 * Fix the Makefile build process for building shared libraries on Mac OS X.
3444 * Return the plaintext data more quickly on unpadded CBC decryption, as
3495 * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution
3526 implementation allowed an offline 2^80 brute force attack on the
3532 a crash on invalid input.
3534 crash on invalid input.
3553 * Fix test_suite_pk to work on 64-bit ILP32 systems. #849
3563 * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
3565 Nick Wilson on issue #355
3574 that could cause a key exchange to fail on valid data.
3576 could cause a key exchange to fail on valid data.
3588 a migration path for those depending on the library's ABI.
3599 6 bytes on the peer's heap, which could potentially lead to crash or remote
3614 latter overflows. The exploitability of this issue depends on whether the
3617 and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022.
3635 name larger than 16 bytes had been configured on the server.
3642 * The selftest program can execute a subset of the tests based on command
3645 when run on a heavily-loaded machine.
3714 dates on leap years with 100 and 400 intervals are handled correctly. Found
3743 * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
3749 * Fix mbedtls_timing_alarm(0) on Unix and MinGW.
3767 mbedtls_sha512_init() is called before operating on the relevant context
3769 reset it. Found independently by ccli8 on Github.
3781 on GitHub.
3784 undeclared dependency of the RSA module on the ASN.1 module.
3837 * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
3861 64-bit division. This is useful on embedded platforms where 64-bit division
3862 created a dependency on external libraries. #708
3881 certificate verification. SHA-1 can be turned back on with a compile-time
3955 * Add checks in the PK module for the RSA functions on 64-bit systems.
3976 * Fixed a bug that caused freeing a buffer that was allocated on the stack,
3977 when verifying the validity of a key on secp224k1. This could be
3979 and potentially could lead to remote code execution on some platforms.
4040 sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
4071 * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
4073 * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on
4107 * Added optimization for code space for X.509/OID based on configured
4173 SLOTH attack on TLS 1.2 server authentication (other attacks from the
4196 * Fix potential heap corruption on Windows when
4201 on untrusted input or write keys of untrusted origin. Found by Guido
4203 * The X509 max_pathlen constraint was not enforced on intermediate
4227 * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
4254 string of close to or larger than 1GB to exploit; on 64 bit machines, would
4257 on crafted PEM input data. Found and fix provided by Guido Vranken,
4261 buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
4263 * Fix potential double-free if mbedtls_conf_psk() is called repeatedly on
4337 result trying to unlock an unlocked mutex on invalid input (found by
4340 * Fix memory corruption on client with overlong PSK identity, around
4350 end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
4390 should generally be the first function called on this context after init:
4474 * Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on).
4510 * Negotiation of truncated HMAC is now disabled by default on server too.
4520 * The NET layer now unconditionnaly relies on getaddrinfo() and select().
4530 * DTLS no longer hard-depends on TIMING_C, but uses a callback interface
4547 extendedKeyUsage on the leaf certificate was lost (results not accessible
4560 * Add support for overriding snprintf() (except on Windows) and exit() in
4568 * New script ecc-heap.sh helps measuring the impact of ECC parameters on
4573 warnings on use of deprecated functions (with GCC and Clang only).
4575 errors on use of deprecated functions.
4583 once on the same context.
4588 * mpi_size() and mpi_msb() would segfault when called on an mpi that is
4590 * Fix detection of support for getrandom() on Linux (reported by syzzer) by
4603 * Fix potential unintended sign extension in asn1_get_len() on 64-bit
4610 * Add missing dependency on SHA-256 in some x509 programs (reported by
4633 * Remove dependency on sscanf() in X.509 parsing modules.
4664 * Certificate selection based on signature hash, preferring SHA-1 over SHA-2
4666 * Add support for getrandom() syscall on recent Linux kernels with Glibc or
4684 * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
4700 * ssl_set_own_cert() now returns an error on key-certificate mismatch.
4732 * ssl_read() could return non-application data records on server while
4733 renegotation was pending, and on client when a HelloRequest was received.
4738 * Fix compiler warnings on iOS (found by Sander Niemeijer).
4739 * x509_crt_parse() did not increase total_failed on PEM error
4748 ambiguous on how to encode some packets with SSL 3.0).
4752 POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
4782 required on some platforms (e.g. OpenBSD)
4794 * Remove less-than-zero checks on unsigned numbers
4795 * Stricter check on SSL ClientHello internal sizes compared to actual packet
4828 = PolarSSL 1.3.7 released on 2014-05-02
4841 * Ciphersuites based on RC4 now have the lowest priority by default
4855 * mpi_fill_random() was creating numbers larger than requested on
4860 * Fix detection of Clang on some Apple platforms with CMake
4863 = PolarSSL 1.3.6 released on 2014-04-11
4905 * Calling pk_debug() on an RSA-alt key would segfault.
4912 = PolarSSL 1.3.5 released on 2014-03-26
4953 * Fixed CMake symlinking on out-of-source builds
4956 * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
4959 * m_sleep() was sleeping twice too long on most Unix platforms.
4973 = PolarSSL 1.3.4 released on 2014-01-27
4984 * net module handles timeouts on blocking sockets better (found by Tilman
4992 = PolarSSL 1.3.3 released on 2013-12-31
5015 * Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int
5022 * Fixed x509_crt_parse_path() bug on Windows platforms
5032 = PolarSSL 1.3.2 released on 2013-11-04
5047 * Prevent possible alignment warnings on casting from char * to 'aligned *'
5055 = PolarSSL 1.3.1 released on 2013-10-15
5077 = PolarSSL 1.3.0 released on 2013-10-01
5085 * Ability to specify allowed ciphersuites based on the protocol version.
5109 * Introduced separate SSL Ciphersuites module that is based on
5116 * Client and server now filter sent and accepted ciphersuites on minimum
5131 * zlib compression/decompression skipped on empty blocks
5136 * RSA blinding on CRT operations to counter timing attacks
5156 * Fix potential unintended sign extension in asn1_get_len() on 64-bit
5181 * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
5183 * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
5212 * x509_crt_parse() did not increase total_failed on PEM error
5213 * Fix compiler warnings on iOS (found by Sander Niemeijer).
5216 * ssl_read() could return non-application data records on server while
5217 renegotation was pending, and on client when a HelloRequest was received.
5224 POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
5258 * Fixed x509_crt_parse_path() bug on Windows platforms
5270 * Fixed CMake symlinking on out-of-source builds
5271 * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
5285 * mpi_fill_random() was creating numbers larger than requested on
5288 * Stricter check on SSL ClientHello internal sizes compared to actual packet
5316 * Fixed potential heap buffer overflow on large hostname setting
5318 * RSA blinding on CRT operations to counter timing attacks
5343 * Fixed const correctness issues that have no impact on the ABI
5359 * Ability to specify allowed ciphersuites based on the protocol version.
5375 * Fixed net_bind() for specified IP addresses on little endian systems
5402 interoperability can be switched on/off with the flag
5433 * Fixed dependency on POLARSSL_SHA4_C in SSL modules
5498 * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
5501 * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
5507 * Prevent reading over buffer boundaries on X509 certificate parsing
5514 * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
5517 = Version 1.1.8 released on 2013-10-01
5526 * Potential heap buffer overflow on large hostname setting
5528 = Version 1.1.7 released on 2013-06-19
5544 = Version 1.1.6 released on 2013-03-11
5546 * Fixed net_bind() for specified IP addresses on little endian systems
5560 = Version 1.1.5 released on 2013-01-16
5567 * Prevent reading over buffer boundaries on X509 certificate parsing
5581 * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
5584 = Version 1.1.4 released on 2012-05-31
5588 * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
5590 = Version 1.1.3 released on 2012-04-29
5594 = Version 1.1.2 released on 2012-04-26
5596 * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
5600 * Fixed potential memory corruption on miscrafted client messages (found by
5605 = Version 1.1.1 released on 2012-01-23
5609 * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
5613 = Version 1.1.0 released on 2011-12-22
5623 * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
5650 x509parse_crtfile(). With permissive parsing the parsing does not stop on
5653 * All error codes are now negative. Even on mermory failures and IO errors.
5671 = Version 1.0.0 released on 2011-07-27
5684 = Version 0.99-pre5 released on 2011-05-26
5708 net_recv() now returns 0 on EOF instead of
5710 POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
5717 = Version 0.99-pre4 released on 2011-04-01
5742 = Version 0.99-pre3 released on 2011-02-28
5768 * Fixed a possible Man-in-the-Middle attack on the
5772 = Version 0.99-pre1 released on 2011-01-30
5787 + Added verification callback on certificate chain
5802 = Version 0.14.0 released on 2010-08-16
5812 * Removed dependency on rand() in rsa_pkcs1_encrypt().
5823 * Fixed deadlock in rsa_pkcs1_encrypt() on failing random
5826 = Version 0.13.1 released on 2010-03-24
5831 = Version 0.13.0 released on 2010-03-21
5854 * Added small fixes for compiler warnings on a Mac
5859 = Version 0.12.1 released on 2009-10-04
5870 = Version 0.12.0 released on 2009-07-28
5887 * Fixed include location of endian.h on FreeBSD (found by
5889 * Fixed include location of endian.h and name clash on
5899 * Fixed segfault on handling empty rsa_context in
5914 = Version 0.11.1 released on 2009-05-17
5918 = Version 0.11.0 released on 2009-05-03
5941 * Fixed compatibility of XTEA and Camellia on a 64-bit system
5944 = Version 0.10.0 released on 2009-01-12
5956 = Version 0.9 released on 2008-03-16
5968 not swapped on PadLock; also fixed compilation on older versions
5978 * Added support on the client side for the TLS "hostname" extension
5995 Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
5998 * Fixed assembly PPC compilation errors on Mac OS X, thanks to
6001 = Version 0.8 released on 2007-10-20
6019 * Fixed a bug in mpi_read_binary() on 64-bit platforms
6026 = Version 0.7 released on 2007-07-07
6042 = Version 0.6 released on 2007-04-01
6045 time, to reduce the memory footprint on embedded systems
6052 * Fixed "long long" compilation issues on IA-64 and PPC64
6054 was not being correctly defined on ARM and MIPS
6056 = Version 0.5 released on 2007-03-01
6061 * Fixed some portability issues on WinCE, MINIX 3, Plan9
6067 = Version 0.4 released on 2007-02-01
6080 = Version 0.3 released on 2007-01-01
6086 the bignum code is no longer dependent on long long
6091 = Version 0.2 released on 2006-12-01
6094 * Updated the MPI code to support 8086 on MSVC 1.5
6108 = Version 0.1 released on 2006-11-01