Lines Matching refs:when
43 when compiling for Thumb (T32) or 32-bit Arm (A32).
54 AES when compiling for Thumb (T32) or 32-bit Arm (A32).
77 * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when
106 operations when hardware accelerated AES is not present. Improves
138 concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and
144 * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
160 when an SSL context is reset with the mbedtls_ssl_session_reset() API.
177 * Fix the build with CMake when Everest or P256-m is enabled through
179 * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
186 which mainly causes failures when building Windows target using
191 instead of seconds. That avoids rounding errors when computing the age of
202 acceleration detection when the libc headers do not define the
223 * Fix the restoration of the ALPN when loading serialized connection with
225 * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using
230 functions. Note that overlap is still only partially supported when
244 * mbedtls_pk_sign_ext() is now always available, not just when
253 saving code size when those are not otherwise enabled.
273 * Fix a failure to validate input when writing x509 extensions lengths which
292 of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
330 drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
460 small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was
464 * Fix a buffer overread when parsing short TLS application data records in
476 PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
484 in the ecdsa.h header file. There was a build warning when the
487 * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
489 * Fix missing PSA initialization in sample programs when
493 * Fix clang and armclang compilation error when targeting certain Arm
496 * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
499 * Fixed an issue that caused compile errors when using CMake and the IAR
503 * Fix a compilation failure in the constant_time module when
506 * Fix crypt_and_hash decryption fail when used with a stream cipher
510 when given a invalid name string if it did not contain '=' or ','.
515 * In TLS 1.3, fix handshake failure when a client in its ClientHello
522 * Fix a compilation error on some platforms when including mbedtls/ssl.h
524 * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
527 * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc()
529 * Fix compile failure due to empty enum in cipher_wrap.c, when building
533 * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
536 * Fix an issue when parsing an otherName subject alternative name into a
553 * Fix the build with CMake when Everest or P256-m is enabled through
557 * Enable Arm / Thumb bignum assembly for most Arm platforms when
559 * Enforce minimum RSA key size when generating a key
563 operations when MBEDTLS_PSA_CRYPTO_C is defined.
628 This helps in saving code size when some of the above hashes are not
632 * Use HOSTCC (if it is set) when compiling C code during generation of the
633 configuration-independent files. This allows them to be generated when
667 * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM
668 is disabled, when compiling with GCC or Clang or a compatible compiler
679 * Zeroize SSL cache entries when they are freed.
680 * Fix a potential heap buffer overread in TLS 1.3 client-side when
690 implementation as a fallback for when the assembly one cannot be used.
699 * In TLS 1.3, when using a ticket for session resumption, tweak its age
719 * Fix behavior of certain sample programs which could, when run with no
732 * Reject OIDs with overlong-encoded subidentifiers when converting
749 * Fix a compilation error when PSA Crypto is built with support for
753 * Fix TLS 1.3 session resumption when the established pre-shared key is
756 * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
787 To fix the performance degradation when using default values the
789 to best results when tested on Cortex-M4 and Intel i7.
812 when building the library from the development branch rather than
835 hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
836 - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
837 when) MBEDTLS_MD5_C is disabled.
849 though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
865 The ticket mechanism is supported when the configuration option
915 * Fix a long-standing build failure when building x86 PIC code with old
918 * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
922 when building with Xcode.
923 * Fix handling of broken symlinks when loading certificates using
932 * Fix a compilation error when using CMake with an IAR toolchain.
934 * Fix a build error due to a missing prototype warning when
941 * Fix bugs and missing dependencies when building and testing
945 * Fix compilation errors when trying to build with
964 bytes when parsing certificates containing a binary RFC 4108
981 when both operands are 0 and the left operand is represented with 0 limbs.
982 * Fix undefined behavior (typically harmless in practice) when some bignum
989 * Fix a build error when compiling the bignum module for some Arm platforms.
1060 * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
1086 * Add support for the ARMv8 SHA-2 acceleration instructions when building
1132 * Fix a potential heap buffer overread in TLS 1.2 server-side when
1141 when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
1154 checked properly when validating the certificate. This could cause a
1164 * Fixed swap of client and server random bytes when exporting them alongside
1167 in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
1168 * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
1181 * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
1183 * Fix a race condition in out-of-source builds with CMake when generated data
1185 * Fix the library search path when building a shared library with CMake
1202 * Fix compilation error when using C++ Builder on Windows. Reported by
1204 * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
1209 * Fix a TLS 1.3 handshake failure when the peer Finished message has not
1210 been received yet when we first try to fetch it.
1216 * Fix string representation of DNs when outputting values containing commas
1220 when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
1223 * Fix a TLS 1.3 handshake failure when the first attempt to send the client
1231 * Fix a null pointer dereference when performing some operations on zero
1243 * Fix CMake windows host detection, especially when cross compiling.
1261 * Assume source files are in UTF-8 when using MSVC with CMake.
1262 * Fix runtime library install location when building with CMake and MinGW.
1271 targets work when MbedTLS is built as a subdirectory. This allows the
1336 value when verifying a MAC or AEAD tag. This hardens the library in
1357 The check was accidentally not performed when cross-compiling for Windows
1369 * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
1380 AEAD functions when ChachaPoly is disabled. Fixes #5065.
1390 * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
1394 that it produces when signing, as documented. Use the new algorithm
1404 * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
1408 * Fix the build when no SHA2 module is included. Fixes #4930.
1409 * Fix the build when only the bignum module is included. Fixes #4929.
1411 pkcs12 functions when the password is empty. Fix the documentation to
1434 to remember when writing tests, or test configurations. Fixes #4653.
1451 yet supported when cross-compiling.
1506 when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
1621 affect the maintained LTS branches, so when contributing changes please
1782 than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
1790 * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
1794 correctly by some bignum operations. This could happen when
1795 mbedtls_mpi_read_string() was called on "-0", or when
1798 * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
1800 * Fix an incorrect error code when parsing a PKCS#8 private key.
1810 nonetheless, resulting in undefined reference errors when building a
1813 when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
1815 * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
1827 (when the encrypt-then-MAC extension is not in use) with some ALT
1845 * Disallow inputs of length different from the corresponding hash when
1848 * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
1854 * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
1883 * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
1893 when their input has length 0. Note that this is an implementation detail
1897 zero digits when operating from values constructed with an mpi_read
1914 * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
1916 when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
1917 is also applied when loading a key from storage.
1948 * Automatic fallback to a software implementation of ECP when
1969 * Fix a security reduction in CTR_DRBG when the initial seeding obtained a
1973 length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
1978 * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
1990 mbedtls_net_recv_timeout() when given a file descriptor that is
1997 * Fix memory leak that occured when calling psa_close_key() on a
2001 * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
2006 twice is safe. This happens for RSA when some Mbed TLS library functions
2007 fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
2010 when MBEDTLS_THREADING_C is enabled on platforms where initializing
2025 the PSA code needed by a PSA crypto client when the PSA crypto
2090 size of the output buffer when used with NIST_KW. As a result, code using
2095 MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
2105 algorithm parameters (only the size) when comparing the signature in the
2111 certs as invalid when mbedtls did not.
2122 when the input has trailing garbage. Fixes #2512.
2127 * Fix rsa_prepare_blinding() to retry when the blinding value is not
2133 * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
2142 * Fix psa_generate_key() returning an error when asked to generate
2155 * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
2161 fails. Previously the key identifier was just ignored when creating a
2167 * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
2222 * Fix a vulnerability in the verification of X.509 certificates when
2224 mbedtls_x509_crt_verify()) with the actual certificate name: when the
2242 * In (D)TLS record decryption, when using a CBC ciphersuites without the
2274 * Fix build errors when the only enabled elliptic curves are Montgomery
2277 * Fix self-test failure when the only enabled short Weierstrass elliptic
2283 * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory
2347 mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
2349 mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
2354 * Fix issue in Lucky 13 counter-measure that could make it ineffective when
2380 when PRNG function fails. Contributed by Jonas Lejeune in #3318.
2392 * Update iv and len context pointers manually when reallocating buffers
2394 when receiving a connection with CID, when these fields were shifted
2413 * Use FindPython3 when cmake version >= 3.15.0
2416 dropped. As a consequence, the TLS handshake now fails when the output
2447 happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h
2455 DTLS client when parsing the Hello Verify Request message.
2463 * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
2490 * Fix potential memory overread when performing an ECDSA signature
2496 * To avoid a side channel vulnerability when parsing an RSA private key,
2521 * Fix a possible error code mangling in psa_mac_verify_finish() when
2587 * Fix an unused variable warning when compiling without DTLS.
2591 * Fix a buffer overflow in the PSA HMAC code when using a long key with an
2703 * Fix build failure when building with mingw on Windows by including
2753 * Fix build failure when building with mingw on Windows by including
2805 * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
2821 * Set the next sequence of the subject_alt_name to NULL when deleting
2876 when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
2883 * Fix returning the value 1 when mbedtls_ecdsa_genkey failed.
2891 * Fix false failure in all.sh when backup files exist in include/mbedtls
2893 * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
2895 * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
2923 * Ciphersuites based on 3DES now have the lowest priority by default when
2936 steps you have to take when enabling it.
2941 the return type from void to int to allow returning error codes when
2969 * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
2972 * Fix an unsafe bounds check when restoring an SSL session from a ticket.
2994 the PSA Crypto API from Mbed Crypto when additionally used with the
2998 * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
3033 * Fix overly strict DN comparison when looking for CRLs belonging to a
3034 particular CA. This previously led to ignoring CRLs when the CRL's issuer
3104 * Fix failure in hmac_drbg in the benchmark sample application, when
3111 * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
3138 * Remember the string format of X.509 DN attributes when replicating
3157 This allows users to configure such an implementation at compile time when
3180 handshake when flights do not get through (RFC 6347, section 4.1.1.1,
3208 with TLS versions 1.1 and earlier when the server requested authentication
3222 * Copy headers preserving timestamps when doing a "make install".
3288 * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
3296 * Fix compilation error when MBEDTLS_ARC4_C is disabled and
3307 * Fix decryption for zero length messages (which contain all padding) when a
3314 when the request_size argument is set to 0 as stated in the documentation.
3321 * Fail when receiving a TLS alert message with an invalid length, or invalid
3322 zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
3324 when calling with a NULL salt and non-zero salt_len. Contributed by
3400 where an optional signature algorithms list is expected when the signature
3425 This function is necessary to determine when it is safe to idle on the
3447 * Fix overriding and ignoring return values when parsing and writing to
3452 returned when unexpected messages were being discarded, ignoring that
3454 in the internal buffers; these cases led to deadlocks when event-driven
3480 * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
3494 environment variable when using the project makefiles.
3497 * In the SSL module, when f_send, f_recv or f_recv_timeout report
3505 * Declare functions in header files even when an alternative implementation
3516 that when both sides of a TLS connection negotiate the truncated
3540 algorithms family when encrypting private keys using PKCS#5 v2.0.
3555 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
3563 * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
3566 * In test_suite_pk, pass valid parameters when testing for hash length
3571 * Fix X509 CRT parsing that would potentially accept an invalid tag when
3590 * Use (void) when defining functions with no parameters. Contributed by
3602 * Fix a buffer overflow in RSA-PSS verification when the hash was too large
3606 * Fix buffer overflow in RSA-PSS verification when the unmasked data is all
3608 * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
3645 when run on a heavily-loaded machine.
3679 returning error codes when using MBEDTLS_<MODULE>_ALT.
3707 * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
3710 * Parse signature algorithm extension when renegotiating. Previously,
3718 * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
3747 * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
3750 * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1.
3799 * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
3800 mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
3802 (default: 8) intermediates, even when it was not trusted. This could be
3842 compilation when using ARM Compiler 6.
3895 when sending the alert failed. The fix makes sure not to hide the error
3908 * Fix incorrect sign computation in modular exponentiation when the base is
3945 void to int to allow returning error codes when using MBEDTLS_AES_ALT,
3965 some data loss when casting a size_t to an unsigned int value in the
3977 when verifying the validity of a key on secp224k1. This could be
3984 * Fix output certificate verification flags set by x509_crt_verify_top() when
3987 set when the verification conditions are not met regardless of the cause.
3993 x509_csr.c that are reported when building mbed TLS with a config.h that
3998 renegotiation routines at unexpected times when the protocol is DTLS. Found
4000 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
4014 by missing calls to mbedtls_pem_free() in cases when a
4020 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
4022 * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
4044 mbedtls_x509write_csr_der() when the signature is copied to the buffer
4056 configure the maximum length of a file path that can be buffered when
4070 when GCM is used. Found by udf2457. #441
4075 * Fixed cert_app.c sample program for debug output and for use when no root
4090 * Fix potential byte overread when verifying malformed SERVER_HELLO in
4092 * Fix check for validity of date when parsing in mbedtls_x509_get_time().
4133 * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
4139 * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and
4146 * Fix issue that caused a hang when generating RSA keys of odd bitlength
4157 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
4169 * Fix potential double free when mbedtls_asn1_store_named_data() fails to
4180 when the first intermediate certificate has pathLenConstraint=0. Found by
4196 * Fix potential heap corruption on Windows when
4235 * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
4249 mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
4260 * Fix possible heap buffer overflow in base64_encoded() when the input
4274 * Fix macroization of 'inline' keyword when building as C++. (#279)
4288 * Fix possible client-side NULL pointer dereference (read) when the client
4294 * Fix warning when using a 64bit platform. (found by embedthis) (#275)
4316 * Fix segfault in the benchmark program when benchmarking DHM.
4319 * Fix bug when parsing a ServerHello without extensions (found by David
4330 * Fix missing -static-libgcc when building shared libraries for Windows
4332 * Fix link error when building shared libraries for Windows with make.
4333 * Fix error when loading libmbedtls.so.
4343 * Fix unused function warning when using MBEDTLS_MDx_ALT or
4580 * Fix bug in entropy.c when THREADING_C is also enabled that caused
4582 * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
4584 * Fix bug in ssl_mail_client when password is longer that username (found
4588 * mpi_size() and mpi_msb() would segfault when called on an mpi that is
4593 * Fix potential NULL pointer dereference (not trigerrable remotely) when
4606 * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
4637 * NULL pointer dereference in the buffer-based allocator when the buffer is
4665 for pre-1.2 clients when multiple certificates are available.
4682 * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
4691 issue with some servers when a zero-length extension was sent. (Reported
4699 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
4703 * A specific error is now returned when there are ciphersuites in common
4716 * Remotely-triggerable memory leak when parsing some X.509 certificates
4719 * Remotely-triggerable memory leak when parsing crafted ClientHello
4729 * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
4733 renegotation was pending, and on client when a HelloRequest was received.
4735 write callback returned WANT_WRITE when requesting renegotiation.
4763 when a GCM suite was chosen.
4802 * Very small records were incorrectly rejected when truncated HMAC was in
4852 ServerHello when no extensions are present (found by Matthew Page)
4856 big-endian platform when size was not an integer number of limbs
4858 * Some parts of ssl_tls.c were compiled even when the module was disabled.
4875 * pk_verify() now returns a specific error code when the signature is valid
4893 * Potential memory leak in mpi_exp_mod() when error occurs during
4900 * Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by
4939 "triple handshake" attack when authentication mode is 'optional' (the
4940 attack was already impossible when authentication is required).
4958 * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
4961 send() would return an EAGAIN error when sending the ticket.
4962 * ssl_cache was leaking memory when reusing a timed out entry containing a
4964 * ssl_srv was leaking memory when client presented a timed out ticket
5173 * Fix buffer overread of size 1 when parsing crafted X.509 certificates
5190 issue with some servers when a zero-length extension was sent. (Reported
5196 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
5203 * Remotely-triggerable memory leak when parsing some X.509 certificates
5217 renegotation was pending, and on client when a HelloRequest was received.
5244 "triple handshake" attack when authentication mode is optional (the
5245 attack was already impossible when authentication is required).
5252 when a GCM suite was chosen.
5279 * Potential memory leak in mpi_exp_mod() when error occurs during
5282 when no extensions are present (found by Matthew Page)
5286 big-endian platform when size was not an integer number of limbs
5311 * Fixed potential memory leak when failing to resume a session
5382 * Added support for custom labels when using rsa_rsaes_oaep_encrypt()
5384 * Re-added handling for SSLv2 Client Hello when the define
5416 * Memory leak when using RSA_PKCS_V21 operations fixed
5519 * Fixed potential memory leak when failing to resume a session
5575 * Memory leak when using RSA_PKCS_V21 operations fixed
5681 * Undid faulty bug fix in ssl_write() when flushing old data (Ticket
5688 enable and disable individual modes when needed
5737 * Fixed bug in ssl_write() when flushing old data (Fixed ticket
5758 * Support more exotic OID's when parsing certificates
5760 * Support more exotic name representations when parsing
5880 this is mind when checking for errors.
5919 * Fixed a bug in mpi_gcd() so that it also works when both
5962 be sent twice in non-blocking mode when send returns EAGAIN
5970 * Correctly handle the case in padlock_xcryptcbc() when input or
5980 * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty