Lines Matching full:with
20 * On x86/amd64 platforms, with some compilers, when the library is
21 compiled with support for both AESNI and software AES and AESNI is
22 available in hardware, an adversary with fine control over which
37 with consequences ranging up to arbitrary code execution.
44 an item in the output list in an inconsistent state with val.p == NULL but
69 library or the application is built with a compiler where
79 or with compilers where "union foo x = {0}" does not initialize
82 * Resolved build issue with C++ projects using Mbed TLS 3.6 when compiling
83 with the MSVC toolset v142 and earlier. Fixes mbedtls issue #7087.
87 keys with a different LMS or LM-OTS types on some platforms. Specifically,
98 rejected. Furthermore, before, on inputs with too few equal signs, the
102 * When calling mbedtls_asn1_write_raw_buffer() with NULL, 0 as the last two
117 mbedtls_ssl_handshake() now fails with
122 call mbedtls_ssl_set_hostname() with NULL as the hostname, or
160 * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
169 mbedtls_psa_der_to_raw() is called with bits=0.
173 may have resulted in incorrect code with some compilers, depending on
176 1.2 and 1.3). The lack of support was causing handshake failures with
177 some servers, especially with TLS 1.3 in practice. There are a few
183 with Visual Studio 2013 or MinGW.
186 shadow standard CRT headers inttypes.h and stdbool.h with incomplete
188 with the .sln file shipped with the project.
193 * Improve performance of PSA key generation with ECC keys: it no longer
242 - Finite-field Diffie-Hellman with custom groups.
266 starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
289 largest supported curve. In some configurations with PSA disabled,
293 * With TLS 1.3, when a server enables optional authentication of the
300 authentication anyway. Only TLS 1.3 servers were affected, and only with
301 optional authentication (required would abort the handshake with a fatal
330 * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
362 * Fixed a regression introduced in 3.6.0 where the CA callback set with
364 upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
368 with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
370 support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
375 verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
428 * Added an example program showing how to hash with the PSA API.
431 * AES-NI is now supported in Windows builds with clang and clang-cl.
438 (the cipher and PSA interfaces). This option is incompatible with modes
439 that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
461 and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
480 with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
496 key pair with a custom public exponent.
508 called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
513 with the same content as a PSA key.
548 when an SSL context is reset with the mbedtls_ssl_session_reset() API.
560 was able to successfully establish a TLS 1.2 connection with the server.
565 * Fix the build with CMake when Everest or P256-m is enabled through
577 * Fix parsing of CSRs with critical extensions.
580 tickets compared to peer using a millisecond clock (observed with GnuTLS).
587 (psa_asymmetric_[en|de]crypt) with opaque keys.
589 * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
611 * Fix the restoration of the ALPN when loading serialized connection with
635 to select only some of the parameters / groups, with the macros
685 Starting with this release, it is necessary to declare which curves are
736 algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
751 * Add support for the FFDH algorithm and DH key types in PSA, with
755 * It is now possible to generate certificates with SubjectAltNames.
773 When compiling with gcc -Os on Aarch64, AES-XTS improves
803 mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
807 * Add a possibility to generate CSR's with RCF822 and directoryName subtype
818 new implementation with a much smaller footprint, but some minor
826 * In configurations with ARIA or Camellia but not AES, the value of
829 only used in relation with CMAC which does not support these ciphers.
838 RSA OAEP decryption. With the previous implementation, some compilers
857 In TLS 1.2, the affected configurations are those with
885 built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
894 * Fix crypt_and_hash decryption fail when used with a stream cipher
901 tfm_mbedcrypto_config_profile_medium.h with
907 * Fix CCM* with no tag being not supported in a build with CCM as the only
909 * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
911 with all TLS support disabled. Fixes #6628.
916 is called with zero length and padlock is not enabled.
918 with a very minimal configuration. Fixes #7625.
931 * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
934 * Fix undefined symbols in some builds using TLS 1.3 with a custom
941 * Fix the build with CMake when Everest or P256-m is enabled through
946 compiling with gcc, clang or armclang and -O0.
959 * When using CBC with the cipher module, the requirement to call
967 * Fix builds on Windows with clang
1011 (MBEDTLS_ECP_PF_COMPRESSED) with mbedtls_ecp_point_read_binary()
1012 (and callers) for Short Weierstrass curves with prime p where p = 3 mod 4
1043 * Add support for AES with the Armv8-A Cryptographic Extension on
1054 * AES-NI is now supported with Visual Studio.
1056 is disabled, when compiling with GCC or Clang or a compatible compiler
1058 gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like
1060 * It is now possible to use a PSA-held (opaque) password with the TLS 1.2
1070 * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit
1076 (most notably builds with Visual Studio), leaving them vulnerable to
1088 calculation on the client side. It prevents a server with more accurate
1096 be toggled with config.py.
1107 * Fix behavior of certain sample programs which could, when run with no
1115 possible to verify RSA PSS signatures with the pk module, which was
1120 * Reject OIDs with overlong-encoded subidentifiers when converting
1122 * Reject OIDs with subidentifier values exceeding UINT_MAX. Such
1127 descriptions, which started appearing with Clang 15. Fixes #6960.
1137 * Fix a compilation error when PSA Crypto is built with support for
1144 * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1156 signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to
1159 visualc/VS2010 to visualc/VS2013 as we do not support building with versions
1189 RFC 9146, which is not interoperable with the draft-05 version.
1190 If you need to communicate with peers that use earlier versions of
1192 to 1, but then you won't be able to communicate with peers that use the
1194 If you need to interoperate with both classes of peers with the
1199 * When building with PSA drivers using generate_driver_wrappers.py, or
1213 * make: enable building unversioned shared library, with e.g.:
1218 Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
1220 * Some modules can now use PSA drivers for hashes, including with no
1229 the entropy module. As a consequence, for now the only way to build with
1274 MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
1289 * Fix an issue where an adversary with access to precise enough information
1300 * Fix an issue with in-tree CMake builds in releases with GEN_FILES
1303 * Fix a long-standing build failure when building x86 PIC code with old
1309 Fixes 'file not found with <angled> include' error
1310 when building with Xcode.
1315 * Fix an interoperability failure between an Mbed TLS client with both
1320 * Fix a compilation error when using CMake with an IAR toolchain.
1330 configurations with only one encryption type enabled in TLS 1.2.
1332 with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
1333 * Fix compilation errors when trying to build with
1338 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
1340 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
1344 signature with an invalid public key, in some cases. Reported by
1359 with A > 0 created an unintended representation of the value 0 which was
1369 when both operands are 0 and the left operand is represented with 0 limbs.
1395 * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
1397 length with 12, but did not inform the caller about it. Fixes #4301.
1414 documented as such. Use opaque drivers with the interface enabled by
1418 TLS 1.3 handshake should now be configured with
1429 * Add an accessor function to get the configuration associated with
1437 Register callback with mbedtls_ssl_conf_cert_cb().
1439 mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
1457 * Introduce mbedtls_ssl_hs_cb_t typedef for use with
1470 file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
1482 negotiates TLS 1.3 or TLS 1.2 with TLS servers.
1483 * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
1498 * Opaque pre-shared keys for TLS, provisioned with
1504 * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259.
1514 * Fix potential memory leak inside mbedtls_ssl_cache_set() with
1521 MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
1525 * Fix a buffer overread in DTLS ClientHello parsing in servers with
1531 and possibly up to 571 bytes with a custom cookie check function.
1562 * The TLS 1.3 implementation is now compatible with the
1571 * Fix a race condition in out-of-source builds with CMake when generated data
1573 * Fix the library search path when building a shared library with CMake
1579 * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
1589 * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211.
1616 on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
1620 represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
1645 AEAD functions is not an AEAD algorithm. This aligns them with the
1649 * Assume source files are in UTF-8 when using MSVC with CMake.
1650 * Fix runtime library install location when building with CMake and MinGW.
1653 Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
1669 * You can configure groups for a TLS key exchange with the new function
1730 if the output buffer is in memory that is shared with an untrusted
1734 oracle vulnerability if the output buffer is in memory that is shared with
1737 mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
1754 for bignum multiplication that broke some bignum operations with
1759 functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
1761 This does not concern the implementation provided with Mbed TLS,
1762 where this function cannot fail, or full-module replacements with
1765 happen with an alternative implementation of the underlying hash module.
1788 all algorithms that can be used with psa_{sign,verify}_hash(), including
1790 * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
1794 * Fix an uninitialized variable warning in test_suite_ssl.function with GCC
1829 * Indicate in the error returned if the nonce length used with
1846 with a more complex CPU usually have an operating system interface that
1848 interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
1877 * Update AEAD output size macros to bring them in line with the PSA Crypto
1908 * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C.
1916 a key-value store with keys being session IDs and values
1930 * For multi-part AEAD operations with the cipher module, calling
1933 anything with the currently implemented AEADs, so in practice it was
1947 key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
2007 * The library now uses the %zu format specifier with the printf() family of
2024 certificates signed with SHA-1 due to the known attacks against SHA-1.
2066 * The RSA module no longer supports private-key operations with the public
2106 using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
2113 signature with a specific salt length. This function allows to validate
2152 * Fix an issue where an adversary with access to precise enough information
2157 * Fix an issue where an adversary with access to precise enough timing
2171 to create is not valid, bringing them in line with version 1.0.0 of the
2177 in line with version 1.0.0 of the specification. Fix #4162.
2184 mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
2190 set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
2197 * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
2200 * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
2215 (when the encrypt-then-MAC extension is not in use) with some ALT
2222 * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
2224 * Fix a resource leak in a test suite with an alternative AES
2234 signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
2236 * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
2237 A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
2238 could not be triggered by code that constructed A with one of the
2240 those always built an mpi object with at least one limb.
2245 * The PSA API no longer allows the creation or destruction of keys with a
2262 * Fix memsan build false positive in x509_crt.c with clang 11
2269 * When building the test suites with GNU make, invoke python3 or python, not
2275 MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
2280 mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
2285 zero digits when operating from values constructed with an mpi_read
2296 the config file in a way that's compatible with the config file format
2311 with version 1.0.0 of the specification.
2313 in bits rather than bytes, with an additional flag to indicate if the
2316 with version 1.0.0 of the specification.
2349 random generator with mbedtls_xxx functions. See the documentation of
2360 mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
2371 only called with |A| >= |B|. Reported by Guido Vranken in #4042.
2377 * Fix a stack buffer overflow with mbedtls_net_poll() and
2386 wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
2404 consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
2443 mbedtls_cipher_auth_decrypt_ext(). Please note that with AEAD ciphers,
2452 * In PSA, allow using a key declared with a base key agreement algorithm
2454 agreement algorithm in use matches the algorithm the key was declared with.
2467 the last major gap to compliance with the PSA Cryptography specification
2478 size of the output buffer when used with NIST_KW. As a result, code using
2479 those functions as documented with NIST_KW could have a buffer overwrite
2480 of up to 15 bytes, with consequences ranging up to arbitrary code
2525 psa_cipher_* functions compliant with the PSA Crypto API specification.
2528 only the curves that support ECDSA, filter the list with
2535 * Fix handling of EOF against 0xff bytes and on platforms with unsigned
2539 CCM, which allowed encryption with a non-standard length field.
2548 * Attempting to create a volatile key with a non-zero key identifier now
2551 * Attempting to create or register a key with a key identifier in the vendor
2561 * In PEM writing functions, fill the trailing part of the buffer with null
2566 * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
2588 group families to psa_ecc_family_t and psa_dh_family_t, in line with the
2598 through PSA Crypto with a volatile lifetime. Reported in #3288 and
2612 mbedtls_x509_crt_verify()) with the actual certificate name: when the
2623 certificates were never considered as revoked. On builds with
2627 revocationDate field, in accordance with RFC 5280. Reported by
2641 Diffie-Hellman. An adversary with precise enough timing and memory access
2669 * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
2692 these applications with password-protected key files. Analogously but for
2705 device, keys created with the old lifetime value will not be readable or
2715 dump of an SSL context saved with mbedtls_ssl_context_save().
2737 mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
2738 f_rng argument. An attacker with access to precise enough timing and
2755 The actual effect with almost every compiler is the intended
2757 * Fix issue with a detected HW accelerated record error not being exposed
2759 * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
2782 when receiving a connection with CID, when these fields were shifted
2807 files in framework/tests/src. When building with make or cmake, the files in
2814 * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
2831 * Fix issue in DTLS handling of new associations with the same parameters
2833 the server could cause it to drop established associations with
2837 * Fix side channel in ECC code that allowed an adversary with access to
2854 a warning with some compilers. Fix contributed by irwir in #2856.
2879 operation. The overread only happens with cryptographically low
2896 values are aligned with the upcoming release of the PSA Crypto API
2901 PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330
2905 * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by
2915 accept some RSA keys with invalid values by silently fixing those values.
2929 default configuration, on a platform with a single entropy source, the
2951 failures could happen with alternative implementations of AES. Bug
2961 change it with mbedtls_ctr_drbg_set_nonce_len().
2979 * Fix a buffer overflow in the PSA HMAC code when using a long key with an
3012 TLS sessions with tools like Wireshark.
3052 with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally
3078 * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument
3087 * Fix to allow building test suites with any warning that detects unused
3091 * Fix build failure when building with mingw on Windows by including
3096 * Enable Suite B with subset of ECP curves. Make sure the code compiles even
3132 * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
3141 * Fix build failure when building with mingw on Windows by including
3157 * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest.
3175 incoming record with the correct connection data even after the peer has
3194 used with negative inputs. Found by Guido Vranken in #2404. Credit to
3263 * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
3345 that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
3382 the PSA Crypto API from Mbed Crypto when additionally used with the
3435 primes with high probability. This does not have an impact on the
3436 security of TLS, but can matter in other contexts with numbers chosen
3460 signature always used a salt with the same length as the hash, and returned
3463 that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
3525 conflict with C runtime usage. Found and fixed by irwir.
3543 * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
3565 with the peer, as well as by a new per-connection MTU option, set using
3584 * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
3590 interoperability issues with BouncyCastle. Raised by milenamil in #1157.
3591 * Replace printf with mbedtls_printf in the ARIA module. Found by
3596 with TLS versions 1.1 and earlier when the server requested authentication
3603 * Fix undefined shifts with negative values in certificates parsing
3614 * Improve compatibility with some alternative CCM implementations by using
3627 exploiting timing measurements. With DTLS, the attacker could perform
3628 this recovery by sending many messages in the same connection. With TLS
3641 targeting an internal MD/SHA buffer. With TLS or if
3689 i386 with SSE2. Found by László Langó. Fixes #1550
3696 CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
3698 to the connection being terminated. Seen most often with OpenSSL using
3701 * Fix ssl_client2 example to send application data with 0-length content
3709 * Fail when receiving a TLS alert message with an invalid length, or invalid
3712 when calling with a NULL salt and non-zero salt_len. Contributed by
3728 * Add support for the XTS block cipher mode with AES (AES-XTS).
3735 * Fix the cert_write example to handle certificates signed with elliptic
3739 * Fix compilation warnings with IAR toolchain, on 32 bit platform.
3756 * Extend the platform module with a util component that contains
3767 * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
3783 trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
3789 algorithms section is too short. In builds with debug output, the overread
3790 data is output with the debug data.
3793 offer or a ciphersuite that cannot be used with the TLS or DTLS version
3807 * Extend the public API with the function of mbedtls_net_poll() to allow user
3889 HMAC functions with non-HMAC ciphersuites. Independently contributed
3905 HMAC extension, Mbed TLS can now interoperate with other
3906 compliant implementations, but this breaks interoperability with
3915 HMAC key of a single, uninterrupted connection (with no
3943 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
3946 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347
3978 * Use (void) when defining functions with no parameters. Contributed by
4015 * Make mbedtls_mpi_read_binary() constant-time with respect to the input
4042 with alternative implementation:
4048 with an alternative implementation:
4074 * Deprecate usage of RSA primitives with non-matching key-type
4075 (e.g. signing with a public key).
4102 dates on leap years with 100 and 400 intervals are handled correctly. Found
4104 * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
4109 * Fix variable used before assignment compilation warnings with IAR
4120 writing routines that prevented these functions to work with alternative
4146 * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c.
4148 * Fix an issue in the cipher decryption with the mode
4174 new ones with return codes. In particular, this modifies the
4191 triggered remotely from either side. (With authmode set to 'required'
4208 API consistent with mbed TLS 2.5.0. Specifically removed the inline
4215 * With authmode set to optional, the TLS handshake is now aborted if the
4264 The issue could only happen client-side with renegotiation enabled.
4269 certificate verification. SHA-1 can be turned back on with a compile-time
4279 and with GCC using the -Wpedantic compilation option.
4281 resulting in compatibility problems with Chrome. Found by hfloyrd. #823
4366 triggered remotely for example with a maliciously constructed certificate
4381 x509_csr.c that are reported when building mbed TLS with a config.h that
4427 with RFC-5116 and could lead to session key recovery in very long TLS
4482 * Fix compatibility issue with Internet Explorer client authentication,
4498 naming collision in projects which also have files with the common name
4502 longer disregard certificates with unrecognised fields.
4541 * Fix test in ssl-opt.sh that does not run properly with valgrind
4545 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
4547 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
4573 with some peers over unreliable links. Avoid dropping an entire DTLS
4605 * Fix build error with configurations where ECDHE-PSK is the only key
4607 * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
4613 minimum key size for end-entity certificates with RSA keys. Found by
4660 * Fix compile error in net.c with musl libc. Found and patch provided by
4666 domain names are compliant with RFC 1035.
4675 https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4692 callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be
4695 handshake with the same context. (See RFC 6347 section 4.2.8.)
4705 * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
4713 * Fix compile error with armcc 5 with --gnu option.
4719 with make.
4720 * Fix link error when building shared libraries for Windows with make.
4728 * Fix memory corruption on client with overlong PSK identity, around
4753 with custom implementation (eg hardware accelerated), complementing the
4759 * Expanded configurability of security parameters in the SSL module with
4792 additional callback for read-with-timeout).
4826 * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
4839 (Thanks to Mansour Moufid for helping with the replacement.)
4912 * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with
4919 instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing
4922 * With UDP sockets, it is no longer necessary to call net_bind() again
4934 * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
4944 * Add support for reading DH parameters with privateValueLength included
4961 warnings on use of deprecated functions (with GCC and Clang only).
4966 * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
4967 * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
4988 * Fix hardclock() (only used in the benchmarking program) with some
5010 * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
5020 brackets for uniformity with the rest of the code.
5054 * Add support for getrandom() syscall on recent Linux kernels with Glibc or
5062 * Stack buffer overflow if ctr_drbg_update() is called with too large
5065 if memory_buffer_alloc_init() was called with buf not aligned and len not
5067 * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
5079 issue with some servers when a zero-length extension was sent. (Reported
5086 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
5093 with a suitable (extended)KeyUsage or curve or no PSK set.
5095 at runtime with ssl_set_truncated_hmac().
5122 * Server-initiated renegotiation would fail with non-blocking I/O if the
5125 with non-blocking I/O.
5128 * Fix compile error with armcc in mpi_is_prime()
5134 standard defining how to use SHA-2 with SSL 3.0).
5136 ambiguous on how to encode some packets with SSL 3.0).
5144 * X.509 certificates with more than one AttributeTypeAndValue per
5159 * Add example config.h for PSK with CCM, optimized for low RAM usage.
5187 * Fix symlink command for cross compiling with CMake (found by Andre
5191 use with some ciphersuites and versions (RC4 in all versions, CBC with
5194 rejected with CBC-based ciphersuites and TLS >= 1.1
5196 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
5207 * Fix possible miscomputation of the premaster secret with DHE-PSK key
5208 exchange that caused some handshakes to fail with other implementations.
5209 (Failure rate <= 1/255 with common DHM moduli.)
5228 * AES-NI now compiles with "old" assemblers too
5248 * Fix detection of Clang on some Apple platforms with CMake
5266 * Reject certificates with times not in UTC, per RFC 5280.
5318 * Work around a bug of the version of Clang shipped by Apple with Mavericks
5331 * Fixed possible buffer overflow with overlong PSK
5339 * Fixed testing with out-of-source builds using cmake
5348 * Fixed bug with session tickets and non-blocking I/O in the unlikely case
5371 * ssl_mail_client now terminates lines with CRLF, instead of LF
5395 * Dropped use of readdir_r() instead of readdir() with threading support
5404 * Fixed X.509 hostname comparison (with non-regular characters)
5438 * cert_write with selfsign should use issuer_name as subject_name
5457 * Compile errors with POLARSSL_RSA_NO_CRT
5458 * Header files with 'polarssl/'
5486 * Certificate Request (CSR) generation with extensions (key_usage,
5488 * X509 Certificate writing with extensions (basic_constraints,
5492 the same host (Not to be confused with SNI!)
5508 (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
5514 * Support faulty X509 v1 certificates with extensions
5541 * Fix hardclock() (only used in the benchmarking program) with some
5545 platforms (found with Coverity Scan).
5567 * Stack buffer overflow if ctr_drbg_update() is called with too large
5578 issue with some servers when a zero-length extension was sent. (Reported
5599 with non-blocking I/O.
5609 * X.509 certificates with more than one AttributeTypeAndValue per
5622 * Work around a bug of the version of Clang shipped by Apple with Mavericks
5626 * Reject certificates with times not in UTC, per RFC 5280.
5643 * Fixed X.509 hostname comparison (with non-regular characters)
5654 * ssl_mail_client now terminates lines with CRLF, instead of LF
5656 * Fixed testing with out-of-source builds using cmake
5762 * Fixes for 64-bit compilation with MS Visual Studio
5788 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5790 interoperability can be switched on/off with the flag
5835 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
5873 * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
5892 * Handle encryption with private key and decryption with public key as per
5897 with carry rollover (found by Ruslan Yushchenko)
5939 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5953 with carry rollover
5962 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
5964 * Handle encryption with private key and decryption with public key as per
5997 * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
6024 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
6038 x509parse_crtfile(). With permissive parsing the parsing does not stop on
6050 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
6053 appended with '....' after first 28 octets
6055 * Fixed MS Visual C++ name clash with int64 in sha4.h
6061 * Expanded cipher layer with support for CFB128 and CTR mode
6093 is now done with a PLUS instead of an OR as error codes
6112 with random data (Fixed ticket #10)
6127 * Fixed proper handling of RSASSA-PSS verification with variable
6133 * Parsing PEM private keys encrypted with DES and AES
6187 with the generic cipher layer and is better naming
6311 one way hash functions with the PKCS#1 v1.5 signing and
6376 * Fixed a critical denial-of-service with X.509 cert. verification:
6406 * Fixed the make install target to comply with *BSD make
6410 * Replaced realloc with malloc in mpi_grow(), and set
6418 connections from being established with non-blocking I/O
6452 * Fixed a bug that caused valid packets with a payload
6460 * Rewrote the headers to generate the API docs with doxygen
6464 * Fixed another bug in ssl_parse_client_hello: clients with
6471 * Multiple fixes to enhance the compatibility with g++,
6476 * Updated timing.c for improved compatibility with i386