Lines Matching full:with
63 * On x86/amd64 platforms, with some compilers, when the library is
64 compiled with support for both AESNI and software AES and AESNI is
65 available in hardware, an adversary with fine control over which
80 with consequences ranging up to arbitrary code execution.
87 an item in the output list in an inconsistent state with val.p == NULL but
112 library or the application is built with a compiler where
122 or with compilers where "union foo x = {0}" does not initialize
125 * Resolved build issue with C++ projects using Mbed TLS 3.6 when compiling
126 with the MSVC toolset v142 and earlier. Fixes mbedtls issue #7087.
130 keys with a different LMS or LM-OTS types on some platforms. Specifically,
141 rejected. Furthermore, before, on inputs with too few equal signs, the
145 * When calling mbedtls_asn1_write_raw_buffer() with NULL, 0 as the last two
160 mbedtls_ssl_handshake() now fails with
165 call mbedtls_ssl_set_hostname() with NULL as the hostname, or
203 * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
212 mbedtls_psa_der_to_raw() is called with bits=0.
216 may have resulted in incorrect code with some compilers, depending on
219 1.2 and 1.3). The lack of support was causing handshake failures with
220 some servers, especially with TLS 1.3 in practice. There are a few
226 with Visual Studio 2013 or MinGW.
229 shadow standard CRT headers inttypes.h and stdbool.h with incomplete
231 with the .sln file shipped with the project.
236 * Improve performance of PSA key generation with ECC keys: it no longer
285 - Finite-field Diffie-Hellman with custom groups.
309 starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
332 largest supported curve. In some configurations with PSA disabled,
336 * With TLS 1.3, when a server enables optional authentication of the
343 authentication anyway. Only TLS 1.3 servers were affected, and only with
344 optional authentication (required would abort the handshake with a fatal
373 * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
405 * Fixed a regression introduced in 3.6.0 where the CA callback set with
407 upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
411 with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
413 support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
418 verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
471 * Added an example program showing how to hash with the PSA API.
474 * AES-NI is now supported in Windows builds with clang and clang-cl.
481 (the cipher and PSA interfaces). This option is incompatible with modes
482 that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
504 and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
523 with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
539 key pair with a custom public exponent.
551 called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
556 with the same content as a PSA key.
591 when an SSL context is reset with the mbedtls_ssl_session_reset() API.
603 was able to successfully establish a TLS 1.2 connection with the server.
608 * Fix the build with CMake when Everest or P256-m is enabled through
620 * Fix parsing of CSRs with critical extensions.
623 tickets compared to peer using a millisecond clock (observed with GnuTLS).
630 (psa_asymmetric_[en|de]crypt) with opaque keys.
632 * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
654 * Fix the restoration of the ALPN when loading serialized connection with
678 to select only some of the parameters / groups, with the macros
728 Starting with this release, it is necessary to declare which curves are
779 algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
794 * Add support for the FFDH algorithm and DH key types in PSA, with
798 * It is now possible to generate certificates with SubjectAltNames.
816 When compiling with gcc -Os on Aarch64, AES-XTS improves
846 mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
850 * Add a possibility to generate CSR's with RCF822 and directoryName subtype
861 new implementation with a much smaller footprint, but some minor
869 * In configurations with ARIA or Camellia but not AES, the value of
872 only used in relation with CMAC which does not support these ciphers.
881 RSA OAEP decryption. With the previous implementation, some compilers
900 In TLS 1.2, the affected configurations are those with
928 built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
937 * Fix crypt_and_hash decryption fail when used with a stream cipher
944 tfm_mbedcrypto_config_profile_medium.h with
950 * Fix CCM* with no tag being not supported in a build with CCM as the only
952 * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
954 with all TLS support disabled. Fixes #6628.
959 is called with zero length and padlock is not enabled.
961 with a very minimal configuration. Fixes #7625.
974 * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
977 * Fix undefined symbols in some builds using TLS 1.3 with a custom
984 * Fix the build with CMake when Everest or P256-m is enabled through
989 compiling with gcc, clang or armclang and -O0.
1002 * When using CBC with the cipher module, the requirement to call
1010 * Fix builds on Windows with clang
1054 (MBEDTLS_ECP_PF_COMPRESSED) with mbedtls_ecp_point_read_binary()
1055 (and callers) for Short Weierstrass curves with prime p where p = 3 mod 4
1086 * Add support for AES with the Armv8-A Cryptographic Extension on
1097 * AES-NI is now supported with Visual Studio.
1099 is disabled, when compiling with GCC or Clang or a compatible compiler
1101 gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like
1103 * It is now possible to use a PSA-held (opaque) password with the TLS 1.2
1113 * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit
1119 (most notably builds with Visual Studio), leaving them vulnerable to
1131 calculation on the client side. It prevents a server with more accurate
1139 be toggled with config.py.
1150 * Fix behavior of certain sample programs which could, when run with no
1158 possible to verify RSA PSS signatures with the pk module, which was
1163 * Reject OIDs with overlong-encoded subidentifiers when converting
1165 * Reject OIDs with subidentifier values exceeding UINT_MAX. Such
1170 descriptions, which started appearing with Clang 15. Fixes #6960.
1180 * Fix a compilation error when PSA Crypto is built with support for
1187 * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1199 signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to
1202 visualc/VS2010 to visualc/VS2013 as we do not support building with versions
1232 RFC 9146, which is not interoperable with the draft-05 version.
1233 If you need to communicate with peers that use earlier versions of
1235 to 1, but then you won't be able to communicate with peers that use the
1237 If you need to interoperate with both classes of peers with the
1242 * When building with PSA drivers using generate_driver_wrappers.py, or
1256 * make: enable building unversioned shared library, with e.g.:
1261 Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
1263 * Some modules can now use PSA drivers for hashes, including with no
1272 the entropy module. As a consequence, for now the only way to build with
1317 MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
1332 * Fix an issue where an adversary with access to precise enough information
1343 * Fix an issue with in-tree CMake builds in releases with GEN_FILES
1346 * Fix a long-standing build failure when building x86 PIC code with old
1352 Fixes 'file not found with <angled> include' error
1353 when building with Xcode.
1358 * Fix an interoperability failure between an Mbed TLS client with both
1363 * Fix a compilation error when using CMake with an IAR toolchain.
1373 configurations with only one encryption type enabled in TLS 1.2.
1375 with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
1376 * Fix compilation errors when trying to build with
1381 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
1383 * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
1387 signature with an invalid public key, in some cases. Reported by
1402 with A > 0 created an unintended representation of the value 0 which was
1412 when both operands are 0 and the left operand is represented with 0 limbs.
1438 * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
1440 length with 12, but did not inform the caller about it. Fixes #4301.
1457 documented as such. Use opaque drivers with the interface enabled by
1461 TLS 1.3 handshake should now be configured with
1472 * Add an accessor function to get the configuration associated with
1480 Register callback with mbedtls_ssl_conf_cert_cb().
1482 mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
1500 * Introduce mbedtls_ssl_hs_cb_t typedef for use with
1513 file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
1525 negotiates TLS 1.3 or TLS 1.2 with TLS servers.
1526 * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
1541 * Opaque pre-shared keys for TLS, provisioned with
1547 * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259.
1557 * Fix potential memory leak inside mbedtls_ssl_cache_set() with
1564 MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
1568 * Fix a buffer overread in DTLS ClientHello parsing in servers with
1574 and possibly up to 571 bytes with a custom cookie check function.
1605 * The TLS 1.3 implementation is now compatible with the
1614 * Fix a race condition in out-of-source builds with CMake when generated data
1616 * Fix the library search path when building a shared library with CMake
1622 * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
1632 * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211.
1659 on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
1663 represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
1688 AEAD functions is not an AEAD algorithm. This aligns them with the
1692 * Assume source files are in UTF-8 when using MSVC with CMake.
1693 * Fix runtime library install location when building with CMake and MinGW.
1696 Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
1712 * You can configure groups for a TLS key exchange with the new function
1773 if the output buffer is in memory that is shared with an untrusted
1777 oracle vulnerability if the output buffer is in memory that is shared with
1780 mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
1797 for bignum multiplication that broke some bignum operations with
1802 functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
1804 This does not concern the implementation provided with Mbed TLS,
1805 where this function cannot fail, or full-module replacements with
1808 happen with an alternative implementation of the underlying hash module.
1831 all algorithms that can be used with psa_{sign,verify}_hash(), including
1833 * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
1837 * Fix an uninitialized variable warning in test_suite_ssl.function with GCC
1872 * Indicate in the error returned if the nonce length used with
1889 with a more complex CPU usually have an operating system interface that
1891 interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
1920 * Update AEAD output size macros to bring them in line with the PSA Crypto
1951 * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C.
1959 a key-value store with keys being session IDs and values
1973 * For multi-part AEAD operations with the cipher module, calling
1976 anything with the currently implemented AEADs, so in practice it was
1990 key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
2050 * The library now uses the %zu format specifier with the printf() family of
2067 certificates signed with SHA-1 due to the known attacks against SHA-1.
2109 * The RSA module no longer supports private-key operations with the public
2149 using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
2156 signature with a specific salt length. This function allows to validate
2195 * Fix an issue where an adversary with access to precise enough information
2200 * Fix an issue where an adversary with access to precise enough timing
2214 to create is not valid, bringing them in line with version 1.0.0 of the
2220 in line with version 1.0.0 of the specification. Fix #4162.
2227 mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
2233 set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
2240 * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
2243 * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
2258 (when the encrypt-then-MAC extension is not in use) with some ALT
2265 * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
2267 * Fix a resource leak in a test suite with an alternative AES
2277 signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
2279 * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
2280 A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
2281 could not be triggered by code that constructed A with one of the
2283 those always built an mpi object with at least one limb.
2288 * The PSA API no longer allows the creation or destruction of keys with a
2305 * Fix memsan build false positive in x509_crt.c with clang 11
2312 * When building the test suites with GNU make, invoke python3 or python, not
2318 MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
2323 mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
2328 zero digits when operating from values constructed with an mpi_read
2339 the config file in a way that's compatible with the config file format
2354 with version 1.0.0 of the specification.
2356 in bits rather than bytes, with an additional flag to indicate if the
2359 with version 1.0.0 of the specification.
2392 random generator with mbedtls_xxx functions. See the documentation of
2403 mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
2414 only called with |A| >= |B|. Reported by Guido Vranken in #4042.
2420 * Fix a stack buffer overflow with mbedtls_net_poll() and
2429 wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
2447 consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
2486 mbedtls_cipher_auth_decrypt_ext(). Please note that with AEAD ciphers,
2495 * In PSA, allow using a key declared with a base key agreement algorithm
2497 agreement algorithm in use matches the algorithm the key was declared with.
2510 the last major gap to compliance with the PSA Cryptography specification
2521 size of the output buffer when used with NIST_KW. As a result, code using
2522 those functions as documented with NIST_KW could have a buffer overwrite
2523 of up to 15 bytes, with consequences ranging up to arbitrary code
2568 psa_cipher_* functions compliant with the PSA Crypto API specification.
2571 only the curves that support ECDSA, filter the list with
2578 * Fix handling of EOF against 0xff bytes and on platforms with unsigned
2582 CCM, which allowed encryption with a non-standard length field.
2591 * Attempting to create a volatile key with a non-zero key identifier now
2594 * Attempting to create or register a key with a key identifier in the vendor
2604 * In PEM writing functions, fill the trailing part of the buffer with null
2609 * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
2631 group families to psa_ecc_family_t and psa_dh_family_t, in line with the
2641 through PSA Crypto with a volatile lifetime. Reported in #3288 and
2655 mbedtls_x509_crt_verify()) with the actual certificate name: when the
2666 certificates were never considered as revoked. On builds with
2670 revocationDate field, in accordance with RFC 5280. Reported by
2684 Diffie-Hellman. An adversary with precise enough timing and memory access
2712 * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
2735 these applications with password-protected key files. Analogously but for
2748 device, keys created with the old lifetime value will not be readable or
2758 dump of an SSL context saved with mbedtls_ssl_context_save().
2780 mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
2781 f_rng argument. An attacker with access to precise enough timing and
2798 The actual effect with almost every compiler is the intended
2800 * Fix issue with a detected HW accelerated record error not being exposed
2802 * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
2825 when receiving a connection with CID, when these fields were shifted
2850 files in framework/tests/src. When building with make or cmake, the files in
2857 * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
2874 * Fix issue in DTLS handling of new associations with the same parameters
2876 the server could cause it to drop established associations with
2880 * Fix side channel in ECC code that allowed an adversary with access to
2897 a warning with some compilers. Fix contributed by irwir in #2856.
2922 operation. The overread only happens with cryptographically low
2939 values are aligned with the upcoming release of the PSA Crypto API
2944 PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330
2948 * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by
2958 accept some RSA keys with invalid values by silently fixing those values.
2972 default configuration, on a platform with a single entropy source, the
2994 failures could happen with alternative implementations of AES. Bug
3004 change it with mbedtls_ctr_drbg_set_nonce_len().
3022 * Fix a buffer overflow in the PSA HMAC code when using a long key with an
3055 TLS sessions with tools like Wireshark.
3095 with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally
3121 * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument
3130 * Fix to allow building test suites with any warning that detects unused
3134 * Fix build failure when building with mingw on Windows by including
3139 * Enable Suite B with subset of ECP curves. Make sure the code compiles even
3175 * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
3184 * Fix build failure when building with mingw on Windows by including
3200 * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest.
3218 incoming record with the correct connection data even after the peer has
3237 used with negative inputs. Found by Guido Vranken in #2404. Credit to
3306 * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
3388 that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
3425 the PSA Crypto API from Mbed Crypto when additionally used with the
3478 primes with high probability. This does not have an impact on the
3479 security of TLS, but can matter in other contexts with numbers chosen
3503 signature always used a salt with the same length as the hash, and returned
3506 that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
3568 conflict with C runtime usage. Found and fixed by irwir.
3586 * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
3608 with the peer, as well as by a new per-connection MTU option, set using
3627 * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
3633 interoperability issues with BouncyCastle. Raised by milenamil in #1157.
3634 * Replace printf with mbedtls_printf in the ARIA module. Found by
3639 with TLS versions 1.1 and earlier when the server requested authentication
3646 * Fix undefined shifts with negative values in certificates parsing
3657 * Improve compatibility with some alternative CCM implementations by using
3670 exploiting timing measurements. With DTLS, the attacker could perform
3671 this recovery by sending many messages in the same connection. With TLS
3684 targeting an internal MD/SHA buffer. With TLS or if
3732 i386 with SSE2. Found by László Langó. Fixes #1550
3739 CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
3741 to the connection being terminated. Seen most often with OpenSSL using
3744 * Fix ssl_client2 example to send application data with 0-length content
3752 * Fail when receiving a TLS alert message with an invalid length, or invalid
3755 when calling with a NULL salt and non-zero salt_len. Contributed by
3771 * Add support for the XTS block cipher mode with AES (AES-XTS).
3778 * Fix the cert_write example to handle certificates signed with elliptic
3782 * Fix compilation warnings with IAR toolchain, on 32 bit platform.
3799 * Extend the platform module with a util component that contains
3810 * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
3826 trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
3832 algorithms section is too short. In builds with debug output, the overread
3833 data is output with the debug data.
3836 offer or a ciphersuite that cannot be used with the TLS or DTLS version
3850 * Extend the public API with the function of mbedtls_net_poll() to allow user
3932 HMAC functions with non-HMAC ciphersuites. Independently contributed
3948 HMAC extension, Mbed TLS can now interoperate with other
3949 compliant implementations, but this breaks interoperability with
3958 HMAC key of a single, uninterrupted connection (with no
3986 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
3989 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347
4021 * Use (void) when defining functions with no parameters. Contributed by
4058 * Make mbedtls_mpi_read_binary() constant-time with respect to the input
4085 with alternative implementation:
4091 with an alternative implementation:
4117 * Deprecate usage of RSA primitives with non-matching key-type
4118 (e.g. signing with a public key).
4145 dates on leap years with 100 and 400 intervals are handled correctly. Found
4147 * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
4152 * Fix variable used before assignment compilation warnings with IAR
4163 writing routines that prevented these functions to work with alternative
4189 * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c.
4191 * Fix an issue in the cipher decryption with the mode
4217 new ones with return codes. In particular, this modifies the
4234 triggered remotely from either side. (With authmode set to 'required'
4251 API consistent with mbed TLS 2.5.0. Specifically removed the inline
4258 * With authmode set to optional, the TLS handshake is now aborted if the
4307 The issue could only happen client-side with renegotiation enabled.
4312 certificate verification. SHA-1 can be turned back on with a compile-time
4322 and with GCC using the -Wpedantic compilation option.
4324 resulting in compatibility problems with Chrome. Found by hfloyrd. #823
4409 triggered remotely for example with a maliciously constructed certificate
4424 x509_csr.c that are reported when building mbed TLS with a config.h that
4470 with RFC-5116 and could lead to session key recovery in very long TLS
4525 * Fix compatibility issue with Internet Explorer client authentication,
4541 naming collision in projects which also have files with the common name
4545 longer disregard certificates with unrecognised fields.
4584 * Fix test in ssl-opt.sh that does not run properly with valgrind
4588 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
4590 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
4616 with some peers over unreliable links. Avoid dropping an entire DTLS
4648 * Fix build error with configurations where ECDHE-PSK is the only key
4650 * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
4656 minimum key size for end-entity certificates with RSA keys. Found by
4703 * Fix compile error in net.c with musl libc. Found and patch provided by
4709 domain names are compliant with RFC 1035.
4718 https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4735 callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be
4738 handshake with the same context. (See RFC 6347 section 4.2.8.)
4748 * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
4756 * Fix compile error with armcc 5 with --gnu option.
4762 with make.
4763 * Fix link error when building shared libraries for Windows with make.
4771 * Fix memory corruption on client with overlong PSK identity, around
4796 with custom implementation (eg hardware accelerated), complementing the
4802 * Expanded configurability of security parameters in the SSL module with
4835 additional callback for read-with-timeout).
4869 * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
4882 (Thanks to Mansour Moufid for helping with the replacement.)
4955 * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with
4962 instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing
4965 * With UDP sockets, it is no longer necessary to call net_bind() again
4977 * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
4987 * Add support for reading DH parameters with privateValueLength included
5004 warnings on use of deprecated functions (with GCC and Clang only).
5009 * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
5010 * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
5031 * Fix hardclock() (only used in the benchmarking program) with some
5053 * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
5063 brackets for uniformity with the rest of the code.
5097 * Add support for getrandom() syscall on recent Linux kernels with Glibc or
5105 * Stack buffer overflow if ctr_drbg_update() is called with too large
5108 if memory_buffer_alloc_init() was called with buf not aligned and len not
5110 * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
5122 issue with some servers when a zero-length extension was sent. (Reported
5129 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
5136 with a suitable (extended)KeyUsage or curve or no PSK set.
5138 at runtime with ssl_set_truncated_hmac().
5165 * Server-initiated renegotiation would fail with non-blocking I/O if the
5168 with non-blocking I/O.
5171 * Fix compile error with armcc in mpi_is_prime()
5177 standard defining how to use SHA-2 with SSL 3.0).
5179 ambiguous on how to encode some packets with SSL 3.0).
5187 * X.509 certificates with more than one AttributeTypeAndValue per
5202 * Add example config.h for PSK with CCM, optimized for low RAM usage.
5230 * Fix symlink command for cross compiling with CMake (found by Andre
5234 use with some ciphersuites and versions (RC4 in all versions, CBC with
5237 rejected with CBC-based ciphersuites and TLS >= 1.1
5239 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
5250 * Fix possible miscomputation of the premaster secret with DHE-PSK key
5251 exchange that caused some handshakes to fail with other implementations.
5252 (Failure rate <= 1/255 with common DHM moduli.)
5271 * AES-NI now compiles with "old" assemblers too
5291 * Fix detection of Clang on some Apple platforms with CMake
5309 * Reject certificates with times not in UTC, per RFC 5280.
5361 * Work around a bug of the version of Clang shipped by Apple with Mavericks
5374 * Fixed possible buffer overflow with overlong PSK
5382 * Fixed testing with out-of-source builds using cmake
5391 * Fixed bug with session tickets and non-blocking I/O in the unlikely case
5414 * ssl_mail_client now terminates lines with CRLF, instead of LF
5438 * Dropped use of readdir_r() instead of readdir() with threading support
5447 * Fixed X.509 hostname comparison (with non-regular characters)
5481 * cert_write with selfsign should use issuer_name as subject_name
5500 * Compile errors with POLARSSL_RSA_NO_CRT
5501 * Header files with 'polarssl/'
5529 * Certificate Request (CSR) generation with extensions (key_usage,
5531 * X509 Certificate writing with extensions (basic_constraints,
5535 the same host (Not to be confused with SNI!)
5551 (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
5557 * Support faulty X509 v1 certificates with extensions
5584 * Fix hardclock() (only used in the benchmarking program) with some
5588 platforms (found with Coverity Scan).
5610 * Stack buffer overflow if ctr_drbg_update() is called with too large
5621 issue with some servers when a zero-length extension was sent. (Reported
5642 with non-blocking I/O.
5652 * X.509 certificates with more than one AttributeTypeAndValue per
5665 * Work around a bug of the version of Clang shipped by Apple with Mavericks
5669 * Reject certificates with times not in UTC, per RFC 5280.
5686 * Fixed X.509 hostname comparison (with non-regular characters)
5697 * ssl_mail_client now terminates lines with CRLF, instead of LF
5699 * Fixed testing with out-of-source builds using cmake
5805 * Fixes for 64-bit compilation with MS Visual Studio
5831 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5833 interoperability can be switched on/off with the flag
5878 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
5916 * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
5935 * Handle encryption with private key and decryption with public key as per
5940 with carry rollover (found by Ruslan Yushchenko)
5982 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5996 with carry rollover
6005 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
6007 * Handle encryption with private key and decryption with public key as per
6040 * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
6067 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
6081 x509parse_crtfile(). With permissive parsing the parsing does not stop on
6093 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
6096 appended with '....' after first 28 octets
6098 * Fixed MS Visual C++ name clash with int64 in sha4.h
6104 * Expanded cipher layer with support for CFB128 and CTR mode
6136 is now done with a PLUS instead of an OR as error codes
6155 with random data (Fixed ticket #10)
6170 * Fixed proper handling of RSASSA-PSS verification with variable
6176 * Parsing PEM private keys encrypted with DES and AES
6230 with the generic cipher layer and is better naming
6354 one way hash functions with the PKCS#1 v1.5 signing and
6419 * Fixed a critical denial-of-service with X.509 cert. verification:
6449 * Fixed the make install target to comply with *BSD make
6453 * Replaced realloc with malloc in mpi_grow(), and set
6461 connections from being established with non-blocking I/O
6495 * Fixed a bug that caused valid packets with a payload
6503 * Rewrote the headers to generate the API docs with doxygen
6507 * Fixed another bug in ssl_parse_client_hello: clients with
6514 * Multiple fixes to enhance the compatibility with g++,
6519 * Updated timing.c for improved compatibility with i386