Lines Matching refs:from
7 client and server to extract additional shared symmetric keys from an SSL
14 less than 3 bytes. Reported by Linh Le and Ngan Nguyen from Calif.
18 to fail. Found and reported by Linh Le and Ngan Nguyen from Calif.
41 Found by Linh Le and Ngan Nguyen from Calif.
53 directly. Found by Linh Le and Ngan Nguyen from Calif.
58 Found and reported by Linh Le and Ngan Nguyen from Calif.
63 Reported by Ka Lok Wu from Stony Brook University and Doria Tang from
90 Ngan Nguyen from Calif.
105 complains from sanitizers or static analyzers.
245 * The following cipher suites are planned to be removed from (D)TLS 1.2
256 from the public API in Mbed TLS 4.0:
385 When migrating from Mbed TLS 2.x, if you had a custom config.h that
386 included check_config.h, remove this inclusion from the Mbed TLS 3.x
449 * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
489 key from a PK key.
549 An attacker was able to prevent an Mbed TLS server from establishing any
551 version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
631 mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h
647 * Rename directory containing Visual Studio files from visualc/VS2013 to
752 parameters from RFC 7919. This includes a built-in implementation based
763 * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
867 * Add missing md.h includes to some of the external programs from
900 example TF-M configuration in configs/ from building cleanly:
1002 Many thanks to Daniel Axtens, Nayna Jain, and Nick Child from IBM for
1015 * SHA224_C/SHA384_C are now independent from SHA384_C/SHA512_C respectively.
1052 to read non-public fields for padding mode and hash id from
1098 used on a shared secret from a key agreement since its input must be
1117 * Fix bug in conversion from OID to string in
1126 * Silence warnings from clang -Wdocumentation about empty \retval
1158 * Visual Studio: Rename the directory containing Visual Studio files from
1172 * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2.
1176 window was reduced from 6 to 2, a value that gives the best or close
1188 It is now no longer experimental, and implements the final version from
1200 when building the library from the development branch rather than
1201 from a release, the Python module jsonschema is now necessary, in
1223 hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
1224 - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
1228 Note that some modules are not able to use hashes from PSA yet, including
1237 though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
1301 turned off: if a shipped file was missing from the working directory,
1422 * Add accessor to obtain ciphersuite id from ssl context.
1423 * Add accessors to get members from ciphersuite info.
1425 * Add accessor to get the raw buffer pointer from a PEM context.
1431 * Add a function to access the protocol version from an SSL context in a
1440 * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within
1517 disabled on stdio files, to stop secrets loaded from said files being
1606 * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
1636 * Removed the prompt to exit from all windows build programs, which was causing
1641 from a template. In the future, the generation will support
1695 * Warn if errors from certain functions are ignored. This is currently
1710 * Add functions to get the IV and block size from cipher_info structs.
1728 * In psa_aead_generate_nonce(), do not read back from the output buffer.
1733 from the output buffer. This fixes a potential policy bypass or decryption
1773 * Move GCM's update output buffer length verification from PSA AEAD to
1834 from this module will be included in the build as required. Currently
1853 * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
1855 * Remove certs module from the API.
1858 users from using unsafe keys in production.
1888 returned from the public SSL API.
1909 This separates config option enabling the SHA384 algorithm from option
1912 This separates config option enabling the SHA224 algorithm from option
1918 * Remove the mode parameter from RSA operation functions. Signature and
2028 * Removed deprecated functions from hashing modules. Fixes #4280.
2041 primes based on RFC 5114 and RFC 3526 from library code and tests:
2233 * Disallow inputs of length different from the corresponding hash when
2250 in all the right places. Include it from crypto_platform.h, which is
2256 * Correct (change from 12 to 13 bytes) the value of the macro describing the
2268 differences from the default configuration, but had accidentally diverged.
2285 zero digits when operating from values constructed with an mpi_read
2289 build_info.h is intended to be included from C code directly, while
2291 change the build configuration, and should generally only be included from
2305 is also applied when loading a key from storage.
2358 nonce from entropy. Applications were affected if they called
2364 entropy from the nonce.
2402 not loaded from storage. This was fixed by #3996.
2416 now uses the getrandom syscall instead of reading from /dev/urandom.
2505 functions to erase sensitive data from memory. Reported by
2506 Johan Malmgren and Johan Uppman Bruce from Sectra.
2509 * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
2568 for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
2649 application data from memory. Reported in #689 by
2763 from psa_crypto.c. Fixes #3300.
2769 * Remove unused macros from MSVC projects. Reported in #3297 and fix
2885 read all the CRT parameters from the DER structure rather than
2928 MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
2956 * Key derivation inputs in the PSA API can now either come from a key object
2957 or from a buffer regardless of the step type.
2958 * The CTR_DRBG module can grab a nonce from the entropy source during the
3017 from modifying the client/server hello.
3050 * New implementation of X25519 (ECDH using Curve25519) from Project Everest
3055 Christoph Wintersteiger from Microsoft Research.
3094 PlatformToolset from the project configuration. Fixes #1430 reported by
3134 * Remove the crypto part of the library from Mbed TLS. The crypto
3221 * Return from various debugging routines immediately if the
3223 * Remove dead code from bignum.c in the default configuration.
3240 from the default list (enabled by default). See
3250 always return NULL, and removes the peer_cert field from the
3256 belongs to a different group from the first. Before, if an application
3259 an error or a meaningless output from mbedtls_ecdh_get_params. In the
3273 * Remove the mbedtls namespacing from the header file, to fix a "file not found"
3329 the return type from void to int to allow returning error codes when
3360 * Fix an unsafe bounds check when restoring an SSL session from a ticket.
3382 the PSA Crypto API from Mbed Crypto when additionally used with the
3387 from the cipher abstraction layer. Fixes #2198.
3615 CCM test vectors from RAM.
3657 * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
3660 * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
3687 Philippe Antoine from Catena cyber. #1663.
3759 mbedtls_platform_zeroize(), which is a critical function from a security
3761 against compilers to ensure that calls to it are not removed from the
3838 where data needs to be fetched from the underlying transport in order
3891 * Improve security of RSA key generation by including criteria from
3988 code execution. The issue could be triggered remotely from either side in
4024 * Change default choice of DHE parameters from untrustworthy RFC 5114
4041 The following functions from the ECDSA module can be replaced
4047 The following functions from the ECDH module can be replaced
4058 up RSA contexts from partial key material and having them completed to the
4060 contexts from keys consisting of N,D,E only, even if P,Q are needed for the
4066 The new functions change the return type from void to int to allow
4083 * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
4084 parameters from RFC 3526 or the newly added parameters from RFC 7919.
4089 from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
4111 * Fix unchecked return codes from AES, DES and 3DES functions in
4119 * Correct extraction of signature-type from PK instance in X.509 CRT and CSR
4175 mbedtls_md_info_t structure. Propagate errors from these functions
4191 triggered remotely from either side. (With authmode set to 'required'
4209 qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
4222 * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
4251 * Removed mutexes from ECP hardware accelerator code. Now all hardware
4266 (if the application layer sent data read from mbedtls_ssl_read()
4268 * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
4277 * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not
4278 valid C and they prevented the test from compiling in Visual Studio 2015
4285 * Fix SSLv3 renegotiation behaviour and stop processing data received from
4332 by the functions shown below. The new functions change the return type from
4339 * Remove macros from compat-1.3.h that correspond to deleted items from most
4341 * Fixed issue in the Threading module that prevented mutexes from
4361 * Removed MD5 from the allowed hash algorithms for CertificateRequest and
4419 * Update to CMAC test data, taken from - NIST Special Publication 800-38B -
4462 a contribution from Tobias Tangemann. #541
4483 where the limited hash choices prevented the client from sending its
4489 * Removed self-tests from the basic-built-test.sh script, and added all
4539 * Fix issue in ssl_fork_server which was preventing it from functioning. #429
4561 SLOTH attack on TLS 1.2 server authentication (other attacks from the
4602 * Self-signed certificates were not excluded from pathlen counting,
4647 accept PEM data from an untrusted source.
4689 * When a client initiates a reconnect from the same port as a live
4716 * Fix bug in Makefile that prevented from installing without building the
4752 * Ability to override core functions from MDx, SHAx, AES and DES modules
4790 changed from ssl_context to ssl_config.
4828 mbedtls_x509write_crt_set_key_usage() changed from int to unsigned.
4829 * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
4854 (use generic functions from md.h)
4857 * Removed test DHM parameters from the test certs module.
4860 * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3).
4881 * x509_crt.key_usage changed from unsigned char to unsigned int.
4882 * Removed r and s from ecdsa_context
4883 * Removed mode from des_context and des3_context
4887 * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
4895 * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
4911 API changes from the 1.4 preview branch
4990 * Fix warnings from mingw64 in timing.c (found by kxjklele).
5015 * Move from SHA-1 to SHA-256 in example programs using signatures
5017 * Remove some unneeded inclusions of header files from the standard library
5102 * Lowest common hash was selected from signature_algorithms extension in
5116 * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
5119 * Remove non-existent file from VS projects (found by Peter Vaskovic).
5162 from the default list (inactive by default).
5227 * Better support for the different Attribute Types from IETF PKIX (RFC 5280)
5319 that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
5329 * Check notBefore timestamp of certificates and CRLs from the future.
5397 * Split off curves from ecp.c into ecp_curves.c
5435 * Prevent possible alignment warnings on casting from char * to 'aligned *'
5543 * Fix warnings from mingw64 in timing.c (found by kxjklele).
5606 * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
5623 that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
5634 * Check notBefore timestamp of certificates and CRLs from the future.
5780 * Removed timing differences due to bad padding from
5862 * Added predefined DHM groups from RFC 5114
5882 * Moved from unsigned long to fixed width uint32_t types throughout code
5944 * Removed timing differences due to bad padding from
6023 * Separated the ASN.1 parsing code from the X.509 specific parsing code.
6098 POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
6136 printing of X509 CRLs from file
6164 * Added reading of DHM context from memory and file
6225 printing of X509 certificates from file or SSL
6405 * Updated ssl_read() to skip 0-length records from OpenSSL
6418 connections from being established with non-blocking I/O