Lines Matching refs:padding

60    * Fix a timing side channel in the implementation of PKCS#7 padding
598    * mbedtls_pem_read_buffer() now performs a check on the padding data of
601      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
833      that the output after decryption may include CBC padding. Consider moving
837    * Improve padding calculations in CBC decryption, NIST key unwrapping and
840      time code, which could allow a padding oracle attack if the attacker
961      this call accidentally applied a default padding mode chosen at compile
1052      to read non-public fields for padding mode and hash id from
3197      either used both encrypt and decrypt key schedules, or which perform padding.
3393      decryption that could lead to a Bleichenbacher-style padding oracle
3695    * Fix decryption for zero length messages (which contain all padding) when a
4149      MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding.
4150      Note, this padding mode is not used by the TLS protocol. Found and fixed by
4507    * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
5193    * Very large records using more than 224 bytes of padding were incorrectly
5195    * Very large records using less padding could cause a buffer overread of up
5237    * Fix false reject in padding check in ssl_decrypt_buf() for CBC
5483    * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
5484      (ISO/IEC 7816-4) padding and zero padding in the cipher layer
5780    * Removed timing differences due to bad padding from
5787    * Debug messages about padding errors during SSL message decryption are
5795      ssl_decrypt_buf() due to badly formatted padding
5938    * Debug messages about padding errors during SSL message decryption are
5944    * Removed timing differences due to bad padding from
6383       Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
6461     * Fixed a bug in ssl_encrypt_buf (incorrect padding was