ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

13      mbedtls_cipher_finish(), but makes it easier to process invalid-padding
19      some plaintexts through a timing-based padding oracle attack.
103    * Fix a timing side channel in the implementation of PKCS#7 padding
641    * mbedtls_pem_read_buffer() now performs a check on the padding data of
644      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
876      that the output after decryption may include CBC padding. Consider moving
880    * Improve padding calculations in CBC decryption, NIST key unwrapping and
883      time code, which could allow a padding oracle attack if the attacker
1004      this call accidentally applied a default padding mode chosen at compile
1095      to read non-public fields for padding mode and hash id from
3240      either used both encrypt and decrypt key schedules, or which perform padding.
3436      decryption that could lead to a Bleichenbacher-style padding oracle
3738    * Fix decryption for zero length messages (which contain all padding) when a
4192      MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding.
4193      Note, this padding mode is not used by the TLS protocol. Found and fixed by
4550    * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
5236    * Very large records using more than 224 bytes of padding were incorrectly
5238    * Very large records using less padding could cause a buffer overread of up
5280    * Fix false reject in padding check in ssl_decrypt_buf() for CBC
5526    * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
5527      (ISO/IEC 7816-4) padding and zero padding in the cipher layer
5823    * Removed timing differences due to bad padding from
5830    * Debug messages about padding errors during SSL message decryption are
5838      ssl_decrypt_buf() due to badly formatted padding
5981    * Debug messages about padding errors during SSL message decryption are
5987    * Removed timing differences due to bad padding from
6426       Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
6504     * Fixed a bug in ssl_encrypt_buf (incorrect padding was