Lines Matching refs:when
25 attacker running code on the same core (SSBleed), or when Trustzone-M is
34 * Fix potential CMake parallel build failure when building both the static
42 Previously the output was negative when B = 0 and A < 0, which was not
56 * Fix a buffer overread in mbedtls_lms_import_public_key() when the input is
63 * On x86/amd64 platforms, with some compilers, when the library is
67 AES to be used for some time when the program starts. This could allow
98 * Fix an integer underflow that could occur when parsing malformed PEM
111 * Fix failures of PSA multipart or interruptible operations when the
117 when using third-party drivers. This also affected one-shot MAC
121 This was sometimes not the case when an operation object is reused,
125 * Resolved build issue with C++ projects using Mbed TLS 3.6 when compiling
142 function reported the correct size in *olen when it returned
175 * MD module can now perform PSA dispatching also when
194 when deriving an ECC key pair.
197 or there was a cryptographic hardware failure when calculating the
211 * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
215 GCC-like compilers when building AES for generic x86_64 targets. This
221 limitations, notably a fragmented ClientHello is only supported when
230 implementatios if placed on the include path, eg. when building Mbed TLS
242 * Fix a buffer underrun in mbedtls_pk_write_key_der() when
246 when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
254 psa_key_derivation_output_key_ext() are no longer declared when compiling
261 !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
327 not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
331 mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
336 * With TLS 1.3, when a server enables optional authentication of the
349 * Fix TLS 1.3 client build and runtime when support for session tickets is
351 * Fix compilation error when memcpy() is a function-like macros. Fixes #8994.
354 * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
359 * Fix error handling when creating a key in a dynamic secure element
367 * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
368 * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
371 * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
376 when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
380 * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
382 * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
388 * Fix unintended performance regression when using short RSA public keys.
394 * Fix TLS connections failing when the handshake selects TLS 1.3
403 * Fix a memory leak that could occur when failing to process an RSA
406 mbedtls_ssl_conf_ca_cb() would stop working when connections were
412 working when connections were upgraded to TLS 1.3. Fixed by adding
415 use authmode none, and to carefully check the results when using optional
419 mbedtls_ssl_conf_verify(), would stop working when connections were
473 when compiling for Thumb (T32) or 32-bit Arm (A32).
484 AES when compiling for Thumb (T32) or 32-bit Arm (A32).
507 * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when
536 operations when hardware accelerated AES is not present. Improves
568 concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and
574 * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
591 when an SSL context is reset with the mbedtls_ssl_session_reset() API.
608 * Fix the build with CMake when Everest or P256-m is enabled through
610 * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
617 which mainly causes failures when building Windows target using
622 instead of seconds. That avoids rounding errors when computing the age of
633 acceleration detection when the libc headers do not define the
654 * Fix the restoration of the ALPN when loading serialized connection with
656 * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using
661 functions. Note that overlap is still only partially supported when
675 * mbedtls_pk_sign_ext() is now always available, not just when
684 saving code size when those are not otherwise enabled.
704 * Fix a failure to validate input when writing x509 extensions lengths which
723 of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
761 drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
891 small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was
895 * Fix a buffer overread when parsing short TLS application data records in
907 PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
915 in the ecdsa.h header file. There was a build warning when the
918 * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
920 * Fix missing PSA initialization in sample programs when
924 * Fix clang and armclang compilation error when targeting certain Arm
927 * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
930 * Fixed an issue that caused compile errors when using CMake and the IAR
934 * Fix a compilation failure in the constant_time module when
937 * Fix crypt_and_hash decryption fail when used with a stream cipher
941 when given a invalid name string if it did not contain '=' or ','.
946 * In TLS 1.3, fix handshake failure when a client in its ClientHello
953 * Fix a compilation error on some platforms when including mbedtls/ssl.h
955 * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
958 * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc()
960 * Fix compile failure due to empty enum in cipher_wrap.c, when building
964 * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
967 * Fix an issue when parsing an otherName subject alternative name into a
984 * Fix the build with CMake when Everest or P256-m is enabled through
988 * Enable Arm / Thumb bignum assembly for most Arm platforms when
990 * Enforce minimum RSA key size when generating a key
994 operations when MBEDTLS_PSA_CRYPTO_C is defined.
1059 This helps in saving code size when some of the above hashes are not
1063 * Use HOSTCC (if it is set) when compiling C code during generation of the
1064 configuration-independent files. This allows them to be generated when
1098 * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM
1099 is disabled, when compiling with GCC or Clang or a compatible compiler
1110 * Zeroize SSL cache entries when they are freed.
1111 * Fix a potential heap buffer overread in TLS 1.3 client-side when
1121 implementation as a fallback for when the assembly one cannot be used.
1130 * In TLS 1.3, when using a ticket for session resumption, tweak its age
1150 * Fix behavior of certain sample programs which could, when run with no
1163 * Reject OIDs with overlong-encoded subidentifiers when converting
1180 * Fix a compilation error when PSA Crypto is built with support for
1184 * Fix TLS 1.3 session resumption when the established pre-shared key is
1187 * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1218 To fix the performance degradation when using default values the
1220 to best results when tested on Cortex-M4 and Intel i7.
1243 when building the library from the development branch rather than
1266 hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
1267 - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
1268 when) MBEDTLS_MD5_C is disabled.
1280 though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
1296 The ticket mechanism is supported when the configuration option
1346 * Fix a long-standing build failure when building x86 PIC code with old
1349 * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
1353 when building with Xcode.
1354 * Fix handling of broken symlinks when loading certificates using
1363 * Fix a compilation error when using CMake with an IAR toolchain.
1365 * Fix a build error due to a missing prototype warning when
1372 * Fix bugs and missing dependencies when building and testing
1376 * Fix compilation errors when trying to build with
1395 bytes when parsing certificates containing a binary RFC 4108
1412 when both operands are 0 and the left operand is represented with 0 limbs.
1413 * Fix undefined behavior (typically harmless in practice) when some bignum
1420 * Fix a build error when compiling the bignum module for some Arm platforms.
1491 * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
1517 * Add support for the ARMv8 SHA-2 acceleration instructions when building
1563 * Fix a potential heap buffer overread in TLS 1.2 server-side when
1572 when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
1585 checked properly when validating the certificate. This could cause a
1595 * Fixed swap of client and server random bytes when exporting them alongside
1598 in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
1599 * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
1612 * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
1614 * Fix a race condition in out-of-source builds with CMake when generated data
1616 * Fix the library search path when building a shared library with CMake
1633 * Fix compilation error when using C++ Builder on Windows. Reported by
1635 * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
1640 * Fix a TLS 1.3 handshake failure when the peer Finished message has not
1641 been received yet when we first try to fetch it.
1647 * Fix string representation of DNs when outputting values containing commas
1651 when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
1654 * Fix a TLS 1.3 handshake failure when the first attempt to send the client
1662 * Fix a null pointer dereference when performing some operations on zero
1674 * Fix CMake windows host detection, especially when cross compiling.
1692 * Assume source files are in UTF-8 when using MSVC with CMake.
1693 * Fix runtime library install location when building with CMake and MinGW.
1702 targets work when MbedTLS is built as a subdirectory. This allows the
1767 value when verifying a MAC or AEAD tag. This hardens the library in
1788 The check was accidentally not performed when cross-compiling for Windows
1800 * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
1811 AEAD functions when ChachaPoly is disabled. Fixes #5065.
1821 * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
1825 that it produces when signing, as documented. Use the new algorithm
1835 * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
1839 * Fix the build when no SHA2 module is included. Fixes #4930.
1840 * Fix the build when only the bignum module is included. Fixes #4929.
1842 pkcs12 functions when the password is empty. Fix the documentation to
1865 to remember when writing tests, or test configurations. Fixes #4653.
1882 yet supported when cross-compiling.
1937 when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
2052 affect the maintained LTS branches, so when contributing changes please
2213 than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
2221 * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
2225 correctly by some bignum operations. This could happen when
2226 mbedtls_mpi_read_string() was called on "-0", or when
2229 * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
2231 * Fix an incorrect error code when parsing a PKCS#8 private key.
2241 nonetheless, resulting in undefined reference errors when building a
2244 when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
2246 * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
2258 (when the encrypt-then-MAC extension is not in use) with some ALT
2276 * Disallow inputs of length different from the corresponding hash when
2279 * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
2285 * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
2314 * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
2324 when their input has length 0. Note that this is an implementation detail
2328 zero digits when operating from values constructed with an mpi_read
2345 * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
2347 when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
2348 is also applied when loading a key from storage.
2379 * Automatic fallback to a software implementation of ECP when
2400 * Fix a security reduction in CTR_DRBG when the initial seeding obtained a
2404 length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
2409 * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
2421 mbedtls_net_recv_timeout() when given a file descriptor that is
2428 * Fix memory leak that occured when calling psa_close_key() on a
2432 * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
2437 twice is safe. This happens for RSA when some Mbed TLS library functions
2438 fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
2441 when MBEDTLS_THREADING_C is enabled on platforms where initializing
2456 the PSA code needed by a PSA crypto client when the PSA crypto
2521 size of the output buffer when used with NIST_KW. As a result, code using
2526 MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
2536 algorithm parameters (only the size) when comparing the signature in the
2542 certs as invalid when mbedtls did not.
2553 when the input has trailing garbage. Fixes #2512.
2558 * Fix rsa_prepare_blinding() to retry when the blinding value is not
2564 * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
2573 * Fix psa_generate_key() returning an error when asked to generate
2586 * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
2592 fails. Previously the key identifier was just ignored when creating a
2598 * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
2653 * Fix a vulnerability in the verification of X.509 certificates when
2655 mbedtls_x509_crt_verify()) with the actual certificate name: when the
2673 * In (D)TLS record decryption, when using a CBC ciphersuites without the
2705 * Fix build errors when the only enabled elliptic curves are Montgomery
2708 * Fix self-test failure when the only enabled short Weierstrass elliptic
2714 * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory
2778 mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
2780 mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
2785 * Fix issue in Lucky 13 counter-measure that could make it ineffective when
2811 when PRNG function fails. Contributed by Jonas Lejeune in #3318.
2823 * Update iv and len context pointers manually when reallocating buffers
2825 when receiving a connection with CID, when these fields were shifted
2844 * Use FindPython3 when cmake version >= 3.15.0
2847 dropped. As a consequence, the TLS handshake now fails when the output
2878 happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h
2886 DTLS client when parsing the Hello Verify Request message.
2894 * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
2921 * Fix potential memory overread when performing an ECDSA signature
2927 * To avoid a side channel vulnerability when parsing an RSA private key,
2952 * Fix a possible error code mangling in psa_mac_verify_finish() when
3018 * Fix an unused variable warning when compiling without DTLS.
3022 * Fix a buffer overflow in the PSA HMAC code when using a long key with an
3134 * Fix build failure when building with mingw on Windows by including
3184 * Fix build failure when building with mingw on Windows by including
3236 * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
3252 * Set the next sequence of the subject_alt_name to NULL when deleting
3307 when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
3314 * Fix returning the value 1 when mbedtls_ecdsa_genkey failed.
3322 * Fix false failure in all.sh when backup files exist in include/mbedtls
3324 * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
3326 * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
3354 * Ciphersuites based on 3DES now have the lowest priority by default when
3367 steps you have to take when enabling it.
3372 the return type from void to int to allow returning error codes when
3400 * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
3403 * Fix an unsafe bounds check when restoring an SSL session from a ticket.
3425 the PSA Crypto API from Mbed Crypto when additionally used with the
3429 * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
3464 * Fix overly strict DN comparison when looking for CRLs belonging to a
3465 particular CA. This previously led to ignoring CRLs when the CRL's issuer
3535 * Fix failure in hmac_drbg in the benchmark sample application, when
3542 * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
3569 * Remember the string format of X.509 DN attributes when replicating
3588 This allows users to configure such an implementation at compile time when
3611 handshake when flights do not get through (RFC 6347, section 4.1.1.1,
3639 with TLS versions 1.1 and earlier when the server requested authentication
3653 * Copy headers preserving timestamps when doing a "make install".
3719 * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
3727 * Fix compilation error when MBEDTLS_ARC4_C is disabled and
3738 * Fix decryption for zero length messages (which contain all padding) when a
3745 when the request_size argument is set to 0 as stated in the documentation.
3752 * Fail when receiving a TLS alert message with an invalid length, or invalid
3753 zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
3755 when calling with a NULL salt and non-zero salt_len. Contributed by
3831 where an optional signature algorithms list is expected when the signature
3856 This function is necessary to determine when it is safe to idle on the
3878 * Fix overriding and ignoring return values when parsing and writing to
3883 returned when unexpected messages were being discarded, ignoring that
3885 in the internal buffers; these cases led to deadlocks when event-driven
3911 * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
3925 environment variable when using the project makefiles.
3928 * In the SSL module, when f_send, f_recv or f_recv_timeout report
3936 * Declare functions in header files even when an alternative implementation
3947 that when both sides of a TLS connection negotiate the truncated
3971 algorithms family when encrypting private keys using PKCS#5 v2.0.
3986 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
3994 * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
3997 * In test_suite_pk, pass valid parameters when testing for hash length
4002 * Fix X509 CRT parsing that would potentially accept an invalid tag when
4021 * Use (void) when defining functions with no parameters. Contributed by
4033 * Fix a buffer overflow in RSA-PSS verification when the hash was too large
4037 * Fix buffer overflow in RSA-PSS verification when the unmasked data is all
4039 * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
4076 when run on a heavily-loaded machine.
4110 returning error codes when using MBEDTLS_<MODULE>_ALT.
4138 * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
4141 * Parse signature algorithm extension when renegotiating. Previously,
4149 * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
4178 * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
4181 * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1.
4230 * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
4231 mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
4233 (default: 8) intermediates, even when it was not trusted. This could be
4273 compilation when using ARM Compiler 6.
4326 when sending the alert failed. The fix makes sure not to hide the error
4339 * Fix incorrect sign computation in modular exponentiation when the base is
4376 void to int to allow returning error codes when using MBEDTLS_AES_ALT,
4396 some data loss when casting a size_t to an unsigned int value in the
4408 when verifying the validity of a key on secp224k1. This could be
4415 * Fix output certificate verification flags set by x509_crt_verify_top() when
4418 set when the verification conditions are not met regardless of the cause.
4424 x509_csr.c that are reported when building mbed TLS with a config.h that
4429 renegotiation routines at unexpected times when the protocol is DTLS. Found
4431 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
4445 by missing calls to mbedtls_pem_free() in cases when a
4451 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
4453 * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
4475 mbedtls_x509write_csr_der() when the signature is copied to the buffer
4487 configure the maximum length of a file path that can be buffered when
4501 when GCM is used. Found by udf2457. #441
4506 * Fixed cert_app.c sample program for debug output and for use when no root
4521 * Fix potential byte overread when verifying malformed SERVER_HELLO in
4523 * Fix check for validity of date when parsing in mbedtls_x509_get_time().
4564 * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
4570 * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and
4577 * Fix issue that caused a hang when generating RSA keys of odd bitlength
4588 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
4600 * Fix potential double free when mbedtls_asn1_store_named_data() fails to
4611 when the first intermediate certificate has pathLenConstraint=0. Found by
4627 * Fix potential heap corruption on Windows when
4666 * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
4680 mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
4691 * Fix possible heap buffer overflow in base64_encoded() when the input
4705 * Fix macroization of 'inline' keyword when building as C++. (#279)
4719 * Fix possible client-side NULL pointer dereference (read) when the client
4725 * Fix warning when using a 64bit platform. (found by embedthis) (#275)
4747 * Fix segfault in the benchmark program when benchmarking DHM.
4750 * Fix bug when parsing a ServerHello without extensions (found by David
4761 * Fix missing -static-libgcc when building shared libraries for Windows
4763 * Fix link error when building shared libraries for Windows with make.
4764 * Fix error when loading libmbedtls.so.
4774 * Fix unused function warning when using MBEDTLS_MDx_ALT or
5011 * Fix bug in entropy.c when THREADING_C is also enabled that caused
5013 * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
5015 * Fix bug in ssl_mail_client when password is longer that username (found
5019 * mpi_size() and mpi_msb() would segfault when called on an mpi that is
5024 * Fix potential NULL pointer dereference (not trigerrable remotely) when
5037 * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
5068 * NULL pointer dereference in the buffer-based allocator when the buffer is
5096 for pre-1.2 clients when multiple certificates are available.
5113 * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
5122 issue with some servers when a zero-length extension was sent. (Reported
5130 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
5134 * A specific error is now returned when there are ciphersuites in common
5147 * Remotely-triggerable memory leak when parsing some X.509 certificates
5150 * Remotely-triggerable memory leak when parsing crafted ClientHello
5160 * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
5164 renegotation was pending, and on client when a HelloRequest was received.
5166 write callback returned WANT_WRITE when requesting renegotiation.
5194 when a GCM suite was chosen.
5233 * Very small records were incorrectly rejected when truncated HMAC was in
5283 ServerHello when no extensions are present (found by Matthew Page)
5287 big-endian platform when size was not an integer number of limbs
5289 * Some parts of ssl_tls.c were compiled even when the module was disabled.
5306 * pk_verify() now returns a specific error code when the signature is valid
5324 * Potential memory leak in mpi_exp_mod() when error occurs during
5331 * Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by
5370 "triple handshake" attack when authentication mode is 'optional' (the
5371 attack was already impossible when authentication is required).
5389 * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
5392 send() would return an EAGAIN error when sending the ticket.
5393 * ssl_cache was leaking memory when reusing a timed out entry containing a
5395 * ssl_srv was leaking memory when client presented a timed out ticket
5604 * Fix buffer overread of size 1 when parsing crafted X.509 certificates
5621 issue with some servers when a zero-length extension was sent. (Reported
5627 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
5634 * Remotely-triggerable memory leak when parsing some X.509 certificates
5648 renegotation was pending, and on client when a HelloRequest was received.
5675 "triple handshake" attack when authentication mode is optional (the
5676 attack was already impossible when authentication is required).
5683 when a GCM suite was chosen.
5710 * Potential memory leak in mpi_exp_mod() when error occurs during
5713 when no extensions are present (found by Matthew Page)
5717 big-endian platform when size was not an integer number of limbs
5742 * Fixed potential memory leak when failing to resume a session
5813 * Added support for custom labels when using rsa_rsaes_oaep_encrypt()
5815 * Re-added handling for SSLv2 Client Hello when the define
5847 * Memory leak when using RSA_PKCS_V21 operations fixed
5950 * Fixed potential memory leak when failing to resume a session
6006 * Memory leak when using RSA_PKCS_V21 operations fixed
6112 * Undid faulty bug fix in ssl_write() when flushing old data (Ticket
6119 enable and disable individual modes when needed
6168 * Fixed bug in ssl_write() when flushing old data (Fixed ticket
6189 * Support more exotic OID's when parsing certificates
6191 * Support more exotic name representations when parsing
6311 this is mind when checking for errors.
6350 * Fixed a bug in mpi_gcd() so that it also works when both
6393 be sent twice in non-blocking mode when send returns EAGAIN
6401 * Correctly handle the case in padlock_xcryptcbc() when input or
6411 * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty