Lines Matching refs:a
12 * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
18 worked if the same secret (for example a HTTP Cookie) has been repeatedly
22 caused by a miscalculation (for SHA-384) in a countermeasure to the
25 * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
26 1.2, that allowed a local attacker, able to execute code on the local
28 plaintext of messages under some conditions by using a cache attack
31 the same secret (for example a HTTP Cookie) has been repeatedly sent over
35 * Add a counter-measure against a vulnerability in TLS ciphersuites based
36 on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
39 previous entry) by using a cache attack targeting the SSL input record
52 where the outgoing buffer can be fixed at a smaller size than the incoming
60 * Fix the key_app_writer example which was writing a leading zero byte which
62 * Fix compilation error on C++, because of a variable named new.
66 * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
68 * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
71 by Brendan Shanks. Part of a fix for #992.
83 * Fix decryption for zero length messages (which contain all padding) when a
85 such a message was wrongly reported as an invalid record and therefore lead
97 * Fail when receiving a TLS alert message with an invalid length, or invalid
100 when calling with a NULL salt and non-zero salt_len. Contributed by
125 * Fix for redefinition of _WIN32_WINNT to avoid overriding a definition
144 * Extend the platform module with a util component that contains
147 mbedtls_platform_zeroize(), which is a critical function from a security
166 * Fix an issue in the X.509 module which could lead to a buffer overread
170 would require a non DER-compliant certificate to be correctly signed by a
171 trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
175 overreads could be caused by receiving a malformed message at the point
179 * Fix a client-side bug in the validation of the server's ciphersuite choice
180 which could potentially lead to the client accepting a ciphersuite it didn't
181 offer or a ciphersuite that cannot be used with the TLS or DTLS version
196 applications to wait for a network context to become ready before reading
199 a check for whether more more data is pending to be processed in the
205 * Fix a spurious uninitialized variable warning in cmac.c. Fix independently
224 a file in pk_sign program. Found by kevlut in #1142.
233 function which leads to a potential one byte overread of the message
244 * Support cmake builds where Mbed TLS is a subproject. Fix contributed
271 * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution
292 that when both sides of a TLS connection negotiate the truncated
303 HMAC key of a single, uninterrupted connection (with no
307 * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
308 a crash on invalid input.
309 * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
327 * Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
349 * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
350 that could cause a key exchange to fail on valid data.
351 * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
352 could cause a key exchange to fail on valid data.
355 * Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
361 * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky.
364 a migration path for those depending on the library's ABI.
372 * Fix a heap corruption issue in the implementation of the truncated HMAC
374 sending a malicious application packet could be used to selectively corrupt
378 * Fix a buffer overflow in RSA-PSS verification when the hash was too large
385 64 KiB to the address of the SSL buffer and causing a wrap around.
386 * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by
395 * Add a provision to prevent compiler optimizations breaking the time
409 * Fix a potential heap buffer over-read in ALPN extension parsing
413 to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
418 * The selftest program can execute a subset of the tests based on command
421 when run on a heavily-loaded machine.
463 (e.g. signing with a public key).
501 If a call to one of the functions of the cryptographic primitive modules
517 * Add a check for invalid private parameters in mbedtls_ecdsa_sign().
544 structure. Do not assume that zeroizing a context is a correct way to
567 modules where the software implementation can be replaced by a hardware
590 by the user in a platform_alt.h file. These new functions are required in
591 some embedded environments to provide a means of initialising underlying
605 a fatal error in the verify callback.
608 * Add a check if iv_len is zero in GCM, and return an error if it is zero.
613 * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
619 * Fix a potential integer overflow in the version verification for DER
627 * Fix a potential integer overflow in the version verification for DER
630 * Fix a call to the libc function time() to call the platform abstraction
638 created a dependency on external libraries. #708
644 * Added a test script that can be hooked into git that verifies commits
655 back to the server or to a third party). Can be triggered remotely.
657 certificate verification. SHA-1 can be turned back on with a compile-time
661 * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
674 peer after sending a fatal alert to refuse a renegotiation attempt.
685 a negative MPI. Previously the result was always negative. Found by Guido
687 * Fix a numerical underflow leading to stack overflow in mpi_read_file()
703 * Add exponent blinding to RSA private operations as a countermeasure
714 * Add a new configuration option to 'mbedtls_ssl_config' to enable
741 some data loss when casting a size_t to an uint32_t value in the
744 * Fixed potential livelock during the parsing of a CRL in PEM format in
745 mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
752 * Fixed a bug that caused freeing a buffer that was allocated on the stack,
753 when verifying the validity of a key on secp224k1. This could be
754 triggered remotely for example with a maliciously constructed certificate
761 traversing a chain of trusted CA. The issue would cause both flags,
769 x509_csr.c that are reported when building mbed TLS with a config.h that
790 by missing calls to mbedtls_pem_free() in cases when a
794 Studio 2015 as well as the files themselves, to remove a build warning
796 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
829 * Added a script to print build environment info for diagnostic use in test
832 configure the maximum length of a file path that can be buffered when
834 * Added a configuration file config-no-entropy.h that configures the subset of
841 * Fix for platform time abstraction to avoid dependency issues where a build
850 a contribution from Tobias Tangemann. #541
853 * Fix conditional statement that would cause a 1 byte overread in
881 * Added support for a Yotta specific configuration file -
900 * Fix a potential integer underflow to buffer overread in
918 expired or not yet valid certificate was parsed before a valid certificate
922 * Fix issue that caused a hang when generating RSA keys of odd bitlength
925 * Fix issue that caused a crash if invalid curves were passed to
935 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
962 datagram if a single record in a datagram is unexpected, instead only
973 mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
986 * Added a key extraction callback to accees the master secret and key
997 * Fixed a bug causing some handshakes to fail due to some non-fatal alerts
1000 size/curve against the profile. Before that, there was no way to set a
1029 of TLS, but might be in other uses. On 32 bit machines, requires reading a
1031 require reading a string of close to or larger than 2^62 bytes.
1043 authentication against a crafted CA cert. Cannot be triggered remotely
1065 tries to continue the handshake after it failed (a misuse of the API).
1070 * Fix warning when using a 64bit platform. (found by embedthis) (#275)
1077 * When a client initiates a reconnect from the same port as a live
1082 MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new
1088 * Added support for yotta as a build system.
1095 * Fix bug when parsing a ServerHello without extensions (found by David
1097 * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
1124 * The PEM parser now accepts a trailing space at end of lines (#226).
1125 * It is now possible to #include a user-provided configuration file at the
1128 * When verifying a certificate chain, if an intermediate certificate is
1131 * Prepend a "thread identifier" to debug messages (issue pointed out by
1145 * Added a concept of X.509 cerificate verification profile that controls
1149 * Introduced a concept of presets for SSL security-relevant configuration
1232 * net_connect() and net_bind() have a new 'proto' argument to choose
1234 Their 'port' argument type is changed to a string.
1243 * Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom
1259 * md_init_ctx() is deprecated in favour of md_setup(), that adds a third
1263 * Renamed a few headers to include _internal in the name. Those headers are
1281 enabled in the default configuration, this is only noticeable if using a
1306 * DTLS no longer hard-depends on TIMING_C, but uses a callback interface
1311 after a successful net_accept().
1418 crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
1421 (TLS server is not affected if it doesn't ask for a client certificate)
1424 (TLS server is not affected if it doesn't ask for a client certificate)
1426 * Fix timing difference that could theoretically lead to a
1439 * Support for 1/n-1 record splitting, a countermeasure against BEAST.
1443 a compatible enough libc (eg uClibc).
1454 a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
1458 * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
1464 to a failed verification (found by Fredrik Axelsson).
1466 key exchanges enabled needs certificates. This fixes a possible interop
1467 issue with some servers when a zero-length extension was sent. (Reported
1469 * On a 0-length input, base64_encode() did not correctly set output length
1478 * debug_print_buf() now prints a text view in addition to hexadecimal.
1481 with a suitable (extended)KeyUsage or curve or no PSK set.
1493 (server is not affected if it doesn't ask for a client certificate)
1509 renegotation was pending, and on client when a HelloRequest was received.
1539 when a GCM suite was chosen.
1553 * Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
1583 * Very large records using less padding could cause a buffer overread of up
1585 * Restore ability to use a v1 cert as a CA if trusted locally. (This had
1587 * Restore ability to locally trust a self-signed cert that is not a proper
1651 * pk_verify() now returns a specific error code when the signature is valid
1682 * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys.
1690 * HMAC-DRBG as a separate module
1706 * Work around a bug of the version of Clang shipped by Apple with Mavericks
1738 * ssl_cache was leaking memory when reusing a timed out entry containing a
1740 * ssl_srv was leaking memory when client presented a timed out ticket
1741 containing a client certificate
1742 * ssl_init() was leaving a dirty pointer in ssl_context if malloc of
1838 * RSA blinding locks for a smaller amount of time
1889 * Moved all OID functionality to a separate module. RSA function
1890 prototypes for the RSA sign and verify functions changed as a result
1891 * Split up the GCM module into a starts/update/finish cycle
1898 * All RSA operations require a random generator for blinding purposes
1919 * Fix potential invalid memory read in the server, that allows a client to
1921 * Fix potential invalid memory read in certificate parsing, that allows a
1942 for a client certificate) (found using Codenomicon Defensics).
1944 (TLS server is not affected if it doesn't ask for a client certificate)
1947 (TLS server is not affected if it doesn't ask for a client certificate)
1950 (TLS server is not affected if it doesn't ask for a client certificate).
1963 to a failed verification (found by Fredrik Axelsson).
1965 key exchanges enabled needs certificates. This fixes a possible interop
1966 issue with some servers when a zero-length extension was sent. (Reported
1968 * On a 0-length input, base64_encode() did not correctly set output length
1980 (server is not affected if it doesn't ask for a client certificate).
1993 renegotation was pending, and on client when a HelloRequest was received.
2010 * Work around a bug of the version of Clang shipped by Apple with Mavericks
2028 when a GCM suite was chosen.
2049 * ssl_init() was leaving a dirty pointer in ssl_context if malloc of
2075 * Changed RSA blinding to a slower but thread-safe version
2078 * Fixed memory leak in RSA as a result of introduction of blinding
2087 * Fixed potential memory leak when failing to resume a session
2106 * Internally split up x509parse_key() into a (PEM) handler function
2295 * Fixed potential memory leak when failing to resume a session
2394 * Added ssl_set_max_version() to allow clients to offer a lower maximum
2395 supported version to a server to help buggy server implementations.
2400 * Added a generic entropy accumulator that provides support for adding
2410 * Added a separate CRL entry extension parsing function
2412 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
2415 * Loads of minimal changes to better support WINCE as a build target
2423 a consequence in library code and programs
2427 encountering a parse-error. Beware that the meaning of return values has
2434 * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
2438 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
2478 * mpi_init() and mpi_free() now only accept a single MPI
2481 is now done with a PLUS instead of an OR as error codes
2487 ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
2505 * x509parse_key() (and as a consequence x509parse_keyfile())
2507 before parsing a key or keyfile!
2544 * Fixed a possible Man-in-the-Middle attack on the
2619 in a function to allow easy future expansion
2630 * Added small fixes for compiler warnings on a Mac
2695 * Fixed a bug in mpi_gcd() so that it also works when both
2717 * Fixed compatibility of XTEA and Camellia on a 64-bit system
2726 * Fixed dangerous bug that can cause a heap overflow in
2737 * Fixed a bug in ssl_write() that caused the same payload to
2742 * Before freeing a certificate, properly zero out all cert. data
2749 * Fixed a memory leak in x509parse_crt() which was reported by Greg
2753 an INTEGER instead of a BOOLEAN for BasicConstraints::cA.
2764 * Fixed a critical denial-of-service with X.509 cert. verification:
2765 peer may cause xyssl to loop indefinitely by sending a certificate
2795 * Fixed a bug in mpi_read_binary() on 64-bit platforms
2797 * Fixed a long standing memory leak in mpi_is_prime()
2805 * Fixed a bug in ssl_tls.c which sometimes prevented SSL
2807 * Fixed a couple bugs in the VS6 and UNIX Makefiles
2812 * Added a few demonstration programs: md5sum, sha1sum,
2816 how to create a test PKI
2829 * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock
2840 * Fixed a bug that caused valid packets with a payload
2849 * Fixed a bug in ssl_encrypt_buf (incorrect padding was
2854 * Fixed a couple memory leak in x509_read.c
2861 * Fixed a bug in the CBC code, thanks to dowst; also,
2872 * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
2873 * Fixed a bug reported by Adrian Rüegsegger in x509_read_key
2874 * Fixed a bug reported by Torsten Lauter in ssl_read_record
2875 * Fixed a bug in rsa_check_privkey that would wrongly cause
2877 * Fixed a bug in mpi_is_prime that caused some primes to fail