xref: /hypervisor/lib/crypto/mbedtls/ChangeLog

74    * Added length checks to some TLS parsing functions. Found and fixed by
83    * Fix decryption for zero length messages (which contain all padding) when a
89    * Fix ssl_client2 example to send application data with 0-length content
97    * Fail when receiving a TLS alert message with an invalid length, or invalid
98      zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
173    * Fix the buffer length assertion in the ssl_parse_certificate_request()
232    * Fix buffer length assertions in the ssl_parse_certificate_request()
274      transmitting more than the required length, return an error. Raised by
342    * In test_suite_pk, pass valid parameters when testing for hash length
387      default enabled) maximum fragment length extension is disabled in the
602      callback) or chain length limitations.
732      The PK and RSA modules use different types for passing hash length and
832      configure the maximum length of a file path that can be buffered when
895    * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
954    * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
1053    * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
1134      length.
1201    * The following functions changed prototype to avoid an in-out length
1223      length parameter to include the terminating null byte for PEM input.
1437      length of an X.509 verification chain.
1452    * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
1467      issue with some servers when a zero-length extension was sent. (Reported
1469    * On a 0-length input, base64_encode() did not correctly set output length
1537    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
1546    * Blowfish in the cipher layer now supports variable length keys.
1599    * Fix base64_decode() to return and check length correctly (in case of
1627    * Improve interoperability by not writing extension length in ClientHello /
1652      but shorter than the supplied length.
1667    * The length of various ClientKeyExchange messages was not properly checked.
1683    * Potential buffer overwrite in pem_write_buffer() because of low length
1871    * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
1966      issue with some servers when a zero-length extension was sent. (Reported
1968    * On a 0-length input, base64_encode() did not correctly set output length
1975      length of an X.509 verification chain (default = 8).
2026    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
2057    * Improve interoperability by not writing extension length in ClientHello
2070    * Fix base64_decode() to return and check length correctly (in case of
2223    * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2350    * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2378    * Fixed generation of DHM parameters to correct length (found by Ruslan
2408    * Inceased maximum size of ASN1 length reads to 32-bits.
2413    * Changed the defined key-length of DES ciphers in cipher.h to include the
2438    * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
2439      smaller than the hash length. (Closes ticket #41)
2516      length salt lengths
2793     * Updated ssl_read() to skip 0-length records from OpenSSL

Last Index update Fri Aug 22 02:31:50 CST 2025