Lines Matching refs:to
13 in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
22 caused by a miscalculation (for SHA-384) in a countermeasure to the
25 * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
26 1.2, that allowed a local attacker, able to execute code on the local
27 machine as well as manipulate network packets, to partially recover the
36 on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
38 to partially recover the plaintext of messages under some conditions (see
66 * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
74 * Added length checks to some TLS parsing functions. Found and fixed by
86 to the connection being terminated. Seen most often with OpenSSL using
89 * Fix ssl_client2 example to send application data with 0-length content
90 when the request_size argument is set to 0 as stated in the documentation.
99 * Change the default behaviour of mbedtls_hkdf_extract() to return an error
102 * Change the shebang line in Perl scripts to look up perl in the PATH.
111 * Add additional block mode, OFB (Output Feedback), to the AES module and
118 * In TLS servers, support offloading private key operations to an external
119 cryptoprocessor. Private key operations can be asynchronous to allow
123 * Fix the cert_write example to handle certificates signed with elliptic
125 * Fix for redefinition of _WIN32_WINNT to avoid overriding a definition
132 * Changed CMake defaults for IAR to treat all compiler warnings as errors.
133 * Changed the Clang parameters used in the CMake build files to work for
148 point of view. mbedtls_platform_zeroize() needs to be regularly tested
149 against compilers to ensure that calls to it are not removed from the
151 Therefore, mbedtls_platform_zeroize() is moved to the platform module to
156 build to fail. Found by zv-io. Fixes #1651.
166 * Fix an issue in the X.509 module which could lead to a buffer overread
167 during certificate validation. Additionally, the issue could also lead to
168 unnecessary callback checks being made or to some validation checks to be
170 would require a non DER-compliant certificate to be correctly signed by a
174 function which led to an arbitrary overread of the message buffer. The
180 which could potentially lead to the client accepting a ciphersuite it didn't
182 chosen by the server. This could lead to corruption of internal data
186 * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES
195 * Extend the public API with the function of mbedtls_net_poll() to allow user
196 applications to wait for a network context to become ready before reading
198 * Add function mbedtls_ssl_check_pending() to the public API to allow
199 a check for whether more more data is pending to be processed in the
201 This function is necessary to determine when it is safe to idle on the
207 * Add missing dependencies in test suites that led to build failures
218 unable to parse keys which had only the optional parameters field of the
223 * Fix overriding and ignoring return values when parsing and writing to
225 * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
226 where data needs to be fetched from the underlying transport in order
227 to make progress. Previously, this error code was also occasionally
229 further messages could potentially already be pending to be processed
230 in the internal buffers; these cases led to deadlocks when event-driven
233 function which leads to a potential one byte overread of the message
235 * Fix invalid buffer sizes passed to zlib during record compression and
237 * Fix the soversion of libmbedcrypto to match the soversion of the
239 version 2.7.1 to reflect breaking changes in that release, but the
266 * Add an option in the Makefile to support ar utilities where the operation
284 not need to copy the declarations, and ensures that they will have the
291 * The truncated HMAC extension now conforms to RFC 6066. This means
305 * Verify results of RSA private key operations to defend
311 * Fix CRL parsing to reject CRLs containing unsupported critical
329 * Fix test_suite_pk to work on 64-bit ILP32 systems. #849
330 * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
350 that could cause a key exchange to fail on valid data.
352 could cause a key exchange to fail on valid data.
363 * MD functions deprecated in 2.7.0 are no longer inline, to provide
374 sending a malicious application packet could be used to selectively corrupt
375 6 bytes on the peer's heap, which could potentially lead to crash or remote
379 for the key size, which could potentially lead to crash or remote code
385 64 KiB to the address of the SSL buffer and causing a wrap around.
388 config and the application data buffer passed to mbedtls_ssl_write
395 * Add a provision to prevent compiler optimizations breaking the time
399 * Set PEM buffer to zero before freeing it, to avoid decoded private keys
400 being leaked to memory after release.
401 * Fix dhm_check_range() failing to detect trivial subgroups and potentially
403 * Make mbedtls_mpi_read_binary() constant-time with respect to the input
405 sake of saving memory, but potentially leading to slight timing
413 to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
420 * New unit tests for timing. Improve the self-test to be more robust
440 * Add mechanism to provide alternative implementation of the DHM module.
446 up RSA contexts from partial key material and having them completed to the
447 needs of the implementation automatically. This allows to setup private RSA
450 * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
454 The new functions change the return type from void to int32_t to allow
465 Users are advised to use the extended RSA API instead.
481 * Fix ssl_parse_record_header() to silently discard invalid DTLS records
489 * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
501 If a call to one of the functions of the cryptographic primitive modules
503 mbedtls_pem_read_buffer() causing it to return invalid values. Found by
505 * Include configuration file in md.h, to fix compilation warnings.
508 writing routines that prevented these functions to work with alternative
513 * Fix net_would_block() to avoid modification by errno through fcntl() call.
519 * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
530 RSA test suite where the failure of CTR DRBG initialization lead to
540 * Fix the entropy.c module to not call mbedtls_sha256_starts() or
542 * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
544 structure. Do not assume that zeroizing a context is a correct way to
551 * Extend cert_write example program by options to set the certificate version
561 * Update all internal usage of deprecated message digest functions to the
575 * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
579 triggered remotely from either side. (With authmode set to 'required'
587 and the context struct mbedtls_platform_context to perform
589 MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
591 some embedded environments to provide a means of initialising underlying
595 * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
600 * Certificate verification functions now set flags to -1 in case the full
601 chain was not verified due to an internal error (including in the verify
603 * With authmode set to optional, the TLS handshake is now aborted if the
604 verification of the peer's certificate failed due to an overlong chain or
611 to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
615 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
617 * Fix conditional preprocessor directives in bignum.h to enable 64-bit
621 to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
625 to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
629 constructed certificates to bypass the certificate verification check.
630 * Fix a call to the libc function time() to call the platform abstraction
636 * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
640 accelerator code in the library leaves concurrency handling to the
643 config-no-entropy.h to reduce the RAM footprint.
655 back to the server or to a third party). Can be triggered remotely.
659 * Fixed offset in FALLBACK_SCSV parsing that caused TLS server to fail to
661 * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
671 when sending the alert failed. The fix makes sure not to hide the error
674 peer after sending a fatal alert to refuse a renegotiation attempt.
675 Previous behaviour was to keep processing data even after the alert has
679 * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
680 fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
682 * Fix bug that caused the modular inversion function to accept the invalid
683 modulus 1 and therefore to hang. Found by blaufish. #641.
687 * Fix a numerical underflow leading to stack overflow in mpi_read_file()
691 * Send fatal alerts in more cases. The previous behaviour was to skip
693 * Clarify ECDSA documentation and improve the sample code to avoid
703 * Add exponent blinding to RSA private operations as a countermeasure
711 This involved exposing parts of the internal interface to enable
714 * Add a new configuration option to 'mbedtls_ssl_config' to enable
721 void to int32_t to allow returning error codes when using MBEDTLS_AES_ALT,
727 * Remove macros from compat-1.3.h that correspond to deleted items from most
733 without these checks the type cast could lead to data loss. Found by Guido
739 * Add checks to prevent signature forgeries for very large messages while
741 some data loss when casting a size_t to an uint32_t value in the
750 CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
755 and potentially could lead to remote code execution on some platforms.
762 MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be
765 * Fix the redefinition of macro ssl_set_bio to an undefined symbol
777 the input string in PEM format to extract the different components. Found
780 cause buffer bound checks to be bypassed. Found by Eyal Itkin.
782 cause buffer bound checks to be bypassed. Found by Eyal Itkin.
784 cause buffer bound checks to be bypassed. Found by Eyal Itkin.
786 cause buffer bound checks to be bypassed. Found by Eyal Itkin.
790 by missing calls to mbedtls_pem_free() in cases when a
793 * Fixed the templates used to generate project and solution files for Visual
794 Studio 2015 as well as the files themselves, to remove a build warning
799 number to write in hexadecimal is negative and requires an odd number of
807 * Update to CMAC test data, taken from - NIST Special Publication 800-38B -
815 with RFC-5116 and could lead to session key recovery in very long TLS
820 mbedtls_x509write_csr_der() when the signature is copied to the buffer
827 * Added hardware entropy selftest to verify that the hardware entropy source
829 * Added a script to print build environment info for diagnostic use in test
831 * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
837 to configure the minimum number of bytes for entropy sources using the
841 * Fix for platform time abstraction to avoid dependency issues where a build
843 configuration consistency checks to check_config.h
844 * Fix dependency issue in Makefile to allow parallel builds.
855 * Fixed pthread implementation to avoid unintended double initialisations
860 * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
878 missing self-tests to the test suites, to ensure self-tests are only
880 * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len().
885 * Renamed source file library/net.c to library/net_sockets.c to avoid
888 deprecated, and its contents moved to net_sockets.h.
889 * Changed the strategy for X.509 certificate parsing and validation, to no
897 * Fix potential integer overflow to buffer overflow in
900 * Fix a potential integer underflow to buffer overread in
912 * Fix potential build failures related to the 'apidoc' target, introduced
917 * Fix an issue that caused valid certificates to be rejected whenever an
921 buffer after DER certificates to be included in the raw representation.
925 * Fix issue that caused a crash if invalid curves were passed to
930 * Fix unchecked calls to mmbedtls_md_setup(). Fix by Brian Murray. #502
935 the need to pass -fomit-frame-pointer to avoid a build error with -O0.
945 * Fix potential double free when mbedtls_asn1_store_named_data() fails to
948 * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
950 SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
955 * Fix bug in certificate validation that caused valid chains to be rejected
986 * Added a key extraction callback to accees the master secret and key
997 * Fixed a bug causing some handshakes to fail due to some non-fatal alerts
1000 size/curve against the profile. Before that, there was no way to set a
1003 * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
1007 certificates to be rejected by some applications, including OS X
1017 * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
1030 string of close to or larger than 1GB to exploit; on 64 bit machines, would
1031 require reading a string of close to or larger than 2^62 bytes.
1044 unless you allow third parties to pick trust CAs for client auth.
1053 * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
1065 tries to continue the handshake after it failed (a misuse of the API).
1072 caused some handshakes to fail.
1075 * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow
1082 MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new
1089 * Primary open source license changed to Apache 2.0 license.
1097 * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
1099 * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be
1102 * Fix bug in Makefile that caused programs not to be installed correctly
1110 * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
1113 result trying to unlock an unlocked mutex on invalid input (found by
1125 * It is now possible to #include a user-provided configuration file at the
1131 * Prepend a "thread identifier" to debug messages (issue pointed out by
1133 * Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
1140 * Ability to override core functions from MDx, SHAx, AES and DES modules
1142 ability to override the whole module.
1143 * New server-side implementation of session tickets that rotate keys to
1154 You now need to link to all of them if you use TLS for example.
1155 * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
1156 Some names have been further changed to make them more consistent.
1172 Note that for mbedtls_ssl_setup(), you need to be done setting up the
1176 ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()
1178 changed from ssl_context to ssl_config.
1191 place of mbedtls_ssl_conf_session_tickets() to enable session tickets.
1199 mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated)
1200 mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated)
1201 * The following functions changed prototype to avoid an in-out length
1208 changed type to "mbedtls_net_context *".
1216 mbedtls_x509write_crt_set_key_usage() changed from int32_t to unsigned.
1217 * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
1219 * Test certificates in certs.c are no longer guaranteed to be nul-terminated
1223 length parameter to include the terminating null byte for PEM input.
1224 * Signature of mpi_mul_mpi() changed to make the last argument unsigned
1227 (Thanks to Mansour Moufid for helping with the replacement.)
1228 * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION
1232 * net_connect() and net_bind() have a new 'proto' argument to choose
1234 Their 'port' argument type is changed to a string.
1248 * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3).
1252 been removed (compiler is required to support 32-bit operations).
1263 * Renamed a few headers to include _internal in the name. Those headers are
1264 not supposed to be included by users.
1268 * Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
1269 * x509_crt.key_usage changed from uint8_t to uint32_t.
1283 * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
1297 * Compiler is required to support C99 types such as long long and uint32_t.
1310 * With UDP sockets, it is no longer necessary to call net_bind() again
1316 * Reduced ROM fooprint of SHA-256 and added an option to reduce it even
1322 * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
1331 * Add x509_crt_verify_info() to display certificate verification results.
1338 * Add an option to use macros instead of function pointers in the platform
1341 cross-compilation easier (thanks to Alon Bar-Lev).
1348 * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
1350 * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
1355 * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
1357 entropy_free() to crash (thanks to Rafał Przywara).
1372 * Fix bug in pk_parse_key() that caused some valid private EC keys to be
1388 * Fix bug related to ssl_set_curves(): the client didn't check that the
1403 * Move from SHA-1 to SHA-256 in example programs using signatures
1407 * Change #include lines in test files to use double quotes instead of angle
1426 * Fix timing difference that could theoretically lead to a
1434 * Add function pk_check_pair() to test if public and private keys match.
1436 * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
1444 * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
1462 * Fix assembly selection for MIPS64 (thanks to James Cowgill).
1464 to a failed verification (found by Fredrik Axelsson).
1473 * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
1474 switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
1478 * debug_print_buf() now prints a text view in addition to hexadecimal.
1480 but none of them is usable due to external factors such as no certificate
1482 * It is now possible to disable negotiation of truncated HMAC server-side
1522 standard defining how to use SHA-2 with SSL 3.0).
1524 ambiguous on how to encode some packets with SSL 3.0).
1529 * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
1538 It was possible to crash the server (and client) using crafted messages
1542 * Add CCM module and cipher mode to Cipher Layer
1549 * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
1553 * Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
1554 ciphersuites to use and save some memory if the list is small.
1559 * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
1571 * Stricter check on SSL ClientHello internal sizes compared to actual packet
1584 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
1585 * Restore ability to use a v1 cert as a CA if trusted locally. (This had
1587 * Restore ability to locally trust a self-signed cert that is not a proper
1594 caused some handshakes to fail.
1596 exchange that caused some handshakes to fail with other implementations.
1599 * Fix base64_decode() to return and check length correctly (in case of
1601 * Fix mpi_write_string() to write "00" as hex output for empty MPI (found
1606 * debug_set_log_mode() added to determine raw or full logging
1607 * debug_set_threshold() added to ignore messages over threshold level
1608 * version_check_feature() added to check for compile-time options at
1629 * rsa_check_pubkey() now allows an E up to N
1630 * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
1643 * Add option 'use_dev_random' to gen_key application
1653 * Use UTC time to check certificate validity.
1678 * oid_get_numeric_string() used to truncate the output without returning an
1686 stored in RAM due to missing 'const's (found by Gergely Budai).
1691 * Option to set the Curve preference order (disabled by default)
1693 * Ability to provide alternate timing implementation
1694 * Ability to force the entropy module to use SHA-256 as its basis
1705 * Improvements to the CMake build system, contributed by Julian Ospald.
1708 * Revamped the compat.sh interoperatibility script to include support for
1711 * Improvements to tests/Makefile, contributed by Oden Eriksson.
1714 * Forbid change of server certificate during renegotiation to prevent
1724 * ecp_gen_keypair() does more tries to prevent failure because of
1747 * x509_get_current_time() uses localtime_r() to prevent thread issues
1771 * Support for adhering to client ciphersuite order preference
1810 * PK tests added to test framework
1823 * Prevent possible alignment warnings on casting from char * to 'aligned *'
1824 * Misc fixes and additions to dependency checks
1828 * Defines to handle UEFI environment under MSVC
1861 * Ability to specify allowed ciphersuites based on the protocol version.
1880 the same host (Not to be confused with SNI!)
1883 * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
1887 * Internals for SSL module adapted to have separate IV pointer that is
1889 * Moved all OID functionality to a separate module. RSA function
1894 * Ability to disable server_name extension (RFC 6066)
1895 * Renamed error_strerror() to the less conflicting polarssl_strerror()
1896 (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC)
1897 * SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
1912 * RSA blinding on CRT operations to counter timing attacks
1919 * Fix potential invalid memory read in the server, that allows a client to
1922 client to crash the server remotely if client authentication is enabled
1936 Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
1961 * Fix assembly selection for MIPS64 (thanks to James Cowgill).
1963 to a failed verification (found by Fredrik Axelsson).
1974 * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
2009 * Improvements to the CMake build system, contributed by Julian Ospald.
2012 * Improvements to tests/Makefile, contributed by Oden Eriksson.
2013 * Use UTC time to check certificate validity.
2015 * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
2019 * Forbid change of server certificate during renegotiation to prevent
2027 It was possible to crash the server (and client) using crafted messages
2053 * x509_get_current_time() uses localtime_r() to prevent thread issues
2059 * rsa_check_pubkey() now allows an E up to N
2060 * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2064 * Stricter check on SSL ClientHello internal sizes compared to actual packet
2070 * Fix base64_decode() to return and check length correctly (in case of
2075 * Changed RSA blinding to a slower but thread-safe version
2087 * Fixed potential memory leak when failing to resume a session
2094 * RSA blinding on CRT operations to counter timing attacks
2101 * Centralized module option values in config.h to allow user-defined
2109 * Added mechanism to provide alternative implementations for all
2125 * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
2130 * A possible DoS during the SSL Handshake, due to faulty parsing of
2135 * Ability to specify allowed ciphersuites based on the protocol version.
2139 * Test suites made smaller to accommodate Raspberry Pi
2143 * GCM adapted to support sizes > 2^29
2148 * Corrected GCM counter incrementation to use only 32-bits instead of
2156 rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
2168 * Removed timing differences due to bad padding from
2174 * Allow enabling of dummy error_strerror() to support some use-cases
2183 ssl_decrypt_buf() due to badly formatted padding
2187 * More advanced SSL ciphersuite representation and moved to more dynamic
2189 * Added ssl_handshake_step() to allow single stepping the handshake process
2203 * Added p_hw_data to ssl_context for context specific hardware acceleration
2219 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
2239 * Added GCM suites to TLS 1.2 (RFC 5288)
2253 * Added option to add minimum accepted SSL/TLS protocol version
2260 * Moved out_msg to out_hdr + 32 to support hardware acceleration
2261 * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
2262 to not match CN if subjectAltName extension is present (Closes ticket #56)
2263 * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
2264 POLARSSL_MODE_CFB, to also handle different block size CFB modes.
2270 * Moved from uint64_t to fixed width uint32_t types throughout code
2271 * Renamed ciphersuites naming scheme to IANA reserved names
2284 * mpi_add_abs() now correctly handles adding short numbers to long numbers
2295 * Fixed potential memory leak when failing to resume a session
2317 * A possible DoS during the SSL Handshake, due to faulty parsing of
2325 * Allow enabling of dummy error_strerror() to support some use-cases
2332 * Removed timing differences due to bad padding from
2340 * mpi_add_abs() now correctly handles adding short numbers to long numbers
2348 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
2368 * Fixed random MPI generation to not generate more size than requested.
2378 * Fixed generation of DHM parameters to correct length (found by Ruslan
2391 * Added ssl_session_reset() to allow better multi-connection pools of
2392 SSL contexts without needing to set all non-connection-specific
2393 data and pointers again. Adapted ssl_server to use this functionality.
2394 * Added ssl_set_max_version() to allow clients to offer a lower maximum
2395 supported version to a server to help buggy server implementations.
2406 * Fixed rsa_encrypt and rsa_decrypt examples to use public key for
2408 * Inceased maximum size of ASN1 length reads to 32-bits.
2409 * Added an EXPLICIT tag number parameter to x509_get_ext()
2413 * Changed the defined key-length of DES ciphers in cipher.h to include the
2414 parity bits, to prevent mistakes in copying data. (Closes ticket #33)
2415 * Loads of minimal changes to better support WINCE as a build target
2416 (Credits go to Marco Lizza)
2417 * Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
2421 * Changed the used random function pointer to more flexible format. Renamed
2422 havege_rand() to havege_random() to prevent mistakes. Lots of changes as
2424 * Moved all examples programs to use the new entropy and CTR_DRBG
2425 * Added permissive certificate parsing to x509parse_crt() and
2436 * Allowed X509 key usage parsing to accept 4 byte values instead of the
2462 * Added additional Cipher Block Modes to symmetric ciphers
2463 (AES CTR, Camellia CTR, XTEA CBC) including the option to
2467 * A error_strerror function() has been added to translate between
2477 t_int and t_dbl to t_uint and t_udbl in the process
2523 * Added crl_app program to allow easy reading and
2527 * Parsing of PEM files moved to separate module (Fixes
2528 ticket #13). Also possible to remove PEM support for
2540 to negotiate anonymous connection (Fixes ticket #12,
2545 Diffie Hellman key exchange (thanks to Larry Highsmith,
2553 * Improved X509 certificate parsing to include extended
2558 * Improvements to support integration in other
2564 verification to allow external blacklisting
2565 + Additional example programs to show usage
2570 * x509parse_time_expired() checks time in addition to
2573 of ssl_session have been renamed to ciphersuites and
2589 Now using random fuction provided to function and
2592 * Some SSL defines were renamed in order to avoid
2609 * Added option parsing for host and port selection to
2612 * Added cert_app program to allow easy reading and
2619 in a function to allow easy future expansion
2620 * Changed symmetric cipher functions to
2622 * Changed ARC4 to use separate input/output buffer
2627 * Fixed bug resulting in failure to send the last
2648 * Added CMake makefiles as alternative to regular Makefiles.
2657 * RSA_RAW renamed to SIG_RSA_RAW for consistency.
2660 to indicate invalid key lengths.
2696 input numbers are even and added testcases to check
2715 * Added support for CRL revocation to x509parse_verify() and
2721 * Migrated XySSL to PolarSSL
2737 * Fixed a bug in ssl_write() that caused the same payload to
2747 ouput data is non-aligned by falling back to the software
2750 Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
2752 * Fixed x509_get_ext() to accept some rare certificates which have
2758 * Added an option to enable/disable the BN assembly code
2759 * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1)
2761 selftest and benchmark to not test ciphers that have been disabled
2762 * Updated x509parse_cert_info() to correctly display byte 0 of the
2765 peer may cause xyssl to loop indefinitely by sending a certificate
2769 * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin)
2770 * Modified ssl_parse_client_key_exchange() to protect against
2774 * Fixed assembly PPC compilation errors on Mac OS X, thanks to
2779 * Modified the HMAC functions to handle keys larger
2780 than 64 bytes, thanks to Stephane Desneux and gary ng
2781 * Fixed ssl_read_record() to properly update the handshake
2784 * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan
2791 * Updated the RSA PKCS#1 code to allow choosing between
2793 * Updated ssl_read() to skip 0-length records from OpenSSL
2794 * Fixed the make install target to comply with *BSD make
2796 * mpi_is_prime() speedups, thanks to Kevin McLaughlin
2811 * Fixed the net_set_*block routines, thanks to Andreas
2815 * Rewrote README.txt in program/ssl/ca to better explain
2816 how to create a test PKI
2821 time, to reduce the memory footprint on embedded systems
2823 havege_struct for this processor, thanks to David Patiño
2825 thanks to Peking University and the OSU Open Source Lab
2838 (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris
2841 size of 16384 bytes to be rejected
2847 * Various improvement to the modular exponentiation code
2848 * Rewrote the headers to generate the API docs with doxygen
2851 version was not properly set), thanks to Didier Rebeix
2859 * Multiple fixes to enhance the compatibility with g++,
2860 thanks to Xosé Antón Otero Ferreira
2861 * Fixed a bug in the CBC code, thanks to dowst; also,
2863 * Updated rsa_pkcs1_sign to handle arbitrary large inputs
2865 and 486 processors, thanks to Arnaud Cornet
2869 * Updated timing.c to support ARM and MIPS arch
2870 * Updated the MPI code to support 8086 on MSVC 1.5
2872 * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
2876 valid RSA keys to be dismissed (thanks to oldwolf)
2877 * Fixed a bug in mpi_is_prime that caused some primes to fail
2880 I'd also like to thank Younès Hafri for the CRUX linux port,