Lines Matching refs:when
13 steps you have to take when enabling it.
18 the return type from void to int to allow returning error codes when
46 * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
49 * Fix an unsafe bounds check when restoring an SSL session from a ticket.
92 * Fix overly strict DN comparison when looking for CRLs belonging to a
93 particular CA. This previously led to ignoring CRLs when the CRL's issuer
163 * Fix failure in hmac_drbg in the benchmark sample application, when
170 * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
197 * Remember the string format of X.509 DN attributes when replicating
216 This allows users to configure such an implementation at compile time when
239 handshake when flights do not get through (RFC 6347, section 4.1.1.1,
267 with TLS versions 1.1 and earlier when the server requested authentication
281 * Copy headers preserving timestamps when doing a "make install".
347 * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
355 * Fix compilation error when MBEDTLS_ARC4_C is disabled and
366 * Fix decryption for zero length messages (which contain all padding) when a
373 when the request_size argument is set to 0 as stated in the documentation.
380 * Fail when receiving a TLS alert message with an invalid length, or invalid
381 zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
383 when calling with a NULL salt and non-zero salt_len. Contributed by
459 where an optional signature algorithms list is expected when the signature
484 This function is necessary to determine when it is safe to idle on the
506 * Fix overriding and ignoring return values when parsing and writing to
511 returned when unexpected messages were being discarded, ignoring that
513 in the internal buffers; these cases led to deadlocks when event-driven
539 * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
553 environment variable when using the project makefiles.
556 * In the SSL module, when f_send, f_recv or f_recv_timeout report
564 * Declare functions in header files even when an alternative implementation
575 that when both sides of a TLS connection negotiate the truncated
599 algorithms family when encrypting private keys using PKCS#5 v2.0.
614 with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
622 * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
625 * In test_suite_pk, pass valid parameters when testing for hash length
630 * Fix X509 CRT parsing that would potentially accept an invalid tag when
649 * Use (void) when defining functions with no parameters. Contributed by
661 * Fix a buffer overflow in RSA-PSS verification when the hash was too large
665 * Fix buffer overflow in RSA-PSS verification when the unmasked data is all
667 * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
704 when run on a heavily-loaded machine.
738 returning error codes when using MBEDTLS_<MODULE>_ALT.
766 * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
769 * Parse signature algorithm extension when renegotiating. Previously,
777 * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
806 * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
809 * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1.
858 * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
859 mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
861 (default: 8) intermediates, even when it was not trusted. This could be
901 compilation when using ARM Compiler 6.
954 when sending the alert failed. The fix makes sure not to hide the error
967 * Fix incorrect sign computation in modular exponentiation when the base is
1004 void to int to allow returning error codes when using MBEDTLS_AES_ALT,
1024 some data loss when casting a size_t to an unsigned int value in the
1036 when verifying the validity of a key on secp224k1. This could be
1043 * Fix output certificate verification flags set by x509_crt_verify_top() when
1046 set when the verification conditions are not met regardless of the cause.
1052 x509_csr.c that are reported when building mbed TLS with a config.h that
1057 renegotiation routines at unexpected times when the protocol is DTLS. Found
1059 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
1073 by missing calls to mbedtls_pem_free() in cases when a
1079 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
1081 * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
1103 mbedtls_x509write_csr_der() when the signature is copied to the buffer
1115 configure the maximum length of a file path that can be buffered when
1129 when GCM is used. Found by udf2457. #441
1134 * Fixed cert_app.c sample program for debug output and for use when no root
1149 * Fix potential byte overread when verifying malformed SERVER_HELLO in
1151 * Fix check for validity of date when parsing in mbedtls_x509_get_time().
1192 * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
1198 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and
1205 * Fix issue that caused a hang when generating RSA keys of odd bitlength
1216 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
1228 * Fix potential double free when mbedtls_asn1_store_named_data() fails to
1239 when the first intermediate certificate has pathLenConstraint=0. Found by
1255 * Fix potential heap corruption on Windows when
1294 * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
1308 mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
1319 * Fix possible heap buffer overflow in base64_encoded() when the input
1333 * Fix macroization of 'inline' keyword when building as C++. (#279)
1347 * Fix possible client-side NULL pointer dereference (read) when the client
1353 * Fix warning when using a 64bit platform. (found by embedthis) (#275)
1375 * Fix segfault in the benchmark program when benchmarking DHM.
1378 * Fix bug when parsing a ServerHello without extensions (found by David
1389 * Fix missing -static-libgcc when building shared libraries for Windows
1391 * Fix link error when building shared libraries for Windows with make.
1392 * Fix error when loading libmbedtls.so.
1402 * Fix unused function warning when using MBEDTLS_MDx_ALT or
1639 * Fix bug in entropy.c when THREADING_C is also enabled that caused
1641 * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
1643 * Fix bug in ssl_mail_client when password is longer that username (found
1647 * mpi_size() and mpi_msb() would segfault when called on an mpi that is
1652 * Fix potential NULL pointer dereference (not trigerrable remotely) when
1665 * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
1696 * NULL pointer dereference in the buffer-based allocator when the buffer is
1724 for pre-1.2 clients when multiple certificates are available.
1741 * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
1750 issue with some servers when a zero-length extension was sent. (Reported
1758 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
1762 * A specific error is now returned when there are ciphersuites in common
1775 * Remotely-triggerable memory leak when parsing some X.509 certificates
1778 * Remotely-triggerable memory leak when parsing crafted ClientHello
1788 * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
1792 renegotation was pending, and on client when a HelloRequest was received.
1794 write callback returned WANT_WRITE when requesting renegotiation.
1822 when a GCM suite was chosen.
1861 * Very small records were incorrectly rejected when truncated HMAC was in
1911 ServerHello when no extensions are present (found by Matthew Page)
1915 big-endian platform when size was not an integer number of limbs
1917 * Some parts of ssl_tls.c were compiled even when the module was disabled.
1934 * pk_verify() now returns a specific error code when the signature is valid
1952 * Potential memory leak in mpi_exp_mod() when error occurs during
1959 * Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by
1998 "triple handshake" attack when authentication mode is 'optional' (the
1999 attack was already impossible when authentication is required).
2017 * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
2020 send() would return an EAGAIN error when sending the ticket.
2021 * ssl_cache was leaking memory when reusing a timed out entry containing a
2023 * ssl_srv was leaking memory when client presented a timed out ticket
2232 * Fix buffer overread of size 1 when parsing crafted X.509 certificates
2249 issue with some servers when a zero-length extension was sent. (Reported
2255 * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
2262 * Remotely-triggerable memory leak when parsing some X.509 certificates
2276 renegotation was pending, and on client when a HelloRequest was received.
2303 "triple handshake" attack when authentication mode is optional (the
2304 attack was already impossible when authentication is required).
2311 when a GCM suite was chosen.
2338 * Potential memory leak in mpi_exp_mod() when error occurs during
2341 when no extensions are present (found by Matthew Page)
2345 big-endian platform when size was not an integer number of limbs
2370 * Fixed potential memory leak when failing to resume a session
2441 * Added support for custom labels when using rsa_rsaes_oaep_encrypt()
2443 * Re-added handling for SSLv2 Client Hello when the define
2475 * Memory leak when using RSA_PKCS_V21 operations fixed
2578 * Fixed potential memory leak when failing to resume a session
2634 * Memory leak when using RSA_PKCS_V21 operations fixed
2740 * Undid faulty bug fix in ssl_write() when flushing old data (Ticket
2747 enable and disable individual modes when needed
2796 * Fixed bug in ssl_write() when flushing old data (Fixed ticket
2817 * Support more exotic OID's when parsing certificates
2819 * Support more exotic name representations when parsing
2939 this is mind when checking for errors.
2978 * Fixed a bug in mpi_gcd() so that it also works when both
3021 be sent twice in non-blocking mode when send returns EAGAIN
3029 * Correctly handle the case in padlock_xcryptcbc() when input or
3039 * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty