Lines Matching refs:now
6 * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
69 * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
85 connection identifier, the Mbed TLS client now properly sends the server
177 This algorithm now accepts only the same salt length for verification
180 * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
198 * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
200 * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
237 * The library now uses the %zu format specifier with the printf() family of
255 * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
289 * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
292 * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
350 implementations. This reliance is now removed. Fixes #3990.
365 can now only be used as intended, for keys that cannot be modified through
371 restartable variants now always honor the specified hash length if
387 * Alternative implementations of CMAC may now opt to not support 3DES as a
406 mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
410 now writing an empty string where it previously wrote one or more
423 * The API glue function mbedtls_ecc_group_of_psa() now takes the curve size
431 as always 0. It is now reserved for internal purposes and may take
443 * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG.
448 MBEDTLS_ECP_xxx_ALT accelerator hooks are in use can now be turned off
450 * The PSA crypto subsystem can now be configured to use less static RAM by
455 now use an external random generator instead of the library's own
459 applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA
527 now uses the getrandom syscall instead of reading from /dev/urandom.
576 operations now accept the key identifier. The type psa_key_handle_t is now
637 * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names
657 * psa_set_key_id() now also sets the lifetime to persistent for keys located
659 * Attempting to create a volatile key with a non-zero key identifier now
663 range now fails.
770 APIs. psa_import_key and psa_export_key will now correctly expect/output
778 * PSA key import will now correctly import a Curve25519/Curve448 public key
796 the copyright of contributors other than Arm is now acknowledged, and the
897 * Fix warnings about signedness issues in format strings. The build is now
915 dropped. As a consequence, the TLS handshake now fails when the output
917 * The unit tests now rely on header files in tests/include/test and source
921 * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
1067 * Key derivation inputs in the PSA API can now either come from a key object
1078 key derivation function, use a buffer instead (this is now always
1097 mbedtls_hmac_drbg_set_entropy_len() now work if you call them before
1103 * psa_close_key(0) and psa_destroy_key(0) now succeed (doing nothing, as
1105 * Variables containing error codes are now initialized to an error code
1176 * The HAVEGE state type now uses uint32_t elements instead of int.
1177 * The functions mbedtls_ecp_curve_list() and mbedtls_ecp_grp_id_list() now
1190 is now deprecated.
1246 code and tests are now only available via Mbed Crypto, which
1264 * It is now possible to use NIST key wrap mode via the mbedtls_cipher API.
1268 * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest.
1422 * Ciphersuites based on 3DES now have the lowest priority by default when
1454 parameter validation whereas other modules had little. This has now been
1456 that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
1587 supported are deprecated and are now replaced by the new equivalent
1914 mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
2014 * The truncated HMAC extension now conforms to RFC 6066. This means
2016 HMAC extension, Mbed TLS can now interoperate with other
2323 * Certificate verification functions now set flags to -1 in case the full
2326 * With authmode set to optional, the TLS handshake is now aborted if the
2553 scripts, which is also now called by all.sh.
2662 * Fix non-compliance server extension handling. Extensions for SSLv3 are now
2722 * mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and
2847 * The PEM parser now accepts a trailing space at end of lines (#226).
2848 * It is now possible to #include a user-provided configuration file at the
2877 You now need to link to all of them if you use TLS for example.
2886 * Headers are now found in the 'mbedtls' directory (previously 'polarssl').
2909 * mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set
2913 * On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in
2917 * mbedtls_ssl_conf_truncated_hmac() now returns void.
2918 * mbedtls_memory_buffer_alloc_init() now returns void.
2919 * X.509 verification flags are now an uint32_t. Affect the signature of:
2933 * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
2945 mbedtls_pk_parse_public_key() and mbedtls_dhm_parse_dhm() now expect the
2948 * calloc() is now used instead of malloc() everywhere. API of platform
2952 (support for renegotiation now needs explicit enabling in config.h).
2973 * Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on).
2997 * The default minimum TLS version is now TLS 1.0.
2998 * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
3000 * Support for receiving SSLv2 ClientHello is now disabled by default at
3002 * The default authmode for SSL/TLS clients is now REQUIRED.
3003 * Support for RSA_ALT contexts in the PK layer is now optional. Since is is
3007 * A minimum RSA key size of 2048 bits is now enforced during ceritificate
3009 * Negotiation of truncated HMAC is now disabled by default on server too.
3010 * The following functions are now case-sensitive:
3018 * The minimum MSVC version required is now 2010 (better C99 support).
3019 * The NET layer now unconditionnaly relies on getaddrinfo() and select().
3025 * The following functions now return void:
3037 * mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now
3068 speed and RAM (heap only for now) usage.
3121 * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
3161 * Support for renegotiation can now be disabled at compile-time
3186 * ssl_get_verify_result() now works even if the handshake was aborted due
3199 * ssl_set_own_cert() now returns an error on key-certificate mismatch.
3201 * debug_print_buf() now prints a text view in addition to hexadecimal.
3202 * A specific error is now returned when there are ciphersuites in common
3205 * It is now possible to disable negotiation of truncated HMAC server-side
3207 * Example programs for SSL client and server now disable SSLv3 by default.
3208 * Example programs for SSL client and server now disable RC4 by default.
3244 * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
3250 * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
3252 * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
3269 * Blowfish in the cipher layer now supports variable length keys.
3284 * md_list() now returns hashes strongest first
3285 * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
3287 * All public contexts have _init() and _free() functions now for simpler
3339 * AES-NI now compiles with "old" assemblers too
3340 * Ciphersuites based on RC4 now have the lowest priority by default
3352 * rsa_check_pubkey() now allows an E up to N
3373 * x509_crt_info() now prints information about parsed extensions as well
3374 * pk_verify() now returns a specific error code when the signature is valid
3422 * Entropy module now supports seed writing and reading
3427 now thread-safe if POLARSSL_THREADING_C defined
3482 * ssl_mail_client now terminates lines with CRLF, instead of LF
3509 * Curves are now stored fully in ROM
3516 * SSL now gracefully handles missing RNG
3538 * Padding checks in cipher layer are now constant-time
3539 * Value comparisons in SSL layer are now constant-time
3615 * Client and server now filter sent and accepted ciphersuites on minimum
3623 * x509_crt_verify() now case insensitive for cn (RFC 6125 6.4)
3685 * ssl_get_verify_result() now works even if the handshake was aborted due
3722 * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
3728 * Entropy module now supports seed writing and reading
3755 * SSL now gracefully handles missing RNG
3765 * ssl_mail_client now terminates lines with CRLF, instead of LF
3782 * rsa_check_pubkey() now allows an E up to N
3807 * x509_verify() now case insensitive for cn (RFC 6125 6.4)
3843 * x509parse_crt() now better handles PEM error situations
3844 * ssl_parse_certificate() now calls x509parse_crt_der() directly
3847 * x509parse_crtpath() is now reentrant and uses more portable stat()
3861 * Default Blowfish keysize is now 128-bits
3885 * The SSL session cache module (ssl_cache) now also retains peer_cert
3936 * Depth that the certificate verify callback receives is now numbered
4001 * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
4007 * mpi_add_abs() now correctly handles adding short numbers to long numbers
4032 * x509parse_crt() now better handles PEM error situations
4033 * ssl_parse_certificate() now calls x509parse_crt_der() directly
4063 * mpi_add_abs() now correctly handles adding short numbers to long numbers
4067 * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
4135 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
4152 * All error codes are now negative. Even on mermory failures and IO errors.
4163 * If certificate serial is longer than 32 octets, serial number is now
4176 * The generic cipher and message digest layer now have normal error
4188 * Functions requiring File System functions can now be disabled
4201 * mpi_init() and mpi_free() now only accept a single MPI
4204 is now done with a PLUS instead of an OR as error codes
4207 net_recv() now returns 0 on EOF instead of
4212 * Network functions now return POLARSSL_ERR_NET_WANT_READ or
4226 * Debug print of MPI now removes leading zero octets and
4233 * Debug output of MPI's now the same independent of underlying
4245 are now supported as well (Fixes ticket #5)
4321 * rsa_check_private() now supports PKCS1v2 keys as well
4341 * X509 signature algorithm determination is now
4360 * Coverage test definitions now support 'depends_on'
4362 * Tests requiring specific hashing algorithms now honor
4433 * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
4543 * Ciphers used in SSL/TLS can now be disabled at compile