Lines Matching refs:or
24 is selected. This may result in an application crash or potentially an
28 or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
40 enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
58 MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
102 structures directly or serialize them.
135 value when verifying a MAC or AEAD tag. This hardens the library in
140 from the output buffer. This fixes a potential policy bypass or decryption
143 * Fix a double-free that happened after mbedtls_ssl_set_session() or
154 * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or
165 * Failures of alternative implementations of AES or DES single-block
167 MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
169 where this function cannot fail, or full-module replacements with
170 MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
277 co-located process) could recover a Curve25519 or Curve448 static ECDH key
299 mbedtls_mpi_read_string() was called on "-0", or when
345 could notably be triggered by setting the TLS debug level to 3 or above
352 signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
363 * The PSA API no longer allows the creation or destruction of keys with a
376 invalid max_fragment_length extension, or an
394 * When building the test suites with GNU make, invoke python3 or python, not
409 may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
410 now writing an empty string where it previously wrote one or more
462 * In the PSA API, the policy for a MAC or AEAD algorithm can specify a
463 minimum MAC or tag length thanks to the new wildcards
472 length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
504 * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
536 (PSA_KEY_TYPE_CHACHA20 or PSA_KEY_TYPE_ARC4).
599 are implemented. This could cause failures or the silent use of non-random
601 obtain entropy, or due to an internal failure (which, for Mbed TLS's own
602 CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
642 an ECC key pair on Curve25519 or secp244k1.
662 * Attempting to create or register a key with a key identifier in the vendor
687 must be erased, or manually upgraded based on the key storage format
726 attacker could for example impersonate a 4-bytes or 16-byte domain by
727 getting a certificate for the corresponding IPv4 or IPv6 (this would
816 device, keys created with the old lifetime value will not be readable or
918 files in tests/src. When building with make or cmake, the files in
922 `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
992 unless the RNG is broken, and could result in information disclosure or
993 denial of service (application crash or extra resource consumption).
1010 exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes
1039 MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
1068 or from a buffer regardless of the step type.
1098 mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed().
1106 rather than success, so that coding mistakes or memory corruption tends to
1165 (32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by
1178 list all curves for which at least one of ECDH or ECDSA is supported, not
1179 just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
1287 changed its IP or port. The feature is enabled at compile-time by setting
1308 either used both encrypt and decrypt key schedules, or which perform padding.
1370 an error or a meaningless output from mbedtls_ecdh_get_params. In the
1414 e.g. RSA or ECC signature operations. Reported in #1722, fix suggested
1441 using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
1535 one using PrintableString and the other UTF8String) or in the choice of
1542 potentially leading to an application crash or information disclosure.
1550 pairs or Diffie-Hellman parameters, but was insufficient to validate
1582 hardware accelerators that don't implement all options or features.
1612 * Zeroize memory used for buffering or reassembling handshake messages
1675 is controlled by the maximum fragment length as set locally or negotiated
1713 or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
1740 or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
1743 or CCM instead of CBC, using hash sizes other than SHA-384, or using
1752 targeting an internal MD/SHA buffer. With TLS or if
1755 connections manipulated by the attacker. Connections using GCM or CCM
1756 instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected.
1763 buffer. Connections using GCM or CCM instead of CBC or using
1820 * Fail when receiving a TLS alert message with an invalid length, or invalid
1891 unnecessary callback checks being made or to some validation checks to be
1894 trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
1904 offer or a ciphersuite that cannot be used with the TLS or DTLS version
1920 or writing.
1931 in configurations that omit certain hashes or public-key algorithms.
1969 * Improve testing in configurations that omit certain hashes or
1996 * In the SSL module, when f_send, f_recv or f_recv_timeout report
2098 6 bytes on the peer's heap, which could potentially lead to crash or remote
2102 for the key size, which could potentially lead to crash or remote code
2172 purpose or CRT and/or blinding.
2195 parameters from RFC 3526 or the newly added parameters from RFC 7919.
2211 regardless of the peer's preferences, or fail if SHA-1 was disabled.
2263 * Fix the entropy.c module to not call mbedtls_sha256_starts() or
2265 * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
2325 callback) or chain length limitations.
2327 verification of the peer's certificate failed due to an overlong chain or
2376 Could result in DoS (application crash) or information leak
2378 back to the server or to a third party). Can be triggered remotely.
2445 MBEDTLS_AES_DECRYPT_ALT or MBEDTLS_AES_ENCRYPT_ALT.
2570 * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
2641 expired or not yet valid certificate was parsed before a valid certificate
2656 * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
2673 SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
2700 on untrusted input or write keys of untrusted origin. Found by Guido
2718 * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
2735 or -1.
2741 overflow of the hostname or session ticket. Found by Guido Vranken,
2753 string of close to or larger than 1GB to exploit; on 64 bit machines, would
2754 require reading a string of close to or larger than 2^62 bytes.
2760 buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
2840 SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
2842 * Fix unused function warning when using MBEDTLS_MDx_ALT or
2878 * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
2956 between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
2966 * Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom
3165 * Add support for getrandom() syscall on recent Linux kernels with Glibc or
3204 with a suitable (extended)KeyUsage or curve or no PSK set.
3244 * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
3254 * Accept spaces at end of line or end of buffer in base64_decode().
3329 * debug_set_log_mode() added to determine raw or full logging
3724 * Accept spaces at end of line or end of buffer in base64_decode().
3882 or rsa_rsaes_oaep_decrypt()
4212 * Network functions now return POLARSSL_ERR_NET_WANT_READ or
4230 before parsing a key or keyfile!
4336 printing of X509 certificates from file or SSL
4469 * Correctly handle the case in padlock_xcryptcbc() when input or