espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-07-25 04:41:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/library
History
Gilles Peskine 2c33c75725 Require calling mbedtls_ssl_set_hostname() for security 
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.

Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.

But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-02-13 21:47:26 +01:00
..
.gitignore
Revert "Add generated files"
2024-10-15 12:06:18 +02:00
aes.c
Use optimised counter increment in AES-CTR and CTR-DRBG
2024-01-15 11:45:01 +00:00
aesce.c
Fix remaining warnings from -Wshorten-64-to-32
2024-02-13 13:41:16 +00:00
aesce.h
Merge remote-tracking branch 'origin/development' into msft-aarch64
2023-11-30 11:01:50 +00:00
aesni.c
Specify previously missed XMM register clobbers in AES-NI asm blocks
2024-12-13 02:10:01 +01:00
aesni.h
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only
2023-11-23 17:43:00 +00:00
alignment.h
Pacify check-names
2024-02-06 15:00:58 +00:00
aria.c
aria: remove leftover in comments
2024-01-30 16:28:09 +01:00
asn1parse.c
pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
2024-02-16 15:26:12 +01:00
asn1write.c
asn1: use the new symbol to guard dependencies of ECDSA conversion functions
2024-01-24 16:26:35 +01:00
base64_internal.h
Header updates
2023-11-03 12:21:36 +00:00
base64.c
Use size_t cast for pointer subtractions
2023-11-21 17:09:46 +00:00
bignum_core_invasive.h
Move bignum code path testing out of the library
2024-09-02 10:30:47 +02:00
bignum_core.c
Fix code style
2024-09-02 10:42:46 +02:00
bignum_core.h
Misc improvements to comments
2024-09-03 10:10:18 +02:00
bignum_internal.h
Add header for mbedtls_mpi_exp_mod_unsafe()
2024-08-22 15:00:09 +01:00
bignum_mod_raw_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod_raw.c
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod_raw.h
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod.c
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod.h
Header updates
2023-11-03 12:21:36 +00:00
bignum.c
Add header for mbedtls_mpi_exp_mod_unsafe()
2024-08-22 15:00:09 +01:00
block_cipher_internal.h
block_cipher: add encrypt()
2023-11-10 12:14:53 +01:00
block_cipher.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
bn_mul.h
Header updates
2023-11-03 12:21:36 +00:00
camellia.c
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
ccm.c
ccm.c: Return early when ccm* is used without tag.
2024-08-22 16:39:10 +01:00
chacha20.c
Header updates
2023-11-03 12:21:36 +00:00
chachapoly.c
Header updates
2023-11-03 12:21:36 +00:00
check_crypto_config.h
Header updates
2023-11-03 12:21:36 +00:00
cipher_wrap.c
cipher_wrap: fix guards for some CCM/GCM functions
2024-01-02 17:20:58 +01:00
cipher_wrap.h
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
cipher.c
Add invalid padding_len check in get_pkcs_padding
2024-05-13 09:27:57 -05:00
cmac.c
Merge branch 'development' into 'development-restricted'
2024-03-19 22:24:40 +00:00
CMakeLists.txt
Merge pull request #9675 from eleuzi01/backport-9673
2024-10-17 17:18:57 +00:00
common.h
MBEDTLS_STATIC_ASSERT: make it work outside of a function
2024-07-17 12:21:21 +02:00
constant_time_impl.h
Tiny fix in library/constant_time_impl.h
2024-08-06 16:26:41 +01:00
constant_time_internal.h
Header updates
2023-11-03 12:21:36 +00:00
constant_time.c
Remove unused code
2023-12-01 13:53:45 +00:00
ctr_drbg.c
Reorder blocks to avoid double negations
2024-07-17 12:21:21 +02:00
ctr.h
Add header guards
2024-01-17 11:06:31 +00:00
debug_internal.h
debug: move internal functions declarations to an internal header file
2024-01-18 15:30:46 +01:00
debug.c
debug: move internal functions declarations to an internal header file
2024-01-18 15:30:46 +01:00
des.c
Header updates
2023-11-03 12:21:36 +00:00
dhm.c
Use MBEDTLS_GET_UINTxx_BE macro
2023-11-21 17:09:46 +00:00
ecdh.c
echd: Added mbedtls_ecdh_get_grp_id getter.
2024-02-29 13:31:34 +00:00
ecdsa.c
Header updates
2023-11-03 12:21:36 +00:00
ecjpake.c
Use size_t cast for pointer subtractions
2023-11-21 17:09:46 +00:00
ecp_curves_new.c
lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
2024-01-29 12:00:15 +01:00
ecp_curves.c
Merge pull request #8665 from ivq/reduce_static_mem
2024-02-07 23:26:27 +00:00
ecp_internal_alt.h
Header updates
2023-11-03 12:21:36 +00:00
ecp_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
ecp.c
Update tf-psa-crypto/drivers/builtin/src/ecp.c
2025-01-23 15:31:35 +00:00
entropy_poll.c
Fixed issue of redefinition warning messages for _GNU_SOURCE
2024-05-02 14:27:44 +05:30
entropy_poll.h
Header updates
2023-11-03 12:21:36 +00:00
entropy.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
gcm.c
Check gcc version
2024-03-13 09:55:33 +00:00
hkdf.c
Header updates
2023-11-03 12:21:36 +00:00
hmac_drbg.c
Header updates
2023-11-03 12:21:36 +00:00
lmots.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
lmots.h
Use standard byte conversion fns in lms
2023-11-21 17:09:46 +00:00
lms.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
Makefile
Merge pull request #9608 from gilles-peskine-arm/outcome-check-repeated-configurations-all.sh-preliminaries-3.6
2024-10-25 11:47:48 +00:00
md5.c
Header updates
2023-11-03 12:21:36 +00:00
md_psa.h
md: move PSA conversion functions from md_psa.h to psa_util.h
2024-01-02 13:26:04 +01:00
md_wrap.h
Header updates
2023-11-03 12:21:36 +00:00
md.c
md: fix guards for mbedtls_md_error_from_psa()
2024-05-02 18:18:45 +02:00
memory_buffer_alloc.c
Header updates
2023-11-03 12:21:36 +00:00
mps_common.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_error.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_reader.c
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_reader.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_trace.c
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_trace.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
net_sockets.c
Make mbedTLS compile with MS-DOS DJGPP
2024-12-01 10:31:50 +01:00
nist_kw.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
oid.c
Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
2024-02-08 14:26:29 +00:00
padlock.c
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
padlock.h
Header updates
2023-11-03 12:21:36 +00:00
pem.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
pk_ecc.c
pk_ecc: fix documentation
2024-03-11 09:48:40 +01:00
pk_internal.h
pk_ecc: fix documentation
2024-03-11 09:48:40 +01:00
pk_wrap.c
pk_wrap: fix algorithm selection in rsa_opaque_decrypt()
2024-03-20 15:42:55 +01:00
pk_wrap.h
pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
2023-12-20 12:59:57 +02:00
pk.c
psa: allow to use static key buffers instead of dynamic ones
2024-10-22 13:31:19 +02:00
pkcs5.c
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
2023-12-21 16:39:04 +01:00
pkcs7.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
pkcs12.c
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
2023-12-21 16:39:04 +01:00
pkparse.c
pk: move ECC setters to a separate file
2024-03-11 09:48:40 +01:00
pkwrite.c
pkwrite: fix buffer overrun
2024-10-14 10:37:00 +02:00
pkwrite.h
pkwrite: add new internal symbol for the max supported public key DER length
2024-03-20 17:10:35 +01:00
platform_util.c
Fix typo in platform_util.c
2024-07-11 17:31:22 +03:00
platform.c
Header updates
2023-11-03 12:21:36 +00:00
poly1305.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_aead.c
Don't access psa_key_attributes_t.core
2024-02-28 01:30:24 +01:00
psa_crypto_aead.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_cipher.c
crypto_config.h: Don't list mechanisms that are not implemented
2024-12-24 20:03:29 +01:00
psa_crypto_cipher.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_client.c
Remove domain parameters from psa_key_attributes_t
2024-02-26 16:57:30 +01:00
psa_crypto_core_common.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_core.h
Documentation: fix some nits
2024-10-22 13:31:19 +02:00
psa_crypto_driver_wrappers_no_static.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_ecp.c
mbedtls_psa_ecp_generate_key: don't calculate the public key
2024-10-30 12:18:16 +01:00
psa_crypto_ecp.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_ffdh.c
Don't access psa_key_attributes_t.core
2024-02-28 01:30:24 +01:00
psa_crypto_ffdh.h
psa_crypto_ffdh: move dhm.h inclusion to c file
2024-01-26 09:35:18 +01:00
psa_crypto_hash.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_hash.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_invasive.h
Change to use test-hook-based approach
2023-12-11 17:58:56 +00:00
psa_crypto_its.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_mac.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_mac.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_pake.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_pake.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_random_impl.h
Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG
2024-07-25 18:24:59 +02:00
psa_crypto_rsa.c
Free allocated memory where methods were returning without freeing
2024-08-19 11:50:10 +01:00
psa_crypto_rsa.h
Documentation improvements
2024-08-06 13:13:05 +02:00
psa_crypto_se.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_se.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_slot_management.c
Simplify and explain the overflow check for maximum slice length
2024-08-22 10:55:40 +02:00
psa_crypto_slot_management.h
Clarify some internal documentation
2024-08-09 14:04:46 +02:00
psa_crypto_storage.c
Switch key slots to psa_key_attributes_t
2024-02-28 01:30:24 +01:00
psa_crypto_storage.h
psa: move default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
2024-10-22 13:31:19 +02:00
psa_crypto.c
PSA interruptible sign/verify: detect invalid curve family in start
2025-01-09 18:42:14 +01:00
psa_its_file.c
Use MBEDTLS_GET_UINTxx_BE macro
2023-11-21 17:09:46 +00:00
psa_util_internal.h
psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT
2024-02-29 16:14:29 +01:00
psa_util.c
mbedtls_ecdsa_raw_to_der and mbedtls_ecdsa_der_to_raw: reject bits==0
2024-10-28 10:09:18 +01:00
ripemd160.c
Header updates
2023-11-03 12:21:36 +00:00
rsa_alt_helpers.c
Header updates
2023-11-03 12:21:36 +00:00
rsa_alt_helpers.h
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
2023-12-20 12:59:57 +02:00
rsa_internal.h
rsa_internal: fix documentation for mbedtls_rsa_parse_key()
2024-02-05 08:48:39 +01:00
rsa.c
Add header for mbedtls_mpi_exp_mod_unsafe()
2024-08-22 15:00:09 +01:00
sha1.c
Header updates
2023-11-03 12:21:36 +00:00
sha3.c
Merge pull request #8822 from daverodgman/sha3-perf
2024-03-12 13:14:40 +00:00
sha256.c
Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally
2024-08-14 15:22:37 -07:00
sha512.c
Support SHA-512 hwcap detection on old libc
2024-01-30 15:31:42 +00:00
ssl_cache.c
Header updates
2023-11-03 12:21:36 +00:00
ssl_ciphersuites_internal.h
ssl_ciphersuites: move internal functions declarations to a private header
2024-01-18 15:08:28 +01:00
ssl_ciphersuites.c
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
2024-01-02 13:27:32 +01:00
ssl_client.c
Access ssl->hostname through abstractions
2025-02-13 21:24:01 +01:00
ssl_client.h
Header updates
2023-11-03 12:21:36 +00:00
ssl_cookie.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
ssl_debug_helpers.h
tls13: cli: Split early data user status and internal state
2024-03-12 17:48:15 +01:00
ssl_misc.h
Access ssl->hostname through abstractions
2025-02-13 21:24:01 +01:00
ssl_msg.c
Reduce level of non-error debug message
2024-09-20 07:44:36 +02:00
ssl_ticket.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
ssl_tls12_client.c
Minor updates in doc/comments/debug
2024-09-10 10:58:47 +02:00
ssl_tls12_server.c
Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted
2024-08-23 11:15:11 +02:00
ssl_tls13_client.c
Added debug print in tls13 ssl_tls13_write_key_share_ext
2024-12-09 20:16:48 +01:00
ssl_tls13_generic.c
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr
2024-08-28 20:48:27 +01:00
ssl_tls13_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
ssl_tls13_keys.c
Merge pull request #8715 from valeriosetti/issue7964
2024-02-05 15:09:15 +00:00
ssl_tls13_keys.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
ssl_tls13_server.c
TLS 1.3 server: move crypto_init after protocol negotiation
2024-08-26 12:04:39 +02:00
ssl_tls.c
Require calling mbedtls_ssl_set_hostname() for security
2025-02-13 21:47:26 +01:00
threading.c
Update references to test helpers
2024-11-14 14:19:40 +00:00
timing.c
Header updates
2023-11-03 12:21:36 +00:00
version.c
Header updates
2023-11-03 12:21:36 +00:00
x509_create.c
Update fix to be more platform-independent
2024-01-22 15:31:05 +00:00
x509_crl.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509_crt.c
Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally
2024-08-14 15:22:37 -07:00
x509_csr.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509_internal.h
Un-unrestore mbedtls_x509_string_to_names()
2024-02-26 13:59:43 +00:00
x509.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509write_crt.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
x509write_csr.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
x509write.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00