TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
551756df7c5d76736883db37b8d43284bc622bb2
mbedtls/library
History
Gilles Peskine 551756df7c Require calling mbedtls_ssl_set_hostname() for security 
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.

Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.

But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-02-24 18:04:29 +01:00
..
.gitignore
Ignore *.o everywhere
2023-05-12 13:57:39 +02:00
aes.c
Update headers
2023-11-03 12:54:54 +00:00
aesni.c
Specify previously missed XMM register clobbers in AES-NI asm blocks
2024-12-13 02:14:13 +01:00
arc4.c
Update headers
2023-11-03 12:54:54 +00:00
aria.c
Update headers
2023-11-03 12:54:54 +00:00
asn1parse.c
Update headers
2023-11-03 12:54:54 +00:00
asn1write.c
Update headers
2023-11-03 12:54:54 +00:00
base64.c
Update headers
2023-11-03 12:54:54 +00:00
bignum_internal.h
Align Montgomery init with development
2024-01-22 15:58:57 +00:00
bignum.c
Fix 'missing prototype' warnings
2024-01-22 15:58:57 +00:00
blowfish.c
Update headers
2023-11-03 12:54:54 +00:00
camellia.c
Update headers
2023-11-03 12:54:54 +00:00
ccm.c
Update headers
2023-11-03 12:54:54 +00:00
certs.c
Update headers
2023-11-03 12:54:54 +00:00
chacha20.c
Update headers
2023-11-03 12:54:54 +00:00
chachapoly.c
Update headers
2023-11-03 12:54:54 +00:00
check_crypto_config.h
Update headers
2023-11-03 12:54:54 +00:00
cipher_wrap.c
Update headers
2023-11-03 12:54:54 +00:00
cipher.c
Update headers
2023-11-03 12:54:54 +00:00
cmac.c
Update headers
2023-11-03 12:54:54 +00:00
CMakeLists.txt
Bump version to 2.28.9
2024-08-26 12:44:41 +02:00
common.h
MBEDTLS_STATIC_ASSERT: make it work outside of a function
2024-08-07 11:17:32 +02:00
constant_time_internal.h
Update headers
2023-11-03 12:54:54 +00:00
constant_time_invasive.h
Update headers
2023-11-03 12:54:54 +00:00
constant_time.c
Update headers
2023-11-03 12:54:54 +00:00
ctr_drbg.c
Update headers
2023-11-03 12:54:54 +00:00
debug.c
Update headers
2023-11-03 12:54:54 +00:00
des.c
Update headers
2023-11-03 12:54:54 +00:00
dhm.c
Update headers
2023-11-03 12:54:54 +00:00
ecdh.c
Update headers
2023-11-03 12:54:54 +00:00
ecdsa.c
Update headers
2023-11-03 12:54:54 +00:00
ecjpake.c
Update headers
2023-11-03 12:54:54 +00:00
ecp_curves.c
Reduce many unnecessary static memory consumption
2024-02-07 21:48:12 +08:00
ecp_invasive.h
Update headers
2023-11-03 12:54:54 +00:00
ecp.c
tf-psa-crypto/drivers/builtin/src/ecp.c
2025-01-23 15:29:58 +00:00
entropy_poll.c
Fixed issue of redefinition warning messages for _GNU_SOURCE
2024-05-02 14:47:54 +05:30
entropy.c
Update headers
2023-11-03 12:54:54 +00:00
error.c
Create configuration option to bypass the mbedtls_ssl_set_hostname check
2025-02-24 18:04:14 +01:00
gcm.c
Allow GCM IV to be NULL if zero-length
2024-02-01 19:38:22 +00:00
havege.c
Update headers
2023-11-03 12:54:54 +00:00
hkdf.c
Update headers
2023-11-03 12:54:54 +00:00
hmac_drbg.c
Update headers
2023-11-03 12:54:54 +00:00
Makefile
Add a selftest run for the TIMING_ALT test
2023-01-26 04:33:59 -05:00
md2.c
Update headers
2023-11-03 12:54:54 +00:00
md4.c
Update headers
2023-11-03 12:54:54 +00:00
md5.c
Update headers
2023-11-03 12:54:54 +00:00
md.c
Update headers
2023-11-03 12:54:54 +00:00
memory_buffer_alloc.c
Update headers
2023-11-03 12:54:54 +00:00
mps_common.h
Update headers
2023-11-03 12:54:54 +00:00
mps_error.h
Update headers
2023-11-03 12:54:54 +00:00
mps_reader.c
Update headers
2023-11-03 12:54:54 +00:00
mps_reader.h
Update headers
2023-11-03 12:54:54 +00:00
mps_trace.c
Update headers
2023-11-03 12:54:54 +00:00
mps_trace.h
Update headers
2023-11-03 12:54:54 +00:00
net_sockets.c
Make mbedTLS compile with MS-DOS DJGPP
2024-12-01 10:32:46 +01:00
nist_kw.c
Update headers
2023-11-03 12:54:54 +00:00
oid.c
Fix the build without check_config.h (inclusion of limits.h)
2024-05-17 19:00:46 +02:00
padlock.c
Update headers
2023-11-03 12:54:54 +00:00
pem.c
Update headers
2023-11-03 12:54:54 +00:00
pk_wrap.c
Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
2024-02-12 17:00:48 +01:00
pk.c
Update headers
2023-11-03 12:54:54 +00:00
pkcs5.c
Update headers
2023-11-03 12:54:54 +00:00
pkcs11.c
Update headers
2023-11-03 12:54:54 +00:00
pkcs12.c
Update headers
2023-11-03 12:54:54 +00:00
pkparse.c
Update headers
2023-11-03 12:54:54 +00:00
pkwrite.c
Update headers
2023-11-03 12:54:54 +00:00
platform_util.c
fix build for midipix
2024-01-31 14:14:27 +01:00
platform.c
Update headers
2023-11-03 12:54:54 +00:00
poly1305.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_aead.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_aead.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_cipher.c
Silence gcc 12.2.0 warning
2024-06-14 16:29:47 +01:00
psa_crypto_cipher.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_client.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_core.h
Remove LOCAL_OUTPUT_ALLOC_WITH_COPY
2024-03-12 17:54:55 +00:00
psa_crypto_driver_wrappers.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_driver_wrappers.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_ecp.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_ecp.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_hash.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_hash.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_invasive.h
Change to use test-hook-based approach
2023-12-20 14:49:41 +00:00
psa_crypto_its.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_mac.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_mac.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_random_impl.h
Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG
2024-07-25 18:30:51 +02:00
psa_crypto_rsa.c
Free allocated memory where methods were returning without freeing
2024-08-19 13:22:35 +01:00
psa_crypto_rsa.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_se.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_se.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_slot_management.c
Fix inverted assertion message
2024-08-08 15:57:48 +02:00
psa_crypto_slot_management.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_storage.c
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto_storage.h
Update headers
2023-11-03 12:54:54 +00:00
psa_crypto.c
Merge pull request #9256 from gilles-peskine-arm/psa-keystore-dynamic-backport-2.28
2024-08-09 08:00:01 +00:00
psa_its_file.c
Update headers
2023-11-03 12:54:54 +00:00
ripemd160.c
Update headers
2023-11-03 12:54:54 +00:00
rsa_internal.c
Update headers
2023-11-03 12:54:54 +00:00
rsa.c
Align Montgomery init with development
2024-01-22 15:58:57 +00:00
sha1.c
Update headers
2023-11-03 12:54:54 +00:00
sha256.c
Update headers
2023-11-03 12:54:54 +00:00
sha512.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_cache.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_ciphersuites.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_cli.c
Access ssl->hostname through abstractions
2025-02-21 19:32:59 +01:00
ssl_cookie.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_msg.c
Fix the build without check_config.h (inclusion of limits.h)
2024-05-17 19:00:46 +02:00
ssl_srv.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_ticket.c
Update headers
2023-11-03 12:54:54 +00:00
ssl_tls13_keys.c
Update header
2023-11-03 12:58:29 +00:00
ssl_tls13_keys.h
Update headers
2023-11-03 12:54:54 +00:00
ssl_tls.c
Require calling mbedtls_ssl_set_hostname() for security
2025-02-24 18:04:29 +01:00
threading.c
Update headers
2023-11-03 12:54:54 +00:00
timing.c
Update library/timing.c
2024-01-18 12:25:18 +01:00
version_features.c
Create configuration option to bypass the mbedtls_ssl_set_hostname check
2025-02-24 18:04:14 +01:00
version.c
Update headers
2023-11-03 12:54:54 +00:00
x509_create.c
Fix Issue #8687
2024-01-22 16:00:07 +00:00
x509_crl.c
Update headers
2023-11-03 12:54:54 +00:00
x509_crt.c
Fix the build without check_config.h (inclusion of limits.h)
2024-05-17 19:00:46 +02:00
x509_csr.c
Update headers
2023-11-03 12:54:54 +00:00
x509.c
Update headers
2023-11-03 12:54:54 +00:00
x509write_crt.c
Update headers
2023-11-03 12:54:54 +00:00
x509write_csr.c
Update headers
2023-11-03 12:54:54 +00:00
xtea.c
Update headers
2023-11-03 12:54:54 +00:00