TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
624fc2e0de8e28f687cb3de0ebfb3f830db02ee9
mbedtls/library
History
David Horstmann 624fc2e0de Move TLS 1.3 verify-result setting for PSK 
When we are doing PSK, we'd like to set verify_result to
MBEDTLS_X509_BADCERT_SKIP_VERIFY. Previously this was done in
mbedtls_ssl_set_hs_psk() but this is inadequate since this function may
be called for early data (where certificate verification happens later
in the handshake.

Instead, set this value after writing / processing the encrypted
extensions on the server / client respectively, so that we know whether
we are doing certificate verification or not for sure. This change is
effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in
ssl_parse_certificate_coordinate().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2026-03-10 15:12:47 +00:00
..
.gitignore
Register generate_config_files.py outputs as generated files
2025-09-19 13:36:24 +02:00
CMakeLists.txt
Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation
2025-10-24 12:50:51 +02:00
debug_internal.h
library: debug: remove mbedtls_debug_print_mpi()
2026-01-08 10:32:57 +01:00
debug.c
library: debug: adjust guards for "mbedtls_debug_print_crt"
2026-01-08 10:32:57 +01:00
Makefile
Use the crypto makefile helpers in tf-psa-crypto
2026-01-08 14:57:50 +01:00
mbedtls_check_config.h
library: check_config: remove references to secp192 curves
2025-11-20 13:01:18 +01:00
mbedtls_config.c
Enable checks for bad options in the config file
2025-09-24 17:20:35 +02:00
mbedtls_utils.h
library: ssl: adjust return type of mbedtls_psa_alg_from_pk_sigalg()
2025-12-09 16:15:48 +01:00
mps_common.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_error.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_reader.c
Include ssl_misc.h for additional SSL helper files
2024-10-11 12:21:30 +01:00
mps_reader.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_trace.c
Include ssl_misc.h for additional SSL helper files
2024-10-11 12:21:30 +01:00
mps_trace.h
Include ssl_misc.h for additional SSL helper files
2024-10-11 12:21:30 +01:00
net_sockets.c
Make mbedTLS compile with MS-DOS DJGPP
2024-12-01 10:05:21 +01:00
pkcs7.c
Change the call to mbedtls_pk_verify_ext in pkcs7 to have a variable input cert->sig_pk
2025-10-30 13:37:09 +00:00
ssl_cache.c
Update includes for each library file
2024-10-09 11:18:50 +01:00
ssl_ciphersuites_internal.h
ssl: rm useless private includes in internal headers
2025-12-01 10:24:41 +01:00
ssl_ciphersuites.c
Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t
2025-10-28 07:58:37 +00:00
ssl_client.c
Tidy up debug of non ext functions
2025-10-28 07:58:37 +00:00
ssl_client.h
Update includes for each library file
2024-10-09 11:18:50 +01:00
ssl_cookie.c
remove RNG parameters from SSL API's
2025-03-10 13:24:31 +00:00
ssl_debug_helpers.h
Update includes for each library file
2024-10-09 11:18:50 +01:00
ssl_misc.h
Add comments for remaining internal includes
2025-12-02 12:35:20 +01:00
ssl_msg.c
Merge pull request #10577 from h1wind/patch-1
2026-01-29 10:30:18 +00:00
ssl_ticket.c
removed psa_crypto_init from library as this is supposed to be called by the application
2025-03-10 13:46:14 +00:00
ssl_tls12_client.c
library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa()
2025-12-04 16:28:44 +01:00
ssl_tls12_server.c
library: ssl: specify hash algorithm when checking signature in ssl_parse_certificate_verify
2025-12-09 16:18:11 +01:00
ssl_tls13_client.c
Move TLS 1.3 verify-result setting for PSK
2026-03-10 15:12:47 +00:00
ssl_tls13_generic.c
library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa()
2025-12-04 16:28:44 +01:00
ssl_tls13_invasive.h
Update includes for each library file
2024-10-09 11:18:50 +01:00
ssl_tls13_keys.c
Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
2025-06-20 11:48:16 +01:00
ssl_tls13_keys.h
Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
2025-06-20 11:48:16 +01:00
ssl_tls13_server.c
Move TLS 1.3 verify-result setting for PSK
2026-03-10 15:12:47 +00:00
ssl_tls.c
Move TLS 1.3 verify-result setting for PSK
2026-03-10 15:12:47 +00:00
timing.c
Move back timing.c to mbedtls
2024-12-04 14:25:02 +01:00
version.c
Simplify runtime version info string methods
2025-08-18 11:39:45 +02:00
x509_create.c
Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include
2025-08-29 07:05:40 +02:00
x509_crl.c
Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include
2025-08-29 07:05:40 +02:00
x509_crt.c
Change function name from mbedtls_pk_key_type_to_string to mbedtls_x509_pk_type_as_string
2026-01-12 08:19:07 +00:00
x509_csr.c
Change function name from mbedtls_pk_key_type_to_string to mbedtls_x509_pk_type_as_string
2026-01-12 08:19:07 +00:00
x509_internal.h
Add comments for remaining internal includes
2025-12-02 12:35:20 +01:00
x509_oid.c
Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include
2025-08-29 07:05:40 +02:00
x509_oid.h
x509: rm useless private includes in internal headers
2025-12-01 10:24:50 +01:00
x509.c
Add improvements to code comments and docs
2026-01-12 08:19:07 +00:00
x509write_crt.c
x509: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type()
2025-12-04 16:28:44 +01:00
x509write_csr.c
x509: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type()
2025-12-04 16:28:44 +01:00
x509write.c
Remove two more useless internal includes
2025-12-02 12:06:39 +01:00