mbedtls/library
Yanray Wang fb0f47b1f8 tls13: srv: check tls version in ClientHello with min_tls_version
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-04 17:50:36 +08:00
..
.gitignore Revert "Auto-generated files for v3.5.0" 2023-10-05 00:17:21 +01:00
aes.c Merge pull request #8326 from daverodgman/aesce-thumb2 2023-11-27 09:58:58 +00:00
aesce.c Remove redundant check 2023-11-30 11:02:03 +00:00
aesce.h Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-30 11:01:50 +00:00
aesni.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
aesni.h Merge pull request #8124 from yanrayw/support_cipher_encrypt_only 2023-11-23 17:43:00 +00:00
alignment.h Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-30 09:34:41 +00:00
aria.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
asn1parse.c update headers 2023-11-02 19:47:20 +00:00
asn1write.c update headers 2023-11-02 19:47:20 +00:00
base64.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
base64_internal.h update headers 2023-11-02 19:47:20 +00:00
bignum.c Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-30 09:34:41 +00:00
bignum_core.c update headers 2023-11-02 19:47:20 +00:00
bignum_core.h update headers 2023-11-02 19:47:20 +00:00
bignum_mod.c update headers 2023-11-02 19:47:20 +00:00
bignum_mod.h update headers 2023-11-02 19:47:20 +00:00
bignum_mod_raw.c update headers 2023-11-02 19:47:20 +00:00
bignum_mod_raw.h update headers 2023-11-02 19:47:20 +00:00
bignum_mod_raw_invasive.h update headers 2023-11-02 19:47:20 +00:00
block_cipher.c block_cipher: add encrypt() 2023-11-10 12:14:53 +01:00
block_cipher_internal.h block_cipher: add encrypt() 2023-11-10 12:14:53 +01:00
bn_mul.h update headers 2023-11-02 19:47:20 +00:00
camellia.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
ccm.c ccm/gcm: improve code maintainability 2023-11-20 15:17:53 +01:00
chacha20.c update headers 2023-11-02 19:47:20 +00:00
chachapoly.c update headers 2023-11-02 19:47:20 +00:00
check_crypto_config.h update headers 2023-11-02 19:47:20 +00:00
cipher.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
cipher_wrap.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
cipher_wrap.h Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
cmac.c update headers 2023-11-02 19:47:20 +00:00
CMakeLists.txt Start adding internal module block_cipher.c 2023-11-10 11:21:17 +01:00
common.h tidy up macros in mbedtls_xor 2023-11-30 09:35:14 +00:00
constant_time.c update headers 2023-11-02 19:47:20 +00:00
constant_time_impl.h Merge pull request #8515 from mschulz-at-hilscher/fixes/pragma-error-gcc452 2023-11-27 11:28:30 +00:00
constant_time_internal.h update headers 2023-11-02 19:47:20 +00:00
ctr_drbg.c update headers 2023-11-02 19:47:20 +00:00
debug.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
des.c update headers 2023-11-02 19:47:20 +00:00
dhm.c Use MBEDTLS_GET_UINTxx_BE macro 2023-11-21 17:09:46 +00:00
ecdh.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
ecdsa.c update headers 2023-11-02 19:47:20 +00:00
ecjpake.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
ecp.c update headers 2023-11-02 19:47:20 +00:00
ecp_curves.c update headers 2023-11-02 19:47:20 +00:00
ecp_curves_new.c update headers 2023-11-02 19:47:20 +00:00
ecp_internal_alt.h update headers 2023-11-02 19:47:20 +00:00
ecp_invasive.h update headers 2023-11-02 19:47:20 +00:00
entropy.c update headers 2023-11-02 19:47:20 +00:00
entropy_poll.c Fix types in entropy_poll.c 2023-11-21 17:09:46 +00:00
entropy_poll.h update headers 2023-11-02 19:47:20 +00:00
gcm.c ccm/gcm: improve code maintainability 2023-11-20 15:17:53 +01:00
hkdf.c update headers 2023-11-02 19:47:20 +00:00
hmac_drbg.c update headers 2023-11-02 19:47:20 +00:00
lmots.c Use standard byte conversion fns in lms 2023-11-21 17:09:46 +00:00
lmots.h Use standard byte conversion fns in lms 2023-11-21 17:09:46 +00:00
lms.c Use standard byte conversion fns in lms 2023-11-21 17:09:46 +00:00
Makefile Start adding internal module block_cipher.c 2023-11-10 11:21:17 +01:00
md.c update headers 2023-11-02 19:47:20 +00:00
md5.c update headers 2023-11-02 19:47:20 +00:00
md_psa.h update headers 2023-11-02 19:47:20 +00:00
md_wrap.h update headers 2023-11-02 19:47:20 +00:00
memory_buffer_alloc.c update headers 2023-11-02 19:47:20 +00:00
mps_common.h Standardise some more headers 2023-11-03 12:15:12 +00:00
mps_error.h Standardise some more headers 2023-11-03 12:15:12 +00:00
mps_reader.c Standardise some more headers 2023-11-03 12:15:12 +00:00
mps_reader.h Standardise some more headers 2023-11-03 12:15:12 +00:00
mps_trace.c Standardise some more headers 2023-11-03 12:15:12 +00:00
mps_trace.h Standardise some more headers 2023-11-03 12:15:12 +00:00
net_sockets.c update headers 2023-11-02 19:47:20 +00:00
nist_kw.c update headers 2023-11-02 19:47:20 +00:00
oid.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
padlock.c Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
padlock.h update headers 2023-11-02 19:47:20 +00:00
pem.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
pk.c update headers 2023-11-02 19:47:20 +00:00
pk_internal.h update headers 2023-11-02 19:47:20 +00:00
pk_wrap.c update headers 2023-11-02 19:47:20 +00:00
pk_wrap.h update headers 2023-11-02 19:47:20 +00:00
pkcs5.c update headers 2023-11-02 19:47:20 +00:00
pkcs7.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
pkcs12.c update headers 2023-11-02 19:47:20 +00:00
pkparse.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
pkwrite.c update headers 2023-11-02 19:47:20 +00:00
pkwrite.h update headers 2023-11-02 19:47:20 +00:00
platform.c update headers 2023-11-02 19:47:20 +00:00
platform_util.c update headers 2023-11-02 19:47:20 +00:00
poly1305.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto.c Merge pull request #8551 from daverodgman/sign-conversion-part1 2023-11-24 15:12:00 +00:00
psa_crypto_aead.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_aead.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_cipher.c Merge pull request #8444 from Mbed-TLS/cvv-code-size 2023-11-06 12:50:37 +00:00
psa_crypto_cipher.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_client.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_core.h Move enum definition to satisfy check_names.py 2023-11-13 09:52:12 +00:00
psa_crypto_core_common.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_driver_wrappers_no_static.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_ecp.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_ecp.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_ffdh.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_ffdh.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_hash.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_hash.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_invasive.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_its.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_mac.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_mac.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_pake.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_pake.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_random_impl.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_rsa.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_rsa.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_se.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_se.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_slot_management.c Revert "Refactor psa_load_persistent_key_into_slot to remove bad goto" 2023-11-23 16:34:35 +00:00
psa_crypto_slot_management.h update headers 2023-11-02 19:47:20 +00:00
psa_crypto_storage.c update headers 2023-11-02 19:47:20 +00:00
psa_crypto_storage.h update headers 2023-11-02 19:47:20 +00:00
psa_its_file.c Use MBEDTLS_GET_UINTxx_BE macro 2023-11-21 17:09:46 +00:00
psa_util.c update headers 2023-11-02 19:47:20 +00:00
psa_util_internal.h update headers 2023-11-02 19:47:20 +00:00
ripemd160.c update headers 2023-11-02 19:47:20 +00:00
rsa.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
rsa_alt_helpers.c update headers 2023-11-02 19:47:20 +00:00
rsa_alt_helpers.h update headers 2023-11-02 19:47:20 +00:00
sha1.c update headers 2023-11-02 19:47:20 +00:00
sha3.c update headers 2023-11-02 19:47:20 +00:00
sha256.c Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-30 09:34:41 +00:00
sha512.c Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-30 09:34:41 +00:00
ssl_cache.c update headers 2023-11-02 19:47:20 +00:00
ssl_ciphersuites.c ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c 2023-11-08 12:01:26 +08:00
ssl_client.c Merge remote-tracking branch 'origin/development' into sign-conversion-part1 2023-11-24 11:27:18 +00:00
ssl_client.h update headers 2023-11-02 19:47:20 +00:00
ssl_cookie.c update headers 2023-11-02 19:47:20 +00:00
ssl_debug_helpers.h update headers 2023-11-02 19:47:20 +00:00
ssl_misc.h misc type fixes in ssl 2023-11-21 17:09:46 +00:00
ssl_msg.c misc type fixes in ssl 2023-11-21 17:09:46 +00:00
ssl_ticket.c Use MBEDTLS_GET_UINTxx_BE macro 2023-11-21 17:09:46 +00:00
ssl_tls.c Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size 2023-12-01 08:27:26 +00:00
ssl_tls12_client.c Use MBEDTLS_GET_UINTxx_BE macro 2023-11-21 17:09:46 +00:00
ssl_tls12_server.c misc type fixes in ssl 2023-11-21 17:09:46 +00:00
ssl_tls13_client.c tls13: early_data: cli: rename early_data parser in nst 2023-11-30 16:49:51 +08:00
ssl_tls13_generic.c update headers 2023-11-02 19:47:20 +00:00
ssl_tls13_invasive.h update headers 2023-11-02 19:47:20 +00:00
ssl_tls13_keys.c Fix header in ssl_tls13_keys.c 2023-11-03 10:29:25 +00:00
ssl_tls13_keys.h Fix overlooked files 2023-11-02 20:43:00 +00:00
ssl_tls13_server.c tls13: srv: check tls version in ClientHello with min_tls_version 2023-12-04 17:50:36 +08:00
threading.c Fix comment typos 2023-11-23 18:53:13 +00:00
timing.c update headers 2023-11-02 19:47:20 +00:00
version.c update headers 2023-11-02 19:47:20 +00:00
x509.c update headers 2023-11-02 19:47:20 +00:00
x509_create.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
x509_crl.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
x509_crt.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
x509_csr.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
x509write.c update headers 2023-11-02 19:47:20 +00:00
x509write_crt.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00
x509write_csr.c Use size_t cast for pointer subtractions 2023-11-21 17:09:46 +00:00