Add SSL_[CTX_]_set_compliance_policy.
These functions aid in meeting specific compliance goals and allows
configuration of things like TLS 1.3 cipher suites, which are otherwise
not configurable.
Change-Id: I668afc734a19ecd4b996eaa23be73ce259b13fa2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52625
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index af2120c..bd0f820 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -192,11 +192,15 @@
}
// The cipher suite must be one we offered. We currently offer all supported
- // TLS 1.3 ciphers, so check the version.
+ // TLS 1.3 ciphers unless policy controls limited it. So we check the version
+ // and that it's ok per policy.
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(server_hello.cipher_suite);
if (cipher == nullptr ||
SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
- SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) {
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
+ !ssl_tls13_cipher_meets_policy(
+ SSL_CIPHER_get_value(cipher),
+ ssl->config->only_fips_cipher_suites_in_tls13)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
@@ -372,7 +376,7 @@
}
// Check the cipher suite, in case this is after HelloRetryRequest.
- if (SSL_CIPHER_get_value(hs->new_cipher) != server_hello.cipher_suite) {
+ if (SSL_CIPHER_get_protocol_id(hs->new_cipher) != server_hello.cipher_suite) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
