Google Git
Sign in
boringssl/boringssl/1fd39d84cf616fb126a33b771830477fd321f39e^!/./ssl/ssl_cipher.c
commit
1fd39d84cf616fb126a33b771830477fd321f39e
[log] [tgz]
author
Nick Harper <nharper@chromium.org>
Tue Jun 14 18:14:35 2016 -0700
committer
David Benjamin <davidben@google.com>
Tue Jun 21 21:43:40 2016 +0000
tree
9411648376420416ee871ea48dc293f65e46433f
parent
c9a43688780a7808d54a20283a3ee96d80adeb25 [diff] [blame]
Add TLS 1.3 record layer to go implementation.

This implements the cipher suite constraints in "fake TLS 1.3". It also makes
bssl_shim and runner enable it by default so we can start adding MaxVersion:
VersionTLS12 markers to tests as 1.2 vs. 1.3 differences begin to take effect.

Change-Id: If1caf6e43938c8d15b0a0f39f40963b8199dcef5
Reviewed-on: https://boringssl-review.googlesource.com/8340
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 539472d..3c4f325 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c

@@ -1727,6 +1727,15 @@
   return SSL3_VERSION;
 }
 
+uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher) {
+  if (cipher->algorithm_mac == SSL_AEAD &&
+      (cipher->algorithm_enc & SSL_CHACHA20POLY1305_OLD) == 0 &&
+      (cipher->algorithm_mkey & SSL_kECDHE) != 0) {
+    return TLS1_3_VERSION;
+  }
+  return TLS1_2_VERSION;
+}
+
 /* return the actual cipher being used */
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) {
   if (cipher != NULL) {