Add TLS 1.3 record layer to go implementation.
This implements the cipher suite constraints in "fake TLS 1.3". It also makes
bssl_shim and runner enable it by default so we can start adding MaxVersion:
VersionTLS12 markers to tests as 1.2 vs. 1.3 differences begin to take effect.
Change-Id: If1caf6e43938c8d15b0a0f39f40963b8199dcef5
Reviewed-on: https://boringssl-review.googlesource.com/8340
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 9b96bcd..2d49200 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -591,6 +591,8 @@
(cipher->algorithm_auth & ssl->cert->mask_a)) {
continue;
}
+ /* TODO(davidben): Also check |SSL_CIPHER_get_max_version| against the
+ * minimum enabled version. See https://crbug.com/boringssl/66. */
if (SSL_CIPHER_get_min_version(cipher) >
ssl3_version_from_wire(ssl, ssl->client_version)) {
continue;
@@ -864,7 +866,8 @@
/* If the cipher is disabled then we didn't sent it in the ClientHello, so if
* the server selected it, it's an error. */
if ((c->algorithm_mkey & ct->mask_k) || (c->algorithm_auth & ct->mask_a) ||
- SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl)) {
+ SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl) ||
+ SSL_CIPHER_get_max_version(c) < ssl3_protocol_version(ssl)) {
al = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
goto f_err;