[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / cipher_suites.go

diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go
index 45a888dd6af73ed8c69b08988fad11a64949566a..4cea5dca8955fe094322977f86986bebd8a2eed1 100644 (file)
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@@ -40,7 +40,7 @@ type keyAgreement interface {
 }
 
 const (
-       // suiteECDH indicates that the cipher suite involves elliptic curve
+       // suiteECDHE indicates that the cipher suite involves elliptic curve
        // Diffie-Hellman. This means that it should only be selected when the
        // client indicates that it supports ECC with a curve and point format
        // that we're happy with.
@@ -105,6 +105,24 @@ var cipherSuites = []*cipherSuite{
        {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteDefaultOff, cipherRC4, macSHA1, nil},
 }
 
+// selectCipherSuite returns the first cipher suite from ids which is also in
+// supportedIDs and passes the ok filter.
+func selectCipherSuite(ids, supportedIDs []uint16, ok func(*cipherSuite) bool) *cipherSuite {
+       for _, id := range ids {
+               candidate := cipherSuiteByID(id)
+               if candidate == nil || !ok(candidate) {
+                       continue
+               }
+
+               for _, suppID := range supportedIDs {
+                       if id == suppID {
+                               return candidate
+                       }
+               }
+       }
+       return nil
+}
+
 // A cipherSuiteTLS13 defines only the pair of the AEAD algorithm and hash
 // algorithm to be used with HKDF. See RFC 8446, Appendix B.4.
 type cipherSuiteTLS13 struct {