From 881f1960755591e5316eb6163ce47e8b22ca5593 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 10 Aug 2016 18:29:12 -0400
Subject: [PATCH] Make ECDHE_PSK + AES_GCM unmatchable.

These are probably a good idea to ship so long as we have the PSK
callbacks at all, but they're not *completely* standard yet and Android
tests otherwise need updating to know about them. We don't care enough
about PSK to be in a rush to ship them, and taking them out is an easier
default action until then.

Change-Id: Ic646053d29b69a114e2efea61d593d5e912bdcd0
Reviewed-on: https://boringssl-review.googlesource.com/10225
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 ssl/ssl_cipher.c          | 23 ++++++++++++++++-------
 ssl/test/runner/runner.go |  5 +++++
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 957f032c..3810667f 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1136,13 +1136,22 @@ static void ssl_cipher_apply_rule(
       if (strength_bits != SSL_CIPHER_get_bits(cp, NULL)) {
         continue;
       }
-    } else if (!(alg_mkey & cp->algorithm_mkey) ||
-               !(alg_auth & cp->algorithm_auth) ||
-               !(alg_enc & cp->algorithm_enc) ||
-               !(alg_mac & cp->algorithm_mac) ||
-               (min_version != 0 &&
-                SSL_CIPHER_get_min_version(cp) != min_version)) {
-      continue;
+    } else {
+      if (!(alg_mkey & cp->algorithm_mkey) ||
+          !(alg_auth & cp->algorithm_auth) ||
+          !(alg_enc & cp->algorithm_enc) ||
+          !(alg_mac & cp->algorithm_mac) ||
+          (min_version != 0 && SSL_CIPHER_get_min_version(cp) != min_version)) {
+        continue;
+      }
+
+      /* The following ciphers are internal implementation details of TLS 1.3
+       * resumption but are not yet finalized. Disable them by default until
+       * then. */
+      if (cp->id == TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ||
+          cp->id == TLS1_CK_ECDHE_PSK_WITH_AES_256_GCM_SHA384) {
+        continue;
+      }
     }
 
     /* add the cipher if it has not been added yet. */
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 09a6fccb..4cb22b1c 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2269,6 +2269,11 @@ func addCipherSuiteTests() {
 			// CECPQ1 ciphers must be explicitly enabled.
 			flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
 		}
+		if hasComponent(suite.name, "ECDHE-PSK") && hasComponent(suite.name, "GCM") {
+			// ECDHE_PSK AES_GCM ciphers must be explicitly enabled
+			// for now.
+			flags = append(flags, "-cipher", suite.name)
+		}
 
 		for _, ver := range tlsVersions {
 			for _, protocol := range []protocol{tls, dtls} {