Make ECDHE_PSK + AES_GCM unmatchable.

These are probably a good idea to ship so long as we have the PSK callbacks at all, but they're not *completely* standard yet and Android tests otherwise need updating to know about them. We don't care enough about PSK to be in a rush to ship them, and taking them out is an easier default action until then. Change-Id: Ic646053d29b69a114e2efea61d593d5e912bdcd0 Reviewed-on: https://boringssl-review.googlesource.com/10225 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-10 18:29:12 -04:00 · 2016-08-10 18:29:12 -04:00 · 881f196075
commit 881f196075
parent 79c576c0e1
2 changed files with 21 additions and 7 deletions
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@ -1136,15 +1136,24 @@ static void ssl_cipher_apply_rule(
      if (strength_bits != SSL_CIPHER_get_bits(cp, NULL)) {
        continue;
      }
-    } else if (!(alg_mkey & cp->algorithm_mkey) ||
+    } else {
+      if (!(alg_mkey & cp->algorithm_mkey) ||
          !(alg_auth & cp->algorithm_auth) ||
          !(alg_enc & cp->algorithm_enc) ||
          !(alg_mac & cp->algorithm_mac) ||
-               (min_version != 0 &&
-                SSL_CIPHER_get_min_version(cp) != min_version)) {
+          (min_version != 0 && SSL_CIPHER_get_min_version(cp) != min_version)) {
        continue;
      }

+      /* The following ciphers are internal implementation details of TLS 1.3
+       * resumption but are not yet finalized. Disable them by default until
+       * then. */
+      if (cp->id == TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ||
+          cp->id == TLS1_CK_ECDHE_PSK_WITH_AES_256_GCM_SHA384) {
+        continue;
+      }
+    }
+
    /* add the cipher if it has not been added yet. */
    if (rule == CIPHER_ADD) {
      /* reverse == 0 */
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -2269,6 +2269,11 @@ func addCipherSuiteTests() {
 			// CECPQ1 ciphers must be explicitly enabled.
 			flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
 		}
+		if hasComponent(suite.name, "ECDHE-PSK") && hasComponent(suite.name, "GCM") {
+			// ECDHE_PSK AES_GCM ciphers must be explicitly enabled
+			// for now.
+			flags = append(flags, "-cipher", suite.name)
+		}

 		for _, ver := range tlsVersions {
 			for _, protocol := range []protocol{tls, dtls} {