Fix up TLS 1.3 PSK placeholder logic in the Go code.

We need EnableAllCiphers to make progress so, temporarily, defer the PSK error. Also flip a true/false bug in the OCSP stapling logic. Change-Id: Iad597c84393e1400c42b8b290eedc16f73f5ed30 Reviewed-on: https://boringssl-review.googlesource.com/8766 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
2016-07-13 17:26:02 -04:00 · 2016-07-13 17:26:02 -04:00 · c87ebdec57
commit c87ebdec57
parent c78aa4a351
1 changed files with 5 additions and 7 deletions
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@ -328,13 +328,9 @@ Curves:
 	hs.writeClientHash(hs.clientHello.marshal())

 	// Resolve PSK and compute the early secret.
-	var psk []byte
-	if hs.suite.flags&suitePSK != 0 {
-		return errors.New("tls: PSK ciphers not implemented for TLS 1.3")
-	} else {
-		psk = hs.finishedHash.zeroSecret()
-		hs.finishedHash.setResumptionContext(hs.finishedHash.zeroSecret())
-	}
+	// TODO(davidben): Implement PSK in TLS 1.3.
+	psk := hs.finishedHash.zeroSecret()
+	hs.finishedHash.setResumptionContext(hs.finishedHash.zeroSecret())

 	earlySecret := hs.finishedHash.extractKey(hs.finishedHash.zeroSecret(), psk)

@ -392,6 +388,8 @@ Curves:
 	c.in.updateKeys(deriveTrafficAEAD(c.vers, hs.suite, handshakeTrafficSecret, handshakePhase, clientWrite), c.vers)

 	if hs.suite.flags&suitePSK != 0 {
+		return errors.New("tls: PSK ciphers not implemented for TLS 1.3")
+	} else {
 		if hs.clientHello.ocspStapling {
 			encryptedExtensions.extensions.ocspResponse = hs.cert.OCSPStaple
 		}