Commit 9368f865 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add TLSv1.3 client side external PSK support 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
parent 3a7c56b2

crypto/err/openssl.txt

+1 −0
Original line number Diff line number Diff line
@@ -2137,6 +2137,7 @@ SSL_R_BAD_KEY_UPDATE:122:bad key update 
SSL_R_BAD_LENGTH:271:bad length

SSL_R_BAD_PACKET_LENGTH:115:bad packet length

SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number

SSL_R_BAD_PSK:219:bad psk

SSL_R_BAD_PSK_IDENTITY:114:bad psk identity

SSL_R_BAD_RECORD_TYPE:443:bad record type

SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt

include/openssl/ssl.h

+4 −0
Original line number Diff line number Diff line
@@ -767,6 +767,10 @@ typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, 
                                            const unsigned char *identity,

                                            size_t identity_len,

                                            SSL_SESSION **sess);

typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,

                                           const unsigned char **id,

                                           size_t *idlen,

                                           SSL_SESSION **sess);

void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);

void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);

include/openssl/sslerr.h

+1 −0
Original line number Diff line number Diff line
@@ -381,6 +381,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_R_BAD_LENGTH                                 271

# define SSL_R_BAD_PACKET_LENGTH                          115

# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116

# define SSL_R_BAD_PSK                                    219

# define SSL_R_BAD_PSK_IDENTITY                           114

# define SSL_R_BAD_RECORD_TYPE                            443

# define SSL_R_BAD_RSA_ENCRYPT                            119

ssl/ssl_err.c

+1 −0
Original line number Diff line number Diff line
@@ -594,6 +594,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { 
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER),

    "bad protocol version number"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},

ssl/ssl_lib.c

+3 −0
Original line number Diff line number Diff line
@@ -419,6 +419,8 @@ int SSL_clear(SSL *s) 
        SSL_SESSION_free(s->session);

        s->session = NULL;

    }

    SSL_SESSION_free(s->psksession);

    s->psksession = NULL;



    s->error = 0;

    s->hit = 0;
@@ -969,6 +971,7 @@ void SSL_free(SSL *s) 
        ssl_clear_bad_session(s);

        SSL_SESSION_free(s->session);

    }

    SSL_SESSION_free(s->psksession);



    clear_ciphers(s);