Add support for the psk_key_exchange_modes extension (b2f7e8c0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2281,6 +2281,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470
		# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471
		# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472
		# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509
		# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473
		# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474
		# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475

+1 −0

Original line number	Diff line number	Diff line
		@@ -178,6 +178,7 @@ extern "C" {
		/* As defined for TLS1.3 */
		# define TLSEXT_TYPE_key_share 40
		# define TLSEXT_TYPE_supported_versions 43
		# define TLSEXT_TYPE_psk_kex_modes 45

		/* Temporary extension type */
		# define TLSEXT_TYPE_renegotiate 0xff01

+2 −0

Original line number	Diff line number	Diff line
		@@ -300,6 +300,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_NPN), "tls_construct_ctos_npn"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PADDING),
		"tls_construct_ctos_padding"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES),
		"tls_construct_ctos_psk_kex_modes"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE),
		"tls_construct_ctos_renegotiate"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SCT), "tls_construct_ctos_sct"},

+15 −0

Original line number	Diff line number	Diff line
		@@ -1105,6 +1105,9 @@ struct ssl_st {
		*/
		unsigned char *npn;
		size_t npn_len;

		/* The selected PSK key exchange mode */
		int psk_kex_mode;
		} ext;

		/*-
		@@ -1680,6 +1683,7 @@ typedef enum tlsext_index_en {
		TLSEXT_IDX_signed_certificate_timestamp,
		TLSEXT_IDX_extended_master_secret,
		TLSEXT_IDX_supported_versions,
		TLSEXT_IDX_psk_kex_modes,
		TLSEXT_IDX_key_share,
		TLSEXT_IDX_cryptopro_bug,
		TLSEXT_IDX_padding
		@@ -1711,6 +1715,17 @@ typedef enum tlsext_index_en {
		#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef
		#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded

		/* Known PSK key exchange modes */
		#define TLSEXT_KEX_MODE_KE 0x00
		#define TLSEXT_KEX_MODE_KE_DHE 0x01

		/*
		* Internal representations of key exchange modes
		*/
		#define TLSEXT_KEX_MODE_FLAG_NONE 0
		#define TLSEXT_KEX_MODE_FLAG_KE 1
		#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2

		#define SIGID_IS_PSS(sigid) ((sigid) == TLSEXT_SIGALG_rsa_pss_sha256 \
		\|\| (sigid) == TLSEXT_SIGALG_rsa_pss_sha384 \
		\|\| (sigid) == TLSEXT_SIGALG_rsa_pss_sha512)

+15 −0

Original line number	Diff line number	Diff line
		@@ -35,6 +35,7 @@ static int init_srp(SSL *s, unsigned int context);
		static int init_etm(SSL *s, unsigned int context);
		static int init_ems(SSL *s, unsigned int context);
		static int final_ems(SSL s, unsigned int context, int sent, int al);
		static int init_psk_kex_modes(SSL *s, unsigned int context);
		#ifndef OPENSSL_NO_SRTP
		static int init_srtp(SSL *s, unsigned int context);
		#endif
		@@ -234,6 +235,13 @@ static const EXTENSION_DEFINITION ext_defs[] = {
		/* Processed inline as part of version selection */
		NULL, NULL, NULL, tls_construct_ctos_supported_versions, NULL
		},
		{
		/* Must be before key_share */
		TLSEXT_TYPE_psk_kex_modes,
		EXT_CLIENT_HELLO \| EXT_TLS_IMPLEMENTATION_ONLY \| EXT_TLS1_3_ONLY,
		init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
		tls_construct_ctos_psk_kex_modes, NULL
		},
		{
		/*
		* Must be in this list after supported_groups. We need that to have
		@@ -938,3 +946,10 @@ static int final_sig_algs(SSL s, unsigned int context, int sent, int al)

		return 1;
		}

		static int init_psk_kex_modes(SSL *s, unsigned int context)
		{
		s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;

		return 1;
		}