Construct the client side psk extension for TLSv1.3

# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)

# define SSL_MAX_KEY_ARG_LENGTH                  8

# define SSL_MAX_MASTER_KEY_LENGTH               48

# define SSL_MAX_MASTER_KEY_LENGTH               64

/* The maximum number of encrypt/decrypt pipelines we can support */

# define SSL_MAX_PIPELINES  32

# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471

# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472

# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509

# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501

# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473

# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474

# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475

# define SSL_R_BAD_LENGTH                                 271

# define SSL_R_BAD_PACKET_LENGTH                          115

# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116

# define SSL_R_BAD_PSK_IDENTITY                           114

# define SSL_R_BAD_RECORD_TYPE                            443

# define SSL_R_BAD_RSA_ENCRYPT                            119

# define SSL_R_BAD_SIGNATURE                              123

/* As defined for TLS1.3 */

# define TLSEXT_TYPE_key_share                   40

# define TLSEXT_TYPE_psk                         41

# define TLSEXT_TYPE_supported_versions          43

# define TLSEXT_TYPE_psk_kex_modes               45

    return (1);

}

const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)

{

    SSL_CIPHER c;

    c.id = id;

    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);

}

/*

 * This function needs to check if the ciphers required are actually

 * available

 */

const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)

{

    SSL_CIPHER c;

    const SSL_CIPHER *cp;

    uint32_t id;

    id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];

    c.id = id;

    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);

    return cp;

    return ssl3_get_cipher_by_id(0x03000000

                                 | ((uint32_t)p[0] << 8L)

                                 | (uint32_t)p[1]);

}

int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)

    if (gensecret) {

        if (SSL_IS_TLS13(s)) {

            /*

             * TODO(TLS1.3): For now we just use the default early_secret, this

             * will need to change later when other early_secrets will be

             * possible.

             * If we are resuming then we already generated the early secret

             * when we created the ClientHello, so don't recreate it.

             */

            rv = tls13_generate_early_secret(s, NULL, 0)

                 && tls13_generate_handshake_secret(s, pms, pmslen);

            OPENSSL_free(pms);

            if (!s->hit)

                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,

                                           0,

                                           (unsigned char *)&s->early_secret);

            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);

        } else {

            /* Generate master secret and discard premaster */

            rv = ssl_generate_master_secret(s, pms, pmslen, 1);

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_NPN), "tls_construct_ctos_npn"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PADDING),

     "tls_construct_ctos_padding"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PSK), "tls_construct_ctos_psk"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES),

     "tls_construct_ctos_psk_kex_modes"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE),

    int ssl_version;            /* what ssl version session info is being kept

                                 * in here? */

    size_t master_key_length;

    /*

     * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption

     * master secret

     */

    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

    /* session_id - valid? */

    size_t session_id_length;

        size_t ticklen;      /* Session ticket length */

        /* Session lifetime hint in seconds */

        unsigned long tick_lifetime_hint;

        int tick_identity;

    } ext;

# ifndef OPENSSL_NO_SRP

    char *srp_username;

     */

    uint32_t mac_flags;

    /*

     * The TLS1.3 early_secret and handshake_secret. The master_secret is stored

     * in the session.

     * The TLS1.3 secrets. The resumption master secret is stored in the

     * session.

     */

    unsigned char early_secret[EVP_MAX_MD_SIZE];

    unsigned char handshake_secret[EVP_MAX_MD_SIZE];

    unsigned char master_secret[EVP_MAX_MD_SIZE];

    unsigned char client_finished_secret[EVP_MAX_MD_SIZE];

    unsigned char server_finished_secret[EVP_MAX_MD_SIZE];

    unsigned char server_finished_hash[EVP_MAX_MD_SIZE];

    TLSEXT_IDX_psk_kex_modes,

    TLSEXT_IDX_key_share,

    TLSEXT_IDX_cryptopro_bug,

    TLSEXT_IDX_padding

    TLSEXT_IDX_padding,

    TLSEXT_IDX_psk

} TLSEXT_INDEX;

/*

#define TLSEXT_KEX_MODE_FLAG_KE                                 1

#define TLSEXT_KEX_MODE_FLAG_KE_DHE                             2

/* An invalid index into the TLSv1.3 PSK identities */

#define TLSEXT_PSK_BAD_IDENTITY                                 -1

#define SIGID_IS_PSS(sigid) ((sigid) == TLSEXT_SIGALG_rsa_pss_sha256 \

                             || (sigid) == TLSEXT_SIGALG_rsa_pss_sha384 \

                             || (sigid) == TLSEXT_SIGALG_rsa_pss_sha512)

                      int genmaster);

__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);

__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);

__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);

__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,

                                   size_t *len);

__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,

                                     unsigned char *p);

__owur int tls13_change_cipher_state(SSL *s, int which);

__owur int tls13_hkdf_expand(SSL *s, const unsigned char *secret,

__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,

                             const unsigned char *secret,

                             const unsigned char *label, size_t labellen,

                             const unsigned char *hash,

                             unsigned char *out, size_t outlen);

                            unsigned char *key, size_t keylen);

__owur int tls13_derive_iv(SSL *s, const unsigned char *secret,

                           unsigned char *iv, size_t ivlen);

__owur int tls13_generate_early_secret(SSL *s, const unsigned char *insecret,

                                       size_t insecretlen);

__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,

                                    const unsigned char *secret,

                                    unsigned char *fin, size_t finlen);

int tls13_generate_secret(SSL *s, const EVP_MD *md,

                          const unsigned char *prevsecret,

                          const unsigned char *insecret,

                          size_t insecretlen,

                          unsigned char *outsecret);

__owur int tls13_generate_handshake_secret(SSL *s,

                                           const unsigned char *insecret,

                                           size_t insecretlen);