2 files changed, 96 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index f93f44ceba..de2c1c19d2 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.111 2022/06/03 13:29:39 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1832,6 +1832,76 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 0;
 }
+/*
+ * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.
+ */
+int
+tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)
+{
+        return (s->s3->hs.tls13.use_psk_dhe_ke &&
+            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
+}
+int
+tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
+{
+        CBB ke_modes;
+        if (!CBB_add_u8_length_prefixed(cbb, &ke_modes))
+                return 0;
+        /* Only indicate support for PSK with DHE key establishment. */
+        if (!CBB_add_u8(&ke_modes, TLS13_PSK_DHE_KE))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
+    int *alert)
+{
+        CBS ke_modes;
+        uint8_t ke_mode;
+        if (!CBS_get_u8_length_prefixed(cbs, &ke_modes))
+                return 0;
+        while (CBS_len(&ke_modes) > 0) {
+                if (!CBS_get_u8(&ke_modes, &ke_mode))
+                        return 0;
+                if (ke_mode == TLS13_PSK_DHE_KE)
+                        s->s3->hs.tls13.use_psk_dhe_ke = 1;
+        }
+        return 1;
+}
+int
+tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)
+{
+        /* Servers MUST NOT send this extension. */
+        return 0;
+}
+int
+tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
+{
+        return 0;
+}
+int
+tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
+    int *alert)
+{
+        return 0;
+}
 struct tls_extension_funcs {
        int (*needs)(SSL *s, uint16_t msg_type);
        int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
@@ -2018,8 +2088,22 @@ static const struct tls_extension tls_extensions[] = {
                        .build = tlsext_srtp_server_build,
                        .parse = tlsext_srtp_server_parse,
                },
-        }
+        },
 #endif /* OPENSSL_NO_SRTP */
+        {
+                .type = TLSEXT_TYPE_psk_key_exchange_modes,
+                .messages = SSL_TLSEXT_MSG_CH,
+                .client = {
+                        .needs = tlsext_psk_kex_modes_client_needs,
+                        .build = tlsext_psk_kex_modes_client_build,
+                        .parse = tlsext_psk_kex_modes_client_parse,
+                },
+                .server = {
+                        .needs = tlsext_psk_kex_modes_server_needs,
+                        .build = tlsext_psk_kex_modes_server_build,
+                        .parse = tlsext_psk_kex_modes_server_parse,
+                },
+        },
 };
 #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index b4c135fdf1..5f5a852abe 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.27 2021/11/01 16:37:17 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.28 2022/06/03 13:29:39 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -119,6 +119,15 @@ int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
 int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
+int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type);
+int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
+int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
+    int *alert);
+int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type);
+int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
+int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
+    int *alert);
 #ifndef OPENSSL_NO_SRTP
 int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
 int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f93f44ceba..de2c1c19d2 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.111 2022/06/03 13:29:39 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1832,6 +1832,76 @@ tlsext_cookie_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1832	return 0;	1832	return 0;
1833	}	1833	}
1834		1834
		1835	/*
		1836	* Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.
		1837	*/
		1838
		1839	int
		1840	tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)
		1841	{
		1842	return (s->s3->hs.tls13.use_psk_dhe_ke &&
		1843	s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
		1844	}
		1845
		1846	int
		1847	tlsext_psk_kex_modes_client_build(SSL s, uint16_t msg_type, CBB cbb)
		1848	{
		1849	CBB ke_modes;
		1850
		1851	if (!CBB_add_u8_length_prefixed(cbb, &ke_modes))
		1852	return 0;
		1853
		1854	/* Only indicate support for PSK with DHE key establishment. */
		1855	if (!CBB_add_u8(&ke_modes, TLS13_PSK_DHE_KE))
		1856	return 0;
		1857
		1858	if (!CBB_flush(cbb))
		1859	return 0;
		1860
		1861	return 1;
		1862	}
		1863
		1864	int
		1865	tlsext_psk_kex_modes_server_parse(SSL s, uint16_t msg_type, CBS cbs,
		1866	int *alert)
		1867	{
		1868	CBS ke_modes;
		1869	uint8_t ke_mode;
		1870
		1871	if (!CBS_get_u8_length_prefixed(cbs, &ke_modes))
		1872	return 0;
		1873
		1874	while (CBS_len(&ke_modes) > 0) {
		1875	if (!CBS_get_u8(&ke_modes, &ke_mode))
		1876	return 0;
		1877
		1878	if (ke_mode == TLS13_PSK_DHE_KE)
		1879	s->s3->hs.tls13.use_psk_dhe_ke = 1;
		1880	}
		1881
		1882	return 1;
		1883	}
		1884
		1885	int
		1886	tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)
		1887	{
		1888	/* Servers MUST NOT send this extension. */
		1889	return 0;
		1890	}
		1891
		1892	int
		1893	tlsext_psk_kex_modes_server_build(SSL s, uint16_t msg_type, CBB cbb)
		1894	{
		1895	return 0;
		1896	}
		1897
		1898	int
		1899	tlsext_psk_kex_modes_client_parse(SSL s, uint16_t msg_type, CBS cbs,
		1900	int *alert)
		1901	{
		1902	return 0;
		1903	}
		1904
1835	struct tls_extension_funcs {	1905	struct tls_extension_funcs {
1836	int (needs)(SSL s, uint16_t msg_type);	1906	int (needs)(SSL s, uint16_t msg_type);
1837	int (build)(SSL s, uint16_t msg_type, CBB *cbb);	1907	int (build)(SSL s, uint16_t msg_type, CBB *cbb);
@@ -2018,8 +2088,22 @@ static const struct tls_extension tls_extensions[] = {
2018	.build = tlsext_srtp_server_build,	2088	.build = tlsext_srtp_server_build,
2019	.parse = tlsext_srtp_server_parse,	2089	.parse = tlsext_srtp_server_parse,
2020	},	2090	},
2021	}	2091	},
2022	#endif /* OPENSSL_NO_SRTP */	2092	#endif /* OPENSSL_NO_SRTP */
		2093	{
		2094	.type = TLSEXT_TYPE_psk_key_exchange_modes,
		2095	.messages = SSL_TLSEXT_MSG_CH,
		2096	.client = {
		2097	.needs = tlsext_psk_kex_modes_client_needs,
		2098	.build = tlsext_psk_kex_modes_client_build,
		2099	.parse = tlsext_psk_kex_modes_client_parse,
		2100	},
		2101	.server = {
		2102	.needs = tlsext_psk_kex_modes_server_needs,
		2103	.build = tlsext_psk_kex_modes_server_build,
		2104	.parse = tlsext_psk_kex_modes_server_parse,
		2105	},
		2106	},
2023	};	2107	};
2024		2108
2025	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))	2109	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index b4c135fdf1..5f5a852abe 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.27 2021/11/01 16:37:17 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.28 2022/06/03 13:29:39 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -119,6 +119,15 @@ int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
119	int tlsext_cookie_server_build(SSL s, uint16_t msg_type, CBB cbb);	119	int tlsext_cookie_server_build(SSL s, uint16_t msg_type, CBB cbb);
120	int tlsext_cookie_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	120	int tlsext_cookie_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
121		121
		122	int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type);
		123	int tlsext_psk_kex_modes_client_build(SSL s, uint16_t msg_type, CBB cbb);
		124	int tlsext_psk_kex_modes_client_parse(SSL s, uint16_t msg_type, CBS cbs,
		125	int *alert);
		126	int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type);
		127	int tlsext_psk_kex_modes_server_build(SSL s, uint16_t msg_type, CBB cbb);
		128	int tlsext_psk_kex_modes_server_parse(SSL s, uint16_t msg_type, CBS cbs,
		129	int *alert);
		130
122	#ifndef OPENSSL_NO_SRTP	131	#ifndef OPENSSL_NO_SRTP
123	int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);	132	int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
124	int tlsext_srtp_client_build(SSL s, uint16_t msg_type, CBB cbb);	133	int tlsext_srtp_client_build(SSL s, uint16_t msg_type, CBB cbb);