From: tb <tb@openbsd.org>
Date: Fri, 3 Jun 2022 13:31:49 +0000 (+0000)
Subject: Add stubbed out handlers for the pre_shared_key extension
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=64fb9c0c153c1c8aacd6407e8bc4302fdc530dd4;p=openbsd

Add stubbed out handlers for the pre_shared_key extension

ok jsing
---

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index de2c1c19d24..f0490de5087 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.111 2022/06/03 13:29:39 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.112 2022/06/03 13:31:49 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1902,6 +1902,46 @@ tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
 	return 0;
 }
 
+/*
+ * Pre-Shared Key Extension - RFC 8446, 4.2.11
+ */
+
+int
+tlsext_psk_client_needs(SSL *s, uint16_t msg_type)
+{
+	return 0;
+}
+
+int
+tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
+{
+	return 0;
+}
+
+int
+tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
+{
+	return 0;
+}
+
+int
+tlsext_psk_server_needs(SSL *s, uint16_t msg_type)
+{
+	return 0;
+}
+
+int
+tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
+{
+	return 0;
+}
+
+int
+tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
+{
+	return 0;
+}
+
 struct tls_extension_funcs {
 	int (*needs)(SSL *s, uint16_t msg_type);
 	int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
@@ -2104,6 +2144,22 @@ static const struct tls_extension tls_extensions[] = {
 			.parse = tlsext_psk_kex_modes_server_parse,
 		},
 	},
+	{
+		/* MUST be last extension in CH per RFC 8446 section 4.2. */
+
+		.type = TLSEXT_TYPE_pre_shared_key,
+		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
+		.client = {
+			.needs = tlsext_psk_client_needs,
+			.build = tlsext_psk_client_build,
+			.parse = tlsext_psk_client_parse,
+		},
+		.server = {
+			.needs = tlsext_psk_server_needs,
+			.build = tlsext_psk_server_build,
+			.parse = tlsext_psk_server_parse,
+		},
+	},
 };
 
 #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h
index 5f5a852abe8..3439255fd6e 100644
--- a/lib/libssl/ssl_tlsext.h
+++ b/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.28 2022/06/03 13:29:39 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.29 2022/06/03 13:31:49 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -128,6 +128,13 @@ int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
     int *alert);
 
+int tlsext_psk_client_needs(SSL *s, uint16_t msg_type);
+int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
+int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
+int tlsext_psk_server_needs(SSL *s, uint16_t msg_type);
+int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
+int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
+
 #ifndef OPENSSL_NO_SRTP
 int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
 int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);