[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743

(manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)

2 files changed, 8 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index 8a33c22774..ca60f359c9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,11 @@
 
  Changes between 1.1.1m and 1.1.1n [xx XXX xxxx]
 
-  *)
+  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+     to the list of ciphersuites providing Perfect Forward Secrecy as
+     required by SECLEVEL >= 3.
+
+     [Dmitry Belyavskiy, Nicola Tuveri]
 
  Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
 
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0f6a54a362..d52947e2a0 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -901,7 +901,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                                          int op, int bits, int nid, void *other,
                                          void *ex)
 {
-    int level, minbits;
+    int level, minbits, pfs_mask;
 
     minbits = ssl_get_security_level_bits(s, ctx, &level);
 
@@ -936,8 +936,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
             if (level >= 2 && c->algorithm_enc == SSL_RC4)
                 return 0;
             /* Level 3: forward secure ciphersuites only */
+            pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
             if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
-                               !(c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)))
+                               !(c->algorithm_mkey & pfs_mask))
                 return 0;
             break;
         }