Skip to content

openssl: Introduce TLS PSK support#22057

Open
bukka wants to merge 1 commit into
php:masterfrom
bukka:openssl_tls_psk
Open

openssl: Introduce TLS PSK support#22057
bukka wants to merge 1 commit into
php:masterfrom
bukka:openssl_tls_psk

Conversation

@bukka
Copy link
Copy Markdown
Member

@bukka bukka commented May 15, 2026

Adds pre-shared key authentication for OpenSSL streams, covering both TLS 1.2 (PSK ciphersuites) and TLS 1.3 (PSK as an external resumed session).

The Openssl\Psk class is following:

namespace Openssl;

final class Psk {
    public const int MAX_PSK_LEN;
    public const int MAX_IDENTITY_LEN;
    public readonly string $psk;
    public readonly ?string $identity;
    public function __construct(string $psk, ?string $identity = null);
}

Two new options under the ssl context:

  • psk_client_cb: callable(resource $stream): ?Openssl\Psk
    Called on the client during the handshake to obtain the PSK and identity. Return null to decline PSK. The returned Psk must have a non-null identity.
  • psk_server_cb: callable(resource $stream, string $identity): ?Openssl\Psk
    Called on the server with the identity offered by the client. Return null to reject the identity. Only the key is read from the returned Psk.

For TLS 1.3 servers a default session_id_context is installed when the user does not supply one, since OpenSSL processes PSK as session resumption and would otherwise reject the constructed SSL_SESSION with SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED under the default SSL_VERIFY_PEER configuration. An explicit session_id_context still takes precedence.

The RFC is not planned unless there are objections as it mirrors the previous Session proposal including all API decisions from it.

@bukka
openssl: Introduce TLS PSK support
8f6f2db 
Add stream context options psk_client_cb and psk_server_cb that
let clients and servers negotiate pre-shared key authentication
on both TLS 1.2 and TLS 1.3. Callbacks return an Openssl\Psk
instance carrying the key and, on clients, the identity, or
null to refuse PSK.

A new final Openssl\Psk class is added for that purpose, with
readonly $psk and $identity properties and MAX_PSK_LEN /
MAX_IDENTITY_LEN constants.
@bukka bukka requested a review from kocsismate as a code owner May 15, 2026 17:47
devnexen
devnexen reviewed May 15, 2026
View reviewed changes
Comment thread ext/openssl/xp_ssl.c
pefree(sslsock->psk_callbacks, php_stream_is_persistent(stream));
}

if (sslsock->psk_identity_buf) {
Copy link
Copy Markdown
Member

@devnexen devnexen May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question, can an OPENSSL_cleanse() be useful for security concern here ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devnexen devnexen devnexen left review comments

@kocsismate kocsismate Awaiting requested review from kocsismate kocsismate is a code owner

Assignees

No one assigned

Labels

Extension: openssl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bukka @devnexen