[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

CHANGES.md

@@ -24,6 +24,12 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+   to the list of ciphersuites providing Perfect Forward Secrecy as
+   required by SECLEVEL >= 3.
+
+   *Dmitry Belyavskiy, Nicola Tuveri*
+
  * Add new SSL APIs to aid in efficiently implementing TLS/SSL fingerprinting.  The
    SSL_CTRL_GET_IANA_GROUPS control code, exposed as the SSL_get0_iana_groups()
    function-like macro, retrieves the list of supported groups sent by the peer,

ssl/ssl_cert.c

@@ -1001,7 +1001,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                                          int op, int bits, int nid, void *other,
                                          void *ex)
 {
-    int level, minbits;
+    int level, minbits, pfs_mask;
 
     minbits = ssl_get_security_level_bits(s, ctx, &level);
 
@@ -1033,8 +1033,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
             if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
                 return 0;
             /* Level 3: forward secure ciphersuites only */
+            pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
             if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
-                               !(c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)))
+                               !(c->algorithm_mkey & pfs_mask))
                 return 0;
             break;
         }