Enable various DTLS extensions.

Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
(cherry picked from commit 874a18cfadc6bac0ad73482325f2ca72dfccdb82)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1aa59c2f72ee419e0272dfdb4ea72d78270fb190..35a58a956cf220758dcbd8521b3d755f1c329bfb 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1105,7 +1105,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_EC
        /* See if we support any ECC ciphersuites */
        int using_ecc = 0;
-       if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION)
+       if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
                {
                int i;
                unsigned long alg_k, alg_a;
@@ -1322,8 +1322,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-       if (s->s3->client_opaque_prf_input != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->s3->client_opaque_prf_input != NULL)
                {
                size_t col = s->s3->client_opaque_prf_input_len;
                
@@ -1340,8 +1339,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 #endif
 
-       if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
                {
                int i;
                long extlen, idlen, itmp;
@@ -1548,7 +1546,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
         }
 
 #ifndef OPENSSL_NO_EC
-       if (using_ecc && s->version != DTLS1_VERSION)
+       if (using_ecc)
                {
                const unsigned char *plist;
                size_t plistlen;
@@ -1591,8 +1589,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-       if (s->s3->server_opaque_prf_input != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->s3->server_opaque_prf_input != NULL)
                {
                size_t sol = s->s3->server_opaque_prf_input_len;
                
@@ -2092,8 +2089,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 #endif
 
 #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                        {
                        unsigned char *sdata = data;
                        int ecpointformatlist_length = *(sdata++);
@@ -2128,8 +2124,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        fprintf(stderr,"\n");
 #endif
                        }
-               else if (type == TLSEXT_TYPE_elliptic_curves &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_elliptic_curves)
                        {
                        unsigned char *sdata = data;
                        int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -2167,8 +2162,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        }
 #endif /* OPENSSL_NO_EC */
 #ifdef TLSEXT_TYPE_opaque_prf_input
-               else if (type == TLSEXT_TYPE_opaque_prf_input &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_opaque_prf_input)
                        {
                        unsigned char *sdata = data;
 
@@ -2243,8 +2237,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                                return 0;
                                }
                        }
-               else if (type == TLSEXT_TYPE_status_request &&
-                        s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+               else if (type == TLSEXT_TYPE_status_request
+                        && s->ctx->tlsext_status_cb)
                        {
                
                        if (size < 5) 
@@ -2622,8 +2616,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                        }
 
 #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                        {
                        unsigned char *sdata = data;
                        int ecpointformatlist_length = *(sdata++);
@@ -2669,8 +2662,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                        s->tlsext_ticket_expected = 1;
                        }
 #ifdef TLSEXT_TYPE_opaque_prf_input
-               else if (type == TLSEXT_TYPE_opaque_prf_input &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_opaque_prf_input)
                        {
                        unsigned char *sdata = data;
 
@@ -2700,8 +2692,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                                }
                        }
 #endif
-               else if (type == TLSEXT_TYPE_status_request &&
-                        s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_status_request)
                        {
                        /* MUST be empty and only sent if we've requested
                         * a status request message.