Add ECC extensions with DTLS.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index 48e5e06bdeb473f448394f82d7a50d9c9a45a0ee..65dbb4aba90614b4bc796dd3b6effda8c7587b22 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -876,12 +876,18 @@ int dtls1_client_hello(SSL *s)
                 *(p++)=0; /* Add the NULL method */
  
  #ifndef OPENSSL_NO_TLSEXT
+               /* TLS extensions*/
+               if (ssl_prepare_clienthello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                       goto err;
+                       }
                 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                         {
                         SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
-#endif         
+#endif
  
                 l=(p-d);
                 d=buf;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index 1384ab0cbf171cb89a8ef0d3e5432b06814367ee..ef9c347edd43f2bc364b937accd77f4d42b7333d 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -980,6 +980,11 @@ int dtls1_send_server_hello(SSL *s)
  #endif
  
  #ifndef OPENSSL_NO_TLSEXT
+               if (ssl_prepare_serverhello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+                       return -1;
+                       }
                 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                         {
                         SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index f6a480d0e28a46946f9f45a4fbdc2f260e301680..8167a51e5c593be305096f8a6a063195480d6c64 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -453,8 +453,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
  #endif
  
  #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                 {
                 /* Add TLS extension ECPointFormats to the ClientHello message */
                 long lenmax; 
@@ -473,8 +472,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
                 ret+=s->tlsext_ecpointformatlist_length;
                 }
-       if (s->tlsext_ellipticcurvelist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ellipticcurvelist != NULL)
                 {
                 /* Add TLS extension EllipticCurves to the ClientHello message */
                 long lenmax; 
@@ -750,8 +748,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
          }
  
  #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                 {
                 /* Add TLS extension ECPointFormats to the ServerHello message */
                 long lenmax; 
@@ -1154,8 +1151,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
  #endif
  
  #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                         {
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
@@ -1189,8 +1185,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         fprintf(stderr,"\n");
  #endif
                         }
-               else if (type == TLSEXT_TYPE_elliptic_curves &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_elliptic_curves)
                         {
                         unsigned char *sdata = data;
                         int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1549,8 +1544,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         }
  
  #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                         {
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
ssl/d1_clnt.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history