Add ECC extensions with DTLS.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 11:29:20 +0000 (12:29 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:29:20 +0000 (12:29 +0100)
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index 074b7f308fa97c89349b774a92fc02f8661dcebc..fce48e40105706e032037e7dd095c1c6d7015e76 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -694,12 +694,18 @@ int dtls1_client_hello(SSL *s)
                 *(p++)=0; /* Add the NULL method */
  
  #ifndef OPENSSL_NO_TLSEXT
+               /* TLS extensions*/
+               if (ssl_prepare_clienthello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                       goto err;
+                       }
                 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                         {
                         SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
-#endif         
+#endif
  
                 l=(p-d);
                 d=buf;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index b15970bf8dc100632c18ab4ff61770fea1f7349b..96b9c94f0be6e9dfdbe71f262604c77c98cfbb94 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -821,6 +821,11 @@ int dtls1_send_server_hello(SSL *s)
  #endif
  
  #ifndef OPENSSL_NO_TLSEXT
+               if (ssl_prepare_serverhello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+                       return -1;
+                       }
                 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                         {
                         SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 98e081f09787b7e6a33925ed0cc653e7af8f9c16..b4d8ea5d522faf18001d0418b6edd77e81d65430 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -342,8 +342,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
          }
  
  #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                 {
                 /* Add TLS extension ECPointFormats to the ClientHello message */
                 long lenmax; 
@@ -362,8 +361,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
                 ret+=s->tlsext_ecpointformatlist_length;
                 }
-       if (s->tlsext_ellipticcurvelist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ellipticcurvelist != NULL)
                 {
                 /* Add TLS extension EllipticCurves to the ClientHello message */
                 long lenmax; 
@@ -546,8 +544,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
          }
  
  #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                 {
                 /* Add TLS extension ECPointFormats to the ServerHello message */
                 long lenmax; 
@@ -852,8 +849,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         }
  
  #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                         {
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
@@ -887,8 +883,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         fprintf(stderr,"\n");
  #endif
                         }
-               else if (type == TLSEXT_TYPE_elliptic_curves &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_elliptic_curves)
                         {
                         unsigned char *sdata = data;
                         int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1148,8 +1143,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         }
  
  #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                         {
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 11:29:20 +0000 (12:29 +0100)
ssl/d1_clnt.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history