Add ECC extensions with DTLS.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 11:20:30 +0000 (12:20 +0100)
PR#3449

ssl/d1_clnt.c
ssl/d1_srvr.c
ssl/t1_lib.c

index 48e5e06..65dbb4a 100644 (file)
@@ -876,12 +876,18 @@ int dtls1_client_hello(SSL *s)
                *(p++)=0; /* Add the NULL method */
 
 #ifndef OPENSSL_NO_TLSEXT
+               /* TLS extensions*/
+               if (ssl_prepare_clienthello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                       goto err;
+                       }
                if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                        {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
-#endif         
+#endif
 
                l=(p-d);
                d=buf;
index 1384ab0..ef9c347 100644 (file)
@@ -980,6 +980,11 @@ int dtls1_send_server_hello(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
+               if (ssl_prepare_serverhello_tlsext(s) <= 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+                       return -1;
+                       }
                if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                        {
                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
index f6a480d..8167a51 100644 (file)
@@ -453,8 +453,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 #endif
 
 #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                {
                /* Add TLS extension ECPointFormats to the ClientHello message */
                long lenmax; 
@@ -473,8 +472,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
                ret+=s->tlsext_ecpointformatlist_length;
                }
-       if (s->tlsext_ellipticcurvelist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ellipticcurvelist != NULL)
                {
                /* Add TLS extension EllipticCurves to the ClientHello message */
                long lenmax; 
@@ -750,8 +748,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
         }
 
 #ifndef OPENSSL_NO_EC
-       if (s->tlsext_ecpointformatlist != NULL &&
-           s->version != DTLS1_VERSION)
+       if (s->tlsext_ecpointformatlist != NULL)
                {
                /* Add TLS extension ECPointFormats to the ServerHello message */
                long lenmax; 
@@ -1154,8 +1151,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #endif
 
 #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                        {
                        unsigned char *sdata = data;
                        int ecpointformatlist_length = *(sdata++);
@@ -1189,8 +1185,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        fprintf(stderr,"\n");
 #endif
                        }
-               else if (type == TLSEXT_TYPE_elliptic_curves &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_elliptic_curves)
                        {
                        unsigned char *sdata = data;
                        int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1549,8 +1544,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        }
 
 #ifndef OPENSSL_NO_EC
-               else if (type == TLSEXT_TYPE_ec_point_formats &&
-                    s->version != DTLS1_VERSION)
+               else if (type == TLSEXT_TYPE_ec_point_formats)
                        {
                        unsigned char *sdata = data;
                        int ecpointformatlist_length = *(sdata++);