diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-15 12:20:30 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-07-15 12:20:30 +0100 |
| commit | 2054eb771ea29378f90d3a77c2f4015b17de702d (patch) | |
| tree | 4958a3ead173016fba2e9c71c858b75dc2450947 | |
| parent | ea0ceb11a0ef518e9048cf6a995a2863c666c523 (diff) | |
| download | openssl-new-2054eb771ea29378f90d3a77c2f4015b17de702d.tar.gz | |
Add ECC extensions with DTLS.
PR#3449
| -rw-r--r-- | ssl/d1_clnt.c | 8 | ||||
| -rw-r--r-- | ssl/d1_srvr.c | 5 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 18 |
3 files changed, 18 insertions, 13 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 48e5e06bde..65dbb4aba9 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -876,12 +876,18 @@ int dtls1_client_hello(SSL *s) *(p++)=0; /* Add the NULL method */ #ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ + if (ssl_prepare_clienthello_tlsext(s) <= 0) + { + SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); goto err; } -#endif +#endif l=(p-d); d=buf; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 1384ab0cbf..ef9c347edd 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -980,6 +980,11 @@ int dtls1_send_server_hello(SSL *s) #endif #ifndef OPENSSL_NO_TLSEXT + if (ssl_prepare_serverhello_tlsext(s) <= 0) + { + SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); + return -1; + } if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f6a480d0e2..8167a51e5c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -453,8 +453,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c #endif #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL && - s->version != DTLS1_VERSION) + if (s->tlsext_ecpointformatlist != NULL) { /* Add TLS extension ECPointFormats to the ClientHello message */ long lenmax; @@ -473,8 +472,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret+=s->tlsext_ecpointformatlist_length; } - if (s->tlsext_ellipticcurvelist != NULL && - s->version != DTLS1_VERSION) + if (s->tlsext_ellipticcurvelist != NULL) { /* Add TLS extension EllipticCurves to the ClientHello message */ long lenmax; @@ -750,8 +748,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL && - s->version != DTLS1_VERSION) + if (s->tlsext_ecpointformatlist != NULL) { /* Add TLS extension ECPointFormats to the ServerHello message */ long lenmax; @@ -1154,8 +1151,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in #endif #ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats && - s->version != DTLS1_VERSION) + else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); @@ -1189,8 +1185,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in fprintf(stderr,"\n"); #endif } - else if (type == TLSEXT_TYPE_elliptic_curves && - s->version != DTLS1_VERSION) + else if (type == TLSEXT_TYPE_elliptic_curves) { unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); @@ -1549,8 +1544,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } #ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats && - s->version != DTLS1_VERSION) + else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); |