generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enable various DTLS extensions.

Browse Source 
Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
(cherry picked from commit 874a18cfadc6bac0ad73482325f2ca72dfccdb82)
This commit is contained in:
Dr. Stephen Henson 2013-03-19 15:49:35 +00:00
parent 1b6ab411d3
commit 052d0358f2
1 changed files with 13 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ssl/t1_lib.c
View File

@ -1105,7 +1105,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* See if we support any ECC ciphersuites */ /* See if we support any ECC ciphersuites */
int using_ecc = 0; int using_ecc = 0;
if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
{ {
int i; int i;
unsigned long alg_k, alg_a; unsigned long alg_k, alg_a;
@ -1322,8 +1322,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#ifdef TLSEXT_TYPE_opaque_prf_input #ifdef TLSEXT_TYPE_opaque_prf_input
if (s->s3->client_opaque_prf_input != NULL && if (s->s3->client_opaque_prf_input != NULL)
s->version != DTLS1_VERSION)
{ {
size_t col = s->s3->client_opaque_prf_input_len; size_t col = s->s3->client_opaque_prf_input_len;
@ -1340,8 +1339,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#endif #endif
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
s->version != DTLS1_VERSION)
{ {
int i; int i;
long extlen, idlen, itmp; long extlen, idlen, itmp;
@ -1548,7 +1546,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (using_ecc && s->version != DTLS1_VERSION) if (using_ecc)
{ {
const unsigned char *plist; const unsigned char *plist;
size_t plistlen; size_t plistlen;
@ -1591,8 +1589,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#ifdef TLSEXT_TYPE_opaque_prf_input #ifdef TLSEXT_TYPE_opaque_prf_input
if (s->s3->server_opaque_prf_input != NULL && if (s->s3->server_opaque_prf_input != NULL)
s->version != DTLS1_VERSION)
{ {
size_t sol = s->s3->server_opaque_prf_input_len; size_t sol = s->s3->server_opaque_prf_input_len;
@ -2092,8 +2089,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats && else if (type == TLSEXT_TYPE_ec_point_formats)
s->version != DTLS1_VERSION)
{ {
unsigned char *sdata = data; unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++); int ecpointformatlist_length = *(sdata++);
@ -2128,8 +2124,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
fprintf(stderr,"\n"); fprintf(stderr,"\n");
#endif #endif
} }
else if (type == TLSEXT_TYPE_elliptic_curves && else if (type == TLSEXT_TYPE_elliptic_curves)
s->version != DTLS1_VERSION)
{ {
unsigned char *sdata = data; unsigned char *sdata = data;
int ellipticcurvelist_length = (*(sdata++) << 8); int ellipticcurvelist_length = (*(sdata++) << 8);
@ -2167,8 +2162,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#ifdef TLSEXT_TYPE_opaque_prf_input #ifdef TLSEXT_TYPE_opaque_prf_input
else if (type == TLSEXT_TYPE_opaque_prf_input && else if (type == TLSEXT_TYPE_opaque_prf_input)
s->version != DTLS1_VERSION)
{ {
unsigned char *sdata = data; unsigned char *sdata = data;
@ -2243,8 +2237,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
return 0; return 0;
} }
} }
else if (type == TLSEXT_TYPE_status_request && else if (type == TLSEXT_TYPE_status_request
s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) && s->ctx->tlsext_status_cb)
{ {
if (size < 5) if (size < 5)
@ -2622,8 +2616,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats && else if (type == TLSEXT_TYPE_ec_point_formats)
s->version != DTLS1_VERSION)
{ {
unsigned char *sdata = data; unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++); int ecpointformatlist_length = *(sdata++);
@ -2669,8 +2662,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
s->tlsext_ticket_expected = 1; s->tlsext_ticket_expected = 1;
} }
#ifdef TLSEXT_TYPE_opaque_prf_input #ifdef TLSEXT_TYPE_opaque_prf_input
else if (type == TLSEXT_TYPE_opaque_prf_input && else if (type == TLSEXT_TYPE_opaque_prf_input)
s->version != DTLS1_VERSION)
{ {
unsigned char *sdata = data; unsigned char *sdata = data;
@ -2700,8 +2692,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
} }
#endif #endif
else if (type == TLSEXT_TYPE_status_request && else if (type == TLSEXT_TYPE_status_request)
s->version != DTLS1_VERSION)
{ {
/* MUST be empty and only sent if we've requested /* MUST be empty and only sent if we've requested
* a status request message. * a status request message.