Commit 874a18cf authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Enable various DTLS extensions. 

Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
parent 6c79faaa

ssl/t1_lib.c

+13 −22
Original line number Original line Diff line number Diff line
@@ -1095,7 +1095,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

	/* See if we support any ECC ciphersuites */

	/* See if we support any ECC ciphersuites */

	int using_ecc = 0;

	int using_ecc = 0;

	if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION)

	if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))

		{

		{

		int i;

		int i;

		unsigned long alg_k, alg_a;

		unsigned long alg_k, alg_a;
@@ -1312,8 +1312,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}

		}





#ifdef TLSEXT_TYPE_opaque_prf_input

#ifdef TLSEXT_TYPE_opaque_prf_input

	if (s->s3->client_opaque_prf_input != NULL &&

	if (s->s3->client_opaque_prf_input != NULL)

	    s->version != DTLS1_VERSION)

		{

		{

		size_t col = s->s3->client_opaque_prf_input_len;

		size_t col = s->s3->client_opaque_prf_input_len;
@@ -1330,8 +1329,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}

		}

#endif

#endif





	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&

	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)

	    s->version != DTLS1_VERSION)

		{

		{

		int i;

		int i;

		long extlen, idlen, itmp;

		long extlen, idlen, itmp;
@@ -1503,7 +1501,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha 
        }

        }





#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

	if (using_ecc && s->version != DTLS1_VERSION)

	if (using_ecc)

		{

		{

		const unsigned char *plist;

		const unsigned char *plist;

		size_t plistlen;

		size_t plistlen;
@@ -1546,8 +1544,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}

		}





#ifdef TLSEXT_TYPE_opaque_prf_input

#ifdef TLSEXT_TYPE_opaque_prf_input

	if (s->s3->server_opaque_prf_input != NULL &&

	if (s->s3->server_opaque_prf_input != NULL)

	    s->version != DTLS1_VERSION)

		{

		{

		size_t sol = s->s3->server_opaque_prf_input_len;

		size_t sol = s->s3->server_opaque_prf_input_len;
@@ -1909,8 +1906,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
#endif

#endif





#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

		else if (type == TLSEXT_TYPE_ec_point_formats)

	             s->version != DTLS1_VERSION)

			{

			{

			unsigned char *sdata = data;

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);

			int ecpointformatlist_length = *(sdata++);
@@ -1945,8 +1941,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
			fprintf(stderr,"\n");

			fprintf(stderr,"\n");

#endif

#endif

			}

			}

		else if (type == TLSEXT_TYPE_elliptic_curves &&

		else if (type == TLSEXT_TYPE_elliptic_curves)

	             s->version != DTLS1_VERSION)

			{

			{

			unsigned char *sdata = data;

			unsigned char *sdata = data;

			int ellipticcurvelist_length = (*(sdata++) << 8);

			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1984,8 +1979,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
			}

			}

#endif /* OPENSSL_NO_EC */

#endif /* OPENSSL_NO_EC */

#ifdef TLSEXT_TYPE_opaque_prf_input

#ifdef TLSEXT_TYPE_opaque_prf_input

		else if (type == TLSEXT_TYPE_opaque_prf_input &&

		else if (type == TLSEXT_TYPE_opaque_prf_input)

	             s->version != DTLS1_VERSION)

			{

			{

			unsigned char *sdata = data;

			unsigned char *sdata = data;
@@ -2060,8 +2054,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
				return 0;

				return 0;

				}

				}

			}

			}

		else if (type == TLSEXT_TYPE_status_request &&

		else if (type == TLSEXT_TYPE_status_request

		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)

		         && s->ctx->tlsext_status_cb)

			{

			{

		

		

			if (size < 5) 

			if (size < 5)
@@ -2391,8 +2385,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
			}

			}





#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

		else if (type == TLSEXT_TYPE_ec_point_formats)

	             s->version != DTLS1_VERSION)

			{

			{

			unsigned char *sdata = data;

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);

			int ecpointformatlist_length = *(sdata++);
@@ -2438,8 +2431,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
			s->tlsext_ticket_expected = 1;

			s->tlsext_ticket_expected = 1;

			}

			}

#ifdef TLSEXT_TYPE_opaque_prf_input

#ifdef TLSEXT_TYPE_opaque_prf_input

		else if (type == TLSEXT_TYPE_opaque_prf_input &&

		else if (type == TLSEXT_TYPE_opaque_prf_input)

	             s->version != DTLS1_VERSION)

			{

			{

			unsigned char *sdata = data;

			unsigned char *sdata = data;
@@ -2469,8 +2461,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
				}

				}

			}

			}

#endif

#endif

		else if (type == TLSEXT_TYPE_status_request &&

		else if (type == TLSEXT_TYPE_status_request)

		         s->version != DTLS1_VERSION)

			{

			{

			/* MUST be empty and only sent if we've requested

			/* MUST be empty and only sent if we've requested

			 * a status request message.

			 * a status request message.