Commit ec9cb40d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add ECC extensions with DTLS. 

PR#3449
(cherry picked from commit 2054eb77)
parent ed1de381

ssl/d1_clnt.c

+7 −1
Original line number Diff line number Diff line
@@ -694,6 +694,12 @@ int dtls1_client_hello(SSL *s) 
		*(p++)=0; /* Add the NULL method */



#ifndef OPENSSL_NO_TLSEXT

		/* TLS extensions*/

		if (ssl_prepare_clienthello_tlsext(s) <= 0)

			{

			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);

			goto err;

			}

		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

			{

			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

ssl/d1_srvr.c

+5 −0
Original line number Diff line number Diff line
@@ -821,6 +821,11 @@ int dtls1_send_server_hello(SSL *s) 
#endif



#ifndef OPENSSL_NO_TLSEXT

		if (ssl_prepare_serverhello_tlsext(s) <= 0)

			{

			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);

			return -1;

			}

		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

			{

			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);

ssl/t1_lib.c

+6 −12
Original line number Diff line number Diff line
@@ -342,8 +342,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
        }



#ifndef OPENSSL_NO_EC

	if (s->tlsext_ecpointformatlist != NULL &&

	    s->version != DTLS1_VERSION)

	if (s->tlsext_ecpointformatlist != NULL)

		{

		/* Add TLS extension ECPointFormats to the ClientHello message */

		long lenmax;
@@ -362,8 +361,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);

		ret+=s->tlsext_ecpointformatlist_length;

		}

	if (s->tlsext_ellipticcurvelist != NULL &&

	    s->version != DTLS1_VERSION)

	if (s->tlsext_ellipticcurvelist != NULL)

		{

		/* Add TLS extension EllipticCurves to the ClientHello message */

		long lenmax;
@@ -546,8 +544,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha 
        }



#ifndef OPENSSL_NO_EC

	if (s->tlsext_ecpointformatlist != NULL &&

	    s->version != DTLS1_VERSION)

	if (s->tlsext_ecpointformatlist != NULL)

		{

		/* Add TLS extension ECPointFormats to the ServerHello message */

		long lenmax;
@@ -852,8 +849,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in 
			}



#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_ec_point_formats)

			{

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);
@@ -887,8 +883,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in 
			fprintf(stderr,"\n");

#endif

			}

		else if (type == TLSEXT_TYPE_elliptic_curves &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_elliptic_curves)

			{

			unsigned char *sdata = data;

			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1148,8 +1143,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in 
			}



#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_ec_point_formats)

			{

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);