From 2054eb771ea29378f90d3a77c2f4015b17de702d Mon Sep 17 00:00:00 2001

From: "Dr. Stephen Henson" <steve@openssl.org>

Date: Tue, 15 Jul 2014 12:20:30 +0100

Subject: [PATCH] Add ECC extensions with DTLS.

PR#3449

---

 ssl/d1_clnt.c |  8 +++++++-

 ssl/d1_srvr.c |  5 +++++

 ssl/t1_lib.c  | 18 ++++++------------

 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index 48e5e06..65dbb4a 100644

--- a/ssl/d1_clnt.c

+++ b/ssl/d1_clnt.c

@@ -876,12 +876,18 @@ int dtls1_client_hello(SSL *s)

 		*(p++)=0; /* Add the NULL method */

 #ifndef OPENSSL_NO_TLSEXT

+		/* TLS extensions*/

+		if (ssl_prepare_clienthello_tlsext(s) <= 0)

+			{

+			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);

+			goto err;

+			}

 		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

 			{

 			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

 			goto err;

 			}

-#endif		

+#endif

 		l=(p-d);

 		d=buf;

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index 1384ab0..ef9c347 100644

--- a/ssl/d1_srvr.c

+++ b/ssl/d1_srvr.c

@@ -980,6 +980,11 @@ int dtls1_send_server_hello(SSL *s)

 #endif

 #ifndef OPENSSL_NO_TLSEXT

+		if (ssl_prepare_serverhello_tlsext(s) <= 0)

+			{

+			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);

+			return -1;

+			}

 		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

 			{

 			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index f6a480d..8167a51 100644

--- a/ssl/t1_lib.c

+++ b/ssl/t1_lib.c

@@ -453,8 +453,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c

 #endif

 #ifndef OPENSSL_NO_EC

-	if (s->tlsext_ecpointformatlist != NULL &&

-	    s->version != DTLS1_VERSION)

+	if (s->tlsext_ecpointformatlist != NULL)

 		{

 		/* Add TLS extension ECPointFormats to the ClientHello message */

 		long lenmax; 

@@ -473,8 +472,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c

 		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);

 		ret+=s->tlsext_ecpointformatlist_length;

 		}

-	if (s->tlsext_ellipticcurvelist != NULL &&

-	    s->version != DTLS1_VERSION)

+	if (s->tlsext_ellipticcurvelist != NULL)

 		{

 		/* Add TLS extension EllipticCurves to the ClientHello message */

 		long lenmax; 

@@ -750,8 +748,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c

         }

 #ifndef OPENSSL_NO_EC

-	if (s->tlsext_ecpointformatlist != NULL &&

-	    s->version != DTLS1_VERSION)

+	if (s->tlsext_ecpointformatlist != NULL)

 		{

 		/* Add TLS extension ECPointFormats to the ServerHello message */

 		long lenmax; 

@@ -1154,8 +1151,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in

 #endif

 #ifndef OPENSSL_NO_EC

-		else if (type == TLSEXT_TYPE_ec_point_formats &&

-	             s->version != DTLS1_VERSION)

+		else if (type == TLSEXT_TYPE_ec_point_formats)

 			{

 			unsigned char *sdata = data;

 			int ecpointformatlist_length = *(sdata++);

@@ -1189,8 +1185,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in

 			fprintf(stderr,"\n");

 #endif

 			}

-		else if (type == TLSEXT_TYPE_elliptic_curves &&

-	             s->version != DTLS1_VERSION)

+		else if (type == TLSEXT_TYPE_elliptic_curves)

 			{

 			unsigned char *sdata = data;

 			int ellipticcurvelist_length = (*(sdata++) << 8);

@@ -1549,8 +1544,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in

 			}

 #ifndef OPENSSL_NO_EC

-		else if (type == TLSEXT_TYPE_ec_point_formats &&

-	             s->version != DTLS1_VERSION)

+		else if (type == TLSEXT_TYPE_ec_point_formats)

 			{

 			unsigned char *sdata = data;

 			int ecpointformatlist_length = *(sdata++);

-- 

1.8.3.1