PR: 2121

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Add extension support to DTLS code mainly using existing implementation for TLS.
author: Dr. Stephen Henson <steve@openssl.org> 2009-12-08 11:37:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-12-08 11:37:40 +0000
commit: 8025e2511381152bbe517c1819922ead5bd106e6 (patch)
tree: 8cc0bf04a270f00c256762c86da8b351c802dd7f /ssl/d1_lib.c
parent: 637f374ad49d5f6d4f81d87d7cdd226428aa470c (diff)
1 files changed, 0 insertions, 191 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 99935563d1..2786b61c29 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -382,194 +382,3 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
 	(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
 	return 1;
 	}
-
-#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit)
-	{
-	int extdatalen = 0;
-	unsigned char *ret = p;
-	int el;
-
-	ret+=2;
-	
-	if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
-	/* Renegotiate extension */
-	if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
-		{
-		SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-		return NULL;
-		}
-
-	if((limit - p - 4 - el) < 0) return NULL;
-	  
-	s2n(TLSEXT_TYPE_renegotiate,ret);
-	s2n(el,ret);
-
-	if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
-		{
-		SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-		return NULL;
-		}
-
-	ret += el;
-
-	if ((extdatalen = ret-p-2)== 0) 
-		return p;
-
-	s2n(extdatalen,p);
-
-	return ret;
-	}
-
-int ssl_parse_clienthello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-	{
-	unsigned short type;
-	unsigned short size;
-	unsigned short len;
-	unsigned char *data = *p;
-	int renegotiate_seen = 0;
-
-	if (data >= (d+n-2))
-		{
-		if (s->new_session
-			&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-			{
-			/* We should always see one extension: the renegotiate extension */
-	 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-			return 0;
-			}
-		return 1;
-		}
-	n2s(data,len);
-
-	if (data > (d+n-len)) 
-		return 1;
-
-	while (data <= (d+n-4))
-		{
-		n2s(data,type);
-		n2s(data,size);
-		
-		if (data+size > (d+n))
-	   		return 1;
-		
-		if (type == TLSEXT_TYPE_renegotiate)
-			{
-			if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-				return 0;
-			renegotiate_seen = 1;
-			}
-		
-		data+=size;
-		}
-
-	if (s->new_session && !renegotiate_seen
-		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-		{
-		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-		return 0;
-		}
-
-	*p = data;
-	return 1;
-	}
-
-unsigned char *ssl_add_serverhello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit)
-	{
-	int extdatalen = 0;
-	unsigned char *ret = p;
-	
-	ret+=2;
-	
-	if (ret>=limit) return NULL; /* this really never occurs, but ... */
-	
-	if(s->s3->send_connection_binding)
-		{
-		int el;
-
-		if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-
-		if((limit - p - 4 - el) < 0) return NULL;
-          
-		s2n(TLSEXT_TYPE_renegotiate,ret);
-		s2n(el,ret);
-
-		if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-
-		ret += el;
-		}
-
-	if ((extdatalen = ret-p-2)== 0) 
-		return p;
-
-	s2n(extdatalen,p);
-
-	return ret;
-	}
-
-int ssl_parse_serverhello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-	{
-	unsigned short type;
-	unsigned short size;
-	unsigned short len;
-	unsigned char *data = *p;
-	int renegotiate_seen = 0;
-	
-	if (data >= (d+n-2))
-		{
-		if (s->new_session
-			&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-			{
-			/* We should always see one extension: the renegotiate extension */
-	 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-			return 0;
-			}
-		return 1;
-		}
-	n2s(data,len);
-	
-	if (data > (d+n-len)) 
-		return 1;
-	
-	while (data <= (d+n-4))
-		{
-		n2s(data,type);
-		n2s(data,size);
-		
-		if (data+size > (d+n))
-	   		return 1;
-		
-		if (type == TLSEXT_TYPE_renegotiate)
-			{
-			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-				return 0;
-			renegotiate_seen = 1;
-			}
-		
-		data+=size;
-		}
-
-	if (s->new_session && !renegotiate_seen
-		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-		{
-		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-	 	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-		return 0;
-		}
-
-	*p = data;
-	return 1;
-	}
-#endif
author	Dr. Stephen Henson <steve@openssl.org>	2009-12-08 11:37:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-12-08 11:37:40 +0000
commit	8025e2511381152bbe517c1819922ead5bd106e6 (patch)
tree	8cc0bf04a270f00c256762c86da8b351c802dd7f /ssl/d1_lib.c
parent	637f374ad49d5f6d4f81d87d7cdd226428aa470c (diff)