diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 11:37:40 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 11:37:40 +0000 |
commit | 8025e2511381152bbe517c1819922ead5bd106e6 (patch) | |
tree | 8cc0bf04a270f00c256762c86da8b351c802dd7f /ssl/d1_lib.c | |
parent | 637f374ad49d5f6d4f81d87d7cdd226428aa470c (diff) |
PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Add extension support to DTLS code mainly using existing implementation for
TLS.
Diffstat (limited to 'ssl/d1_lib.c')
-rw-r--r-- | ssl/d1_lib.c | 191 |
1 files changed, 0 insertions, 191 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 99935563d1..2786b61c29 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -382,194 +382,3 @@ int dtls1_listen(SSL *s, struct sockaddr *client) (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); return 1; } - -#ifndef OPENSSL_NO_TLSEXT -unsigned char *ssl_add_clienthello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit) - { - int extdatalen = 0; - unsigned char *ret = p; - int el; - - ret+=2; - - if (ret>=limit) return NULL; /* this really never occurs, but ... */ - - /* Renegotiate extension */ - if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if((limit - p - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_renegotiate,ret); - s2n(el,ret); - - if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - - if ((extdatalen = ret-p-2)== 0) - return p; - - s2n(extdatalen,p); - - return ret; - } - -int ssl_parse_clienthello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) - { - unsigned short type; - unsigned short size; - unsigned short len; - unsigned char *data = *p; - int renegotiate_seen = 0; - - if (data >= (d+n-2)) - { - if (s->new_session - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - /* We should always see one extension: the renegotiate extension */ - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - return 0; - } - return 1; - } - n2s(data,len); - - if (data > (d+n-len)) - return 1; - - while (data <= (d+n-4)) - { - n2s(data,type); - n2s(data,size); - - if (data+size > (d+n)) - return 1; - - if (type == TLSEXT_TYPE_renegotiate) - { - if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) - return 0; - renegotiate_seen = 1; - } - - data+=size; - } - - if (s->new_session && !renegotiate_seen - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - *p = data; - return 1; - } - -unsigned char *ssl_add_serverhello_dtlsext(SSL *s, unsigned char *p, unsigned char *limit) - { - int extdatalen = 0; - unsigned char *ret = p; - - ret+=2; - - if (ret>=limit) return NULL; /* this really never occurs, but ... */ - - if(s->s3->send_connection_binding) - { - int el; - - if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if((limit - p - 4 - el) < 0) return NULL; - - s2n(TLSEXT_TYPE_renegotiate,ret); - s2n(el,ret); - - if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) - { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - } - - if ((extdatalen = ret-p-2)== 0) - return p; - - s2n(extdatalen,p); - - return ret; - } - -int ssl_parse_serverhello_dtlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) - { - unsigned short type; - unsigned short size; - unsigned short len; - unsigned char *data = *p; - int renegotiate_seen = 0; - - if (data >= (d+n-2)) - { - if (s->new_session - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - /* We should always see one extension: the renegotiate extension */ - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - return 0; - } - return 1; - } - n2s(data,len); - - if (data > (d+n-len)) - return 1; - - while (data <= (d+n-4)) - { - n2s(data,type); - n2s(data,size); - - if (data+size > (d+n)) - return 1; - - if (type == TLSEXT_TYPE_renegotiate) - { - if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) - return 0; - renegotiate_seen = 1; - } - - data+=size; - } - - if (s->new_session && !renegotiate_seen - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - *p = data; - return 1; - } -#endif |