From 9339d7d5b1e46dd8ee51d552d64cc442cc302375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= Date: Wed, 25 Jun 2014 11:52:37 -0300 Subject: [PATCH] add support to TLS extensions in DTLS --- cyassl/internal.h | 1 + src/internal.c | 7 +++---- src/tls.c | 18 +++++++++++------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 7a00be9e5..0175fbe95 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1183,6 +1183,7 @@ typedef struct TLSX { CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); CYASSL_LOCAL void TLSX_FreeAll(TLSX* list); +CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl); #ifndef NO_CYASSL_CLIENT CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl); diff --git a/src/internal.c b/src/internal.c index dbd57133a..e2272f7c9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7942,7 +7942,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* tls extensions */ if ( (i - begin) < helloSz) { #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { int ret = 0; word16 totalExtSz; Suites clSuites; /* just for compatibility right now */ @@ -9279,8 +9279,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* last, extensions */ #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) - TLSX_WriteResponse(ssl, output + idx); + TLSX_WriteResponse(ssl, output + idx); #endif ssl->buffers.outputBuffer.length += sendSz; @@ -11080,7 +11079,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* tls extensions */ if ((i - begin) < helloSz) { #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { int ret = 0; #else if (IsAtLeastTLSv1_2(ssl)) { diff --git a/src/tls.c b/src/tls.c index c734125bc..edac823a9 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1214,8 +1214,8 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, #ifdef HAVE_SUPPORTED_CURVES #ifndef HAVE_ECC -#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \ -Use --enable-ecc in the configure script or define HAVE_ECC." +#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ + Use --enable-ecc in the configure script or define HAVE_ECC. #endif static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) @@ -1536,6 +1536,10 @@ void TLSX_FreeAll(TLSX* list) } } +int TLSX_SupportExtensions(CYASSL* ssl) { + return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); +} + static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) { TLSX* extension; @@ -1635,7 +1639,7 @@ word16 TLSX_GetRequestSize(CYASSL* ssl) { word16 length = 0; - if (ssl && IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { byte semaphore[16] = {0}; EC_VALIDATE_REQUEST(ssl, semaphore); @@ -1660,7 +1664,7 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output) { word16 offset = 0; - if (ssl && IsTLS(ssl) && output) { + if (TLSX_SupportExtensions(ssl) && output) { byte semaphore[16] = {0}; offset += OPAQUE16_LEN; /* extensions length */ @@ -1711,7 +1715,7 @@ word16 TLSX_GetResponseSize(CYASSL* ssl) word16 length = 0; byte semaphore[16] = {0}; - if (ssl && IsTLS(ssl)) + if (TLSX_SupportExtensions(ssl)) length += TLSX_GetSize(ssl->extensions, semaphore, 0); /* All the response data is set at the ssl object only, so no ctx here. */ @@ -1726,7 +1730,7 @@ word16 TLSX_WriteResponse(CYASSL *ssl, byte* output) { word16 offset = 0; - if (ssl && IsTLS(ssl) && output) { + if (TLSX_SupportExtensions(ssl) && output) { byte semaphore[16] = {0}; offset += OPAQUE16_LEN; /* extensions length */ @@ -1829,7 +1833,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, || defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_SUPPORTED_CURVES) -#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined." +#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. #endif /* HAVE_TLS_EXTENSIONS */