diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 16 | ||||
-rw-r--r-- | src/lib/tls/msg_server_hello.cpp | 11 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.cpp | 11 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.h | 3 |
4 files changed, 26 insertions, 15 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 50c83c10c..2a42e1144 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -116,10 +116,10 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression()) - { - m_extensions.add(new Supported_Point_Formats()); - } + if(!policy.allowed_ecc_curves().empty()) + { + m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); + } if(m_version.supports_negotiable_signature_algorithms()) m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), @@ -165,10 +165,10 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Session_Ticket(session.session_ticket())); m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression()) - { - m_extensions.add(new Supported_Point_Formats()); - } + if(!policy.allowed_ecc_curves().empty()) + { + m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); + } if(session.supports_encrypt_then_mac()) m_extensions.add(new Encrypt_then_MAC); diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index d13bc7551..3e8a8dda9 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -43,11 +43,11 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(c.ecc_ciphersuite() && policy.use_ecc_point_compression()) + if(c.ecc_ciphersuite()) { - m_extensions.add(new Supported_Point_Formats()); + m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } - + if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); @@ -107,6 +107,11 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } + if(resumed_session.ciphersuite().ecc_ciphersuite()) + { + m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); + } + if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index f8eef5ac6..712527fc4 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -384,10 +384,15 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, std::vector<byte> Supported_Point_Formats::serialize() const { - // if we send this extension, we prefer compressed points, - // otherwise we don't send it (which is equal to supporting only uncompressed) // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1) - return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; + if(m_prefers_compressed) + { + return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; + } + else + { + return std::vector<byte>{1, UNCOMPRESSED}; + } } Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index d69e40a60..119170797 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -276,7 +276,8 @@ class Supported_Point_Formats final : public Extension std::vector<byte> serialize() const override; - explicit Supported_Point_Formats() : m_prefers_compressed(true) {} + explicit Supported_Point_Formats(bool prefer_compressed) : + m_prefers_compressed(prefer_compressed) {} Supported_Point_Formats(TLS_Data_Reader& reader, u16bit extension_size); |