Adds some more changes dtls specific functions to make them more in s…

…ync with their tls counterparts. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22360)
openssl · Apr 22, 2024 · 6223dee · 6223dee
1 parent abfa3d8
commit 6223dee
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c
@@ -449,7 +449,10 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
          * Lets check the version. We tolerate alerts that don't have the exact
          * version number (e.g. because of protocol version errors)
          */
-        if (!rl->is_first_record && rr->type != SSL3_RT_ALERT) {
+        if (!rl->is_first_record && rr->type != SSL3_RT_ALERT
+                /* DTLSv1.3 records sets the legacy version field to DTLSv1.2 */
+                && !(rr->rec_version == DTLS1_2_VERSION
+                     && rl->version == DTLS1_3_VERSION)) {
             if (rr->rec_version != rl->version) {
                 /* unexpected version, silently discard */
                 rr->length = 0;
@@ -665,6 +668,9 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
     case DTLS_ANY_VERSION:
         (*retrl)->funcs = &dtls_any_funcs;
         break;
+    case DTLS1_3_VERSION:
+        (*retrl)->funcs = &dtls_1_3_funcs;
+        break;
     case DTLS1_2_VERSION:
     case DTLS1_VERSION:
     case DTLS1_BAD_VER:
@@ -782,7 +788,7 @@ const OSSL_RECORD_METHOD ossl_dtls_record_method = {
     tls_get_alert_code,
     tls_set1_bio,
     tls_set_protocol_version,
-    NULL,
+    tls_set_plain_alerts,
     tls_set_first_handshake,
     tls_set_max_pipelines,
     dtls_set_in_init,