Adds dtls 1.3 support in TLS::Proxy

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23375)
openssl · Apr 23, 2024 · c144054 · c144054
1 parent 2ccbedf
commit c144054
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 10 deletions.
diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
@@ -36,6 +36,7 @@ my %record_type = (
 );
 
 use constant {
+    VERS_DTLS_1_3 => 0xfefc,
     VERS_DTLS_1_2 => 0xfefd,
     VERS_DTLS_1 => 0xfeff,
     VERS_TLS_1_4 => 0x0305,
@@ -48,6 +49,7 @@ use constant {
 };
 
 our %tls_version = (
+    VERS_DTLS_1_3, "DTLS1.3",
     VERS_DTLS_1_2, "DTLS1.2",
     VERS_DTLS_1, "DTLS1",
     VERS_TLS_1_3, "TLS1.3",
@@ -391,21 +393,17 @@ sub reconstruct_record
     if ($self->sslv2) {
         $data = pack('n', $self->len | 0x8000);
     } else {
+        my $content_type = (TLSProxy::Proxy->is_tls13() && $self->encrypted)
+                           ? $self->outer_content_type : $self->content_type;
         if($self->{isdtls}) {
             my $seqhi = ($self->seq >> 32) & 0xffff;
             my $seqmi = ($self->seq >> 16) & 0xffff;
             my $seqlo = ($self->seq >> 0) & 0xffff;
-            $data = pack('Cnnnnnn', $self->content_type, $self->version,
+            $data = pack('Cnnnnnn', $content_type, $self->version,
                          $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
         } else {
-            if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-                $data = pack('Cnn', $self->outer_content_type, $self->version,
-                             $self->len);
-            }
-            else {
-                $data = pack('Cnn', $self->content_type, $self->version,
-                             $self->len);
-            }
+            $data = pack('Cnn', $content_type, $self->version,
+                         $self->len);
         }
 
     }

diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm
@@ -111,7 +111,8 @@ sub parse
 
     if ($random eq $hrrrandom) {
         TLSProxy::Proxy->is_tls13(1);
-    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
+    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3
+             || $neg_version == TLSProxy::Record::VERS_DTLS_1_3) {
         TLSProxy::Proxy->is_tls13(1);
 
         TLSProxy::Record->server_encrypting(1);