]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 33c96b2)
Adds dtls 1.3 support in TLS::Proxy
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Tue, 23 Jan 2024 14:11:03 +0000 (15:11 +0100)
committerTomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 16:02:19 +0000 (17:02 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)

util/perl/TLSProxy/Record.pm patch | blob | blame | history
util/perl/TLSProxy/ServerHello.pm patch | blob | blame | history

diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index 460991e8aa826cfdc67b6347c02123d7b30d5c53..f55e4ac3a487062f84e1fd8aec37242009ebde4d 100644 (file)
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -36,6 +36,7 @@ my %record_type = (
 );
 
 use constant {
+    VERS_DTLS_1_3 => 0xfefc,
     VERS_DTLS_1_2 => 0xfefd,
     VERS_DTLS_1 => 0xfeff,
     VERS_TLS_1_4 => 0x0305,
@@ -48,6 +49,7 @@ use constant {
 };
 
 our %tls_version = (
+    VERS_DTLS_1_3, "DTLS1.3",
     VERS_DTLS_1_2, "DTLS1.2",
     VERS_DTLS_1, "DTLS1",
     VERS_TLS_1_3, "TLS1.3",
@@ -391,21 +393,17 @@ sub reconstruct_record
     if ($self->sslv2) {
         $data = pack('n', $self->len | 0x8000);
     } else {
+        my $content_type = (TLSProxy::Proxy->is_tls13() && $self->encrypted)
+                           ? $self->outer_content_type : $self->content_type;
         if($self->{isdtls}) {
             my $seqhi = ($self->seq >> 32) & 0xffff;
             my $seqmi = ($self->seq >> 16) & 0xffff;
             my $seqlo = ($self->seq >> 0) & 0xffff;
-            $data = pack('Cnnnnnn', $self->content_type, $self->version,
+            $data = pack('Cnnnnnn', $content_type, $self->version,
                          $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
         } else {
-            if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-                $data = pack('Cnn', $self->outer_content_type, $self->version,
-                             $self->len);
-            }
-            else {
-                $data = pack('Cnn', $self->content_type, $self->version,
-                             $self->len);
-            }
+            $data = pack('Cnn', $content_type, $self->version,
+                         $self->len);
         }
 
     }
diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm
index a1dabaa2b3847b394ae33674d539fcc0041d89e6..3741898a3e2c8f42c2421a48400c606c5456c60a 100644 (file)
--- a/util/perl/TLSProxy/ServerHello.pm
+++ b/util/perl/TLSProxy/ServerHello.pm
@@ -111,7 +111,8 @@ sub parse
 
     if ($random eq $hrrrandom) {
         TLSProxy::Proxy->is_tls13(1);
-    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
+    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3
+             || $neg_version == TLSProxy::Record::VERS_DTLS_1_3) {
         TLSProxy::Proxy->is_tls13(1);
 
         TLSProxy::Record->server_encrypting(1);
Mirror of https://github.com/openssl/openssl.git