Adds initial dtls 1.3 structs and definitions

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Tue, 3 Oct 2023 07:39:47 +0000 (09:39 +0200)

committer Tomas Mraz <tomas@openssl.org>

Thu, 2 Oct 2025 12:45:12 +0000 (14:45 +0200)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Tue, 3 Oct 2023 07:39:47 +0000 (09:39 +0200)
committer Tomas Mraz <tomas@openssl.org>
Thu, 2 Oct 2025 12:45:12 +0000 (14:45 +0200)
diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h

index 76d01e1eb89c4970eea2362fbc83f4f30b3bc40c..9f3e8197e30881e4d9befbd2d7d2cdeafed4d1f7 100644 (file)
--- a/include/openssl/prov_ssl.h
+++ b/include/openssl/prov_ssl.h
@@ -27,6 +27,7 @@ extern "C" {
  # define TLS1_3_VERSION                  0x0304
  # define DTLS1_VERSION                   0xFEFF
  # define DTLS1_2_VERSION                 0xFEFD
+# define DTLS1_3_VERSION                 0xFEFC
  # define DTLS1_BAD_VER                   0x0100
  
  /* QUIC uses a 4 byte unsigned version number */
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in

index 1cc77189023c5acdd9c9039649f9e8261dd7935e..c3144f66458f4120e4789cec45356177e6ff6183 100644 (file)
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -407,6 +407,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
  # define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)
  # define SSL_OP_NO_DTLSv1                                SSL_OP_BIT(26)
  # define SSL_OP_NO_DTLSv1_2                              SSL_OP_BIT(27)
+# define SSL_OP_NO_DTLSv1_3                              SSL_OP_BIT(29)
      /* Disallow all renegotiation */
  # define SSL_OP_NO_RENEGOTIATION                         SSL_OP_BIT(30)
      /*
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index f20c8ac157ad4bae5e8be69509bb30ebd6dc0671..c0724c10f5079f9e38913a2e130ed172f6bb19aa 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -53,6 +53,21 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
      dtls1_handshake_write
  };
  
+const SSL3_ENC_METHOD DTLSv1_3_enc_data = {
+    tls13_setup_key_block,
+    tls13_generate_master_secret,
+    tls13_change_cipher_state,
+    tls13_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls13_alert_code,
+    tls13_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
  OSSL_TIME dtls1_default_timeout(void)
  {
      /*
diff --git a/ssl/methods.c b/ssl/methods.c

index 525f59e91231c7b4c2004d7b6d71e98e09698eba..836d859ec73bcca3198bf4689505d474be53f736 100644 (file)
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -125,6 +125,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                            ossl_statem_accept,
                            ossl_statem_connect, DTLSv1_2_enc_data)
  #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_3_enc_data)
+#endif
  IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                            DTLS_method,
                            ossl_statem_accept,
@@ -145,6 +151,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                            ossl_statem_accept,
                            ssl_undefined_function, DTLSv1_2_enc_data)
  #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_3_enc_data)
+#endif
  IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                            DTLS_server_method,
                            ossl_statem_accept,
@@ -169,6 +181,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                            ssl_undefined_function,
                            ossl_statem_connect, DTLSv1_2_enc_data)
  #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_3_enc_data)
+#endif
  IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                            DTLS_client_method,
                            ssl_undefined_function,
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h

index 364a3a01bbe2006e70dd2ff7edabf6b173e112f0..73c45436f8f8e2eb44b143423685c92f55eb114a 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -384,6 +384,7 @@ extern const struct record_functions_st tls_1_funcs;
  extern const struct record_functions_st tls_1_3_funcs;
  extern const struct record_functions_st tls_any_funcs;
  extern const struct record_functions_st dtls_1_funcs;
+extern const struct record_functions_st dtls_1_3_funcs;
  extern const struct record_functions_st dtls_any_funcs;
  
  void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c

index c022d064a3e8f2d2547e30b5f968caf6b7eeb4e8..bff945b626c9bd5b850d4990ad6971ebb68db7b7 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -425,3 +425,24 @@ const struct record_functions_st tls_1_3_funcs = {
      tls_post_encryption_processing_default,
      NULL
  };
+
+const struct record_functions_st dtls_1_3_funcs = {
+    tls13_set_crypto_state,
+    tls13_cipher,
+    NULL,
+    tls_default_set_protocol_version,
+    tls_default_read_n,
+    dtls_get_more_records,
+    NULL,
+    tls13_post_process_record,
+    NULL,
+    tls_write_records_default,
+    tls_allocate_write_buffers_default,
+    tls_initialise_write_packets_default,
+    tls13_get_record_type,
+    dtls_prepare_record_header,
+    tls13_add_record_padding,
+    tls_prepare_for_encryption_default,
+    dtls_post_encryption_processing,
+    NULL
+};
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h

index 104379e990b1c670237f350d4f8cd0a98e1ac650..e09712e62ba069796d471c5e4bc9025596e0cfa4 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -257,6 +257,11 @@
  # define SSL_CONNECTION_IS_DTLS(s) \
      (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
  
+/* Check if we are using DTLSv1.3 */
+# define SSL_CONNECTION_IS_DTLS13(s) (SSL_CONNECTION_IS_DTLS(s) \
+    && DTLS_VERSION_GE(SSL_CONNECTION_GET_SSL(s)->method->version, DTLS1_3_VERSION) \
+    && SSL_CONNECTION_GET_SSL(s)->method->version != DTLS_ANY_VERSION)
+
  /* Check if an SSL_CTX structure is using DTLS */
  # define SSL_CTX_IS_DTLS(ctx) \
      (ctx->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
@@ -267,7 +272,7 @@
      && SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION)
  
  # define SSL_CONNECTION_TREAT_AS_TLS13(s) \
-    (SSL_CONNECTION_IS_TLS13(s) \
+    ((SSL_CONNECTION_IS_TLS13(s) || SSL_CONNECTION_IS_DTLS13(s)) \
       || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
       || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
       || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
@@ -2329,6 +2334,9 @@ __owur const SSL_METHOD *dtls_bad_ver_client_method(void);
  __owur const SSL_METHOD *dtlsv1_2_method(void);
  __owur const SSL_METHOD *dtlsv1_2_server_method(void);
  __owur const SSL_METHOD *dtlsv1_2_client_method(void);
+__owur const SSL_METHOD *dtlsv1_3_method(void);
+__owur const SSL_METHOD *dtlsv1_3_server_method(void);
+__owur const SSL_METHOD *dtlsv1_3_client_method(void);
  
  extern const SSL3_ENC_METHOD TLSv1_enc_data;
  extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
@@ -2337,6 +2345,7 @@ extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
  extern const SSL3_ENC_METHOD SSLv3_enc_data;
  extern const SSL3_ENC_METHOD DTLSv1_enc_data;
  extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_3_enc_data;
  
  /*
   * Flags for SSL methods
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Tue, 3 Oct 2023 07:39:47 +0000 (09:39 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 2 Oct 2025 12:45:12 +0000 (14:45 +0200)
include/openssl/prov_ssl.h		patch \| blob \| blame \| history
include/openssl/ssl.h.in		patch \| blob \| blame \| history
ssl/d1_lib.c		patch \| blob \| blame \| history
ssl/methods.c		patch \| blob \| blame \| history
ssl/record/methods/recmethod_local.h		patch \| blob \| blame \| history
ssl/record/methods/tls13_meth.c		patch \| blob \| blame \| history
ssl/ssl_local.h		patch \| blob \| blame \| history