From cb57dc46324d0f8a29e48423a750e4c8419c5185 Mon Sep 17 00:00:00 2001
From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Tue, 23 Jan 2024 15:11:03 +0100
Subject: Adds dtls 1.3 support in TLS::Proxy

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
---
 util/perl/TLSProxy/Record.pm      | 16 +++++++---------
 util/perl/TLSProxy/ServerHello.pm |  3 ++-
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index c309bc2f9f..fdc53922e5 100644
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -36,6 +36,7 @@ my %record_type = (
 );
 
 use constant {
+    VERS_DTLS_1_3 => 0xfefc,
     VERS_DTLS_1_2 => 0xfefd,
     VERS_DTLS_1 => 0xfeff,
     VERS_TLS_1_4 => 0x0305,
@@ -48,6 +49,7 @@ use constant {
 };
 
 our %tls_version = (
+    VERS_DTLS_1_3, "DTLS1.3",
     VERS_DTLS_1_2, "DTLS1.2",
     VERS_DTLS_1, "DTLS1",
     VERS_TLS_1_3, "TLS1.3",
@@ -391,21 +393,17 @@ sub reconstruct_record
     if ($self->sslv2) {
         $data = pack('n', $self->len | 0x8000);
     } else {
+        my $content_type = (TLSProxy::Proxy->is_tls13() && $self->encrypted)
+                           ? $self->outer_content_type : $self->content_type;
         if($self->{isdtls}) {
             my $seqhi = ($self->seq >> 32) & 0xffff;
             my $seqmi = ($self->seq >> 16) & 0xffff;
             my $seqlo = ($self->seq >> 0) & 0xffff;
-            $data = pack('Cnnnnnn', $self->content_type, $self->version,
+            $data = pack('Cnnnnnn', $content_type, $self->version,
                          $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
         } else {
-            if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-                $data = pack('Cnn', $self->outer_content_type, $self->version,
-                             $self->len);
-            }
-            else {
-                $data = pack('Cnn', $self->content_type, $self->version,
-                             $self->len);
-            }
+            $data = pack('Cnn', $content_type, $self->version,
+                         $self->len);
         }
 
     }
diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm
index ca1486e041..5e2a4b428d 100644
--- a/util/perl/TLSProxy/ServerHello.pm
+++ b/util/perl/TLSProxy/ServerHello.pm
@@ -111,7 +111,8 @@ sub parse
 
     if ($random eq $hrrrandom) {
         TLSProxy::Proxy->is_tls13(1);
-    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
+    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3
+             || $neg_version == TLSProxy::Record::VERS_DTLS_1_3) {
         TLSProxy::Proxy->is_tls13(1);
 
         TLSProxy::Record->server_encrypting(1);
-- 
cgit v1.2.3