diff options
| author | Matt Caswell <matt@openssl.org> | 2017-01-05 12:34:46 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-01-10 23:02:50 +0000 |
| commit | 357d096a2963b8e5253ea53b6ab34e3fc706bea3 (patch) | |
| tree | 67fbf39484e2efe5cc10535b9b48671bf14ac695 /util/TLSProxy | |
| parent | 79d8c167857d1c776a6fbdb2aff166a126cab03e (diff) | |
Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes
This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Diffstat (limited to 'util/TLSProxy')
| -rw-r--r-- | util/TLSProxy/Message.pm | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 438209fc40..7cb7b28aec 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -367,7 +367,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Does not currently support re-encrypting +#Note: Only supports re-encrypting for TLSv1.3 sub repack { my $self = shift; @@ -410,8 +410,14 @@ sub repack # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); $rec->len($rec->len + length($msgdata) - $old_length); - # Don't support re-encryption. - $rec->data($rec->decrypt_data); + # Only support re-encryption for TLSv1.3. + if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } else { + $rec->data($rec->decrypt_data); + } #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata) |