diff options
author | Matt Caswell <matt@openssl.org> | 2016-11-18 23:44:09 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-12-05 17:05:40 +0000 |
commit | e60ce9c4513c432705c84b0efebf1421ee769eee (patch) | |
tree | cd5db5bc9752a54cb99d4e47e5a758149af16536 /util/TLSProxy | |
parent | 6a149cee78dd65dea7c8b3a36cb479f79ec2b3a3 (diff) |
Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'util/TLSProxy')
-rw-r--r-- | util/TLSProxy/Proxy.pm | 2 | ||||
-rw-r--r-- | util/TLSProxy/Record.pm | 53 |
2 files changed, 47 insertions, 8 deletions
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index be9f8f88a0..ccfc5c9b2f 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -343,7 +343,7 @@ sub process_packet if ($record->flight != $self->flight) { next; } - $packet .= $record->reconstruct_record(); + $packet .= $record->reconstruct_record($server); } $self->{flight} = $self->{flight} + 1; diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index 5a35925aeb..fe78185ccc 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -116,6 +116,12 @@ sub get_records } else { $record->decrypt(); } + $record->encrypted(1); + } + + if (TLSProxy::Proxy->is_tls13()) { + print " Inner content type: " + .$record_type{$record->content_type()}."\n"; } push @record_list, $record; @@ -188,7 +194,8 @@ sub new decrypt_len => $decrypt_len, data => $data, decrypt_data => $decrypt_data, - orig_decrypt_data => $decrypt_data + orig_decrypt_data => $decrypt_data, + encrypted => 0 }; return bless $self, $class; @@ -257,6 +264,13 @@ sub decrypt() #Throw away the MAC or TAG $data = substr($data, 0, length($data) - $mactaglen); + if (TLSProxy::Proxy->is_tls13()) { + #Get the content type + my $content_type = unpack("C", substr($data, length($data) - 1)); + $self->content_type($content_type); + $data = substr($data, 0, length($data) - 1); + } + $self->decrypt_data($data); $self->decrypt_len(length($data)); @@ -267,15 +281,29 @@ sub decrypt() sub reconstruct_record { my $self = shift; + my $server = shift; my $data; + my $tls13_enc = 0; if ($self->sslv2) { $data = pack('n', $self->len | 0x8000); } else { - $data = pack('Cnn', $self->content_type, $self->version, $self->len); + if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { + $data = pack('Cnn', RT_APPLICATION_DATA, $self->version, + $self->len + 1); + $tls13_enc = 1; + } else { + $data = pack('Cnn', $self->content_type, $self->version, + $self->len); + } + } $data .= $self->data; + if ($tls13_enc) { + $data .= pack('C', $self->content_type); + } + return $data; } @@ -285,11 +313,6 @@ sub flight my $self = shift; return $self->{flight}; } -sub content_type -{ - my $self = shift; - return $self->{content_type}; -} sub sslv2 { my $self = shift; @@ -347,4 +370,20 @@ sub version } return $self->{version}; } +sub content_type +{ + my $self = shift; + if (@_) { + $self->{content_type} = shift; + } + return $self->{content_type}; +} +sub encrypted +{ + my $self = shift; + if (@_) { + $self->{encrypted} = shift; + } + return $self->{encrypted}; +} 1; |