diff options
| author | Matt Caswell <matt@openssl.org> | 2017-11-13 14:40:46 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
| commit | be60b10a80663d7af6e87d53f908e58d63c54d95 (patch) | |
| tree | 6bc905b4d7985d62e28fa2b82dd39e3ca4b9453a /util/perl | |
| parent | fc7129dc37f38022382338cf37cee795d975450f (diff) | |
Update TLSProxy to know about new HRR style
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'util/perl')
| -rw-r--r-- | util/perl/TLSProxy/Message.pm | 10 | ||||
| -rw-r--r-- | util/perl/TLSProxy/Record.pm | 10 | ||||
| -rw-r--r-- | util/perl/TLSProxy/ServerHello.pm | 18 |
3 files changed, 23 insertions, 15 deletions
diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 5bb4050786..1777e245d0 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -170,10 +170,12 @@ sub get_messages #We can't handle this yet die "CCS received before message data complete\n"; } - if ($server) { - TLSProxy::Record->server_encrypting(1); - } else { - TLSProxy::Record->client_encrypting(1); + if (!TLSProxy::Proxy->is_tls13()) { + if ($server) { + TLSProxy::Record->server_encrypting(1); + } else { + TLSProxy::Record->client_encrypting(1); + } } } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) { if ($record->len == 0 || $record->len_real == 0) { diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm index b2a1e166c9..61ac8e2d7b 100644 --- a/util/perl/TLSProxy/Record.pm +++ b/util/perl/TLSProxy/Record.pm @@ -109,7 +109,7 @@ sub get_records substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real) ); - if (!TLSProxy::Proxy->is_tls13() || $content_type != RT_CCS) { + if ($content_type != RT_CCS) { if (($server && $server_encrypting) || (!$server && $client_encrypting)) { if (!TLSProxy::Proxy->is_tls13() && $etm) { @@ -118,11 +118,11 @@ sub get_records $record->decrypt(); } $record->encrypted(1); - } - if (TLSProxy::Proxy->is_tls13()) { - print " Inner content type: " - .$record_type{$record->content_type()}."\n"; + if (TLSProxy::Proxy->is_tls13()) { + print " Inner content type: " + .$record_type{$record->content_type()}."\n"; + } } } diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm index 3e403e52d8..693a652b6c 100644 --- a/util/perl/TLSProxy/ServerHello.pm +++ b/util/perl/TLSProxy/ServerHello.pm @@ -12,6 +12,11 @@ package TLSProxy::ServerHello; use vars '@ISA'; push @ISA, 'TLSProxy::Message'; +my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, + 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, + 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, + 0xE2, 0xC8, 0xA8, 0x33, 0x9C); + sub new { my $class = shift; @@ -93,10 +98,15 @@ sub parse } } - # TODO(TLS1.3): Replace this reference to draft version before release - if ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) { + if ($random eq $hrrrandom) { + TLSProxy::Proxy->is_tls13(1); + # TODO(TLS1.3): Replace this reference to draft version before release + } elsif ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) { $server_version = TLSProxy::Record::VERS_TLS_1_3; TLSProxy::Proxy->is_tls13(1); + + TLSProxy::Record->server_encrypting(1); + TLSProxy::Record->client_encrypting(1); } $self->server_version($server_version); @@ -110,10 +120,6 @@ sub parse $self->process_data(); - if (TLSProxy::Proxy->is_tls13()) { - TLSProxy::Record->server_encrypting(1); - TLSProxy::Record->client_encrypting(1); - } print " Server Version:".$server_version."\n"; print " Session ID Len:".$session_id_len."\n"; |