Commit 357d096a authored by Matt Caswell's avatar Matt Caswell
Browse files

Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes 



This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
parent 79d8c167

util/TLSProxy/Message.pm

+9 −3
Original line number Diff line number Diff line
@@ -367,7 +367,7 @@ sub ciphersuite 
}



#Update all the underlying records with the modified data from this message

#Note: Does not currently support re-encrypting

#Note: Only supports re-encrypting for TLSv1.3

sub repack

{

    my $self = shift;
@@ -410,8 +410,14 @@ sub repack 
        #  use an explicit override field instead.)

        $rec->decrypt_len(length($rec->decrypt_data));

        $rec->len($rec->len + length($msgdata) - $old_length);

        # Don't support re-encryption.

        # Only support re-encryption for TLSv1.3.

        if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {

            #Add content type (1 byte) and 16 tag bytes

            $rec->data($rec->decrypt_data

                .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));

        } else {

            $rec->data($rec->decrypt_data);

        }



        #Update the fragment len in case we changed it above

        ${$self->message_frag_lens}[0] = length($msgdata)