Update TLSProxy to know about new HRR style
authorMatt Caswell <matt@openssl.org>
Mon, 13 Nov 2017 14:40:46 +0000 (14:40 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 14 Dec 2017 15:06:37 +0000 (15:06 +0000)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

util/perl/TLSProxy/Message.pm
util/perl/TLSProxy/Record.pm
util/perl/TLSProxy/ServerHello.pm

index 5bb4050..1777e24 100644 (file)
@@ -170,10 +170,12 @@ sub get_messages
             #We can't handle this yet
             die "CCS received before message data complete\n";
         }
-        if ($server) {
-            TLSProxy::Record->server_encrypting(1);
-        } else {
-            TLSProxy::Record->client_encrypting(1);
+        if (!TLSProxy::Proxy->is_tls13()) {
+            if ($server) {
+                TLSProxy::Record->server_encrypting(1);
+            } else {
+                TLSProxy::Record->client_encrypting(1);
+            }
         }
     } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
         if ($record->len == 0 || $record->len_real == 0) {
index b2a1e16..61ac8e2 100644 (file)
@@ -109,7 +109,7 @@ sub get_records
                 substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real)
             );
 
-            if (!TLSProxy::Proxy->is_tls13() || $content_type != RT_CCS) {
+            if ($content_type != RT_CCS) {
                 if (($server && $server_encrypting)
                          || (!$server && $client_encrypting)) {
                     if (!TLSProxy::Proxy->is_tls13() && $etm) {
@@ -118,11 +118,11 @@ sub get_records
                         $record->decrypt();
                     }
                     $record->encrypted(1);
-                }
 
-                if (TLSProxy::Proxy->is_tls13()) {
-                    print "  Inner content type: "
-                          .$record_type{$record->content_type()}."\n";
+                    if (TLSProxy::Proxy->is_tls13()) {
+                        print "  Inner content type: "
+                              .$record_type{$record->content_type()}."\n";
+                    }
                 }
             }
 
index 3e403e5..693a652 100644 (file)
@@ -12,6 +12,11 @@ package TLSProxy::ServerHello;
 use vars '@ISA';
 push @ISA, 'TLSProxy::Message';
 
+my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE,
+                           0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2,
+                           0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09,
+                           0xE2, 0xC8, 0xA8, 0x33, 0x9C);
+
 sub new
 {
     my $class = shift;
@@ -93,10 +98,15 @@ sub parse
         }
     }
 
-    # TODO(TLS1.3): Replace this reference to draft version before release
-    if ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) {
+    if ($random eq $hrrrandom) {
+        TLSProxy::Proxy->is_tls13(1);
+        # TODO(TLS1.3): Replace this reference to draft version before release
+    } elsif ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) {
         $server_version = TLSProxy::Record::VERS_TLS_1_3;
         TLSProxy::Proxy->is_tls13(1);
+
+        TLSProxy::Record->server_encrypting(1);
+        TLSProxy::Record->client_encrypting(1);
     }
 
     $self->server_version($server_version);
@@ -110,10 +120,6 @@ sub parse
 
     $self->process_data();
 
-    if (TLSProxy::Proxy->is_tls13()) {
-        TLSProxy::Record->server_encrypting(1);
-        TLSProxy::Record->client_encrypting(1);
-    }
 
     print "    Server Version:".$server_version."\n";
     print "    Session ID Len:".$session_id_len."\n";