From: Matt Caswell Date: Thu, 5 Jan 2017 12:34:46 +0000 (+0000) Subject: Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes X-Git-Tag: OpenSSL_1_1_1-pre1~2700 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=357d096a2963b8e5253ea53b6ab34e3fc706bea3;p=oweals%2Fopenssl.git Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes This enables us to make changes to in-flight TLSv1.3 messages that appear after the ServerHello. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2157) --- diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 438209fc40..7cb7b28aec 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -367,7 +367,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Does not currently support re-encrypting +#Note: Only supports re-encrypting for TLSv1.3 sub repack { my $self = shift; @@ -410,8 +410,14 @@ sub repack # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); $rec->len($rec->len + length($msgdata) - $old_length); - # Don't support re-encryption. - $rec->data($rec->decrypt_data); + # Only support re-encryption for TLSv1.3. + if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } else { + $rec->data($rec->decrypt_data); + } #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata)