From be60b10a80663d7af6e87d53f908e58d63c54d95 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 13 Nov 2017 14:40:46 +0000
Subject: [PATCH] Update TLSProxy to know about new HRR style

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
---
 util/perl/TLSProxy/Message.pm     | 10 ++++++----
 util/perl/TLSProxy/Record.pm      | 10 +++++-----
 util/perl/TLSProxy/ServerHello.pm | 18 ++++++++++++------
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm
index 5bb4050786..1777e245d0 100644
--- a/util/perl/TLSProxy/Message.pm
+++ b/util/perl/TLSProxy/Message.pm
@@ -170,10 +170,12 @@ sub get_messages
             #We can't handle this yet
             die "CCS received before message data complete\n";
         }
-        if ($server) {
-            TLSProxy::Record->server_encrypting(1);
-        } else {
-            TLSProxy::Record->client_encrypting(1);
+        if (!TLSProxy::Proxy->is_tls13()) {
+            if ($server) {
+                TLSProxy::Record->server_encrypting(1);
+            } else {
+                TLSProxy::Record->client_encrypting(1);
+            }
         }
     } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
         if ($record->len == 0 || $record->len_real == 0) {
diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index b2a1e166c9..61ac8e2d7b 100644
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -109,7 +109,7 @@ sub get_records
                 substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real)
             );
 
-            if (!TLSProxy::Proxy->is_tls13() || $content_type != RT_CCS) {
+            if ($content_type != RT_CCS) {
                 if (($server && $server_encrypting)
                          || (!$server && $client_encrypting)) {
                     if (!TLSProxy::Proxy->is_tls13() && $etm) {
@@ -118,11 +118,11 @@ sub get_records
                         $record->decrypt();
                     }
                     $record->encrypted(1);
-                }
 
-                if (TLSProxy::Proxy->is_tls13()) {
-                    print "  Inner content type: "
-                          .$record_type{$record->content_type()}."\n";
+                    if (TLSProxy::Proxy->is_tls13()) {
+                        print "  Inner content type: "
+                              .$record_type{$record->content_type()}."\n";
+                    }
                 }
             }
 
diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm
index 3e403e52d8..693a652b6c 100644
--- a/util/perl/TLSProxy/ServerHello.pm
+++ b/util/perl/TLSProxy/ServerHello.pm
@@ -12,6 +12,11 @@ package TLSProxy::ServerHello;
 use vars '@ISA';
 push @ISA, 'TLSProxy::Message';
 
+my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE,
+                           0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2,
+                           0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09,
+                           0xE2, 0xC8, 0xA8, 0x33, 0x9C);
+
 sub new
 {
     my $class = shift;
@@ -93,10 +98,15 @@ sub parse
         }
     }
 
-    # TODO(TLS1.3): Replace this reference to draft version before release
-    if ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) {
+    if ($random eq $hrrrandom) {
+        TLSProxy::Proxy->is_tls13(1);
+        # TODO(TLS1.3): Replace this reference to draft version before release
+    } elsif ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) {
         $server_version = TLSProxy::Record::VERS_TLS_1_3;
         TLSProxy::Proxy->is_tls13(1);
+
+        TLSProxy::Record->server_encrypting(1);
+        TLSProxy::Record->client_encrypting(1);
     }
 
     $self->server_version($server_version);
@@ -110,10 +120,6 @@ sub parse
 
     $self->process_data();
 
-    if (TLSProxy::Proxy->is_tls13()) {
-        TLSProxy::Record->server_encrypting(1);
-        TLSProxy::Record->client_encrypting(1);
-    }
 
     print "    Server Version:".$server_version."\n";
     print "    Session ID Len:".$session_id_len."\n";
-- 
2.25.1