mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Teach TLSProxy how to re-encrypt a TLSv1.3 message after changes

Browse Source 
This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
This commit is contained in:
Matt Caswell 2017-01-05 12:34:46 +00:00
parent 79d8c16785
commit 357d096a29
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
util/TLSProxy/Message.pm
View File

@ -367,7 +367,7 @@ sub ciphersuite
}
#Update all the underlying records with the modified data from this message
#Note: Does not currently support re-encrypting
#Note: Only supports re-encrypting for TLSv1.3
sub repack
{
my $self = shift;
@ -410,8 +410,14 @@ sub repack
# use an explicit override field instead.)
$rec->decrypt_len(length($rec->decrypt_data));
$rec->len($rec->len + length($msgdata) - $old_length);
# Don't support re-encryption.
$rec->data($rec->decrypt_data);
# Only support re-encryption for TLSv1.3.
if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
#Add content type (1 byte) and 16 tag bytes
$rec->data($rec->decrypt_data
.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
} else {
$rec->data($rec->decrypt_data);
}
#Update the fragment len in case we changed it above
${$self->message_frag_lens}[0] = length($msgdata)