Upgrade to TLS-Attacker v5.3.0 (#128)

Author: kostis

experiments/patches/TLS-Attacker-v5.3.0.patch

@@ -0,0 +1,83 @@
+diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java
+index 4af681aa8..3b03b78de 100644
+--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java
++++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java
+@@ -22,12 +22,11 @@ public class FragmentManager {
+ 
+     private static final Logger LOGGER = LogManager.getLogger();
+ 
+-    private Map<FragmentKey, FragmentCollector> fragments;
++    private LinkedHashMap<FragmentKey, FragmentCollector> fragments;
+     private Config config;
+-    private int lastInterpretedMessageSeq = -1;
+ 
+     public FragmentManager(Config config) {
+-        fragments = new HashMap<>();
++        fragments = new LinkedHashMap<>();
+         this.config = config;
+     }
+ 
+@@ -70,21 +69,6 @@ public class FragmentManager {
+             boolean onlyIfComplete, boolean skipMessageSequences) {
+         List<DtlsHandshakeMessageFragment> handshakeFragmentList = new LinkedList<>();
+         List<FragmentKey> orderedFragmentKeys = new ArrayList<>(fragments.keySet());
+-        orderedFragmentKeys.sort(
+-                new Comparator<FragmentKey>() {
+-                    @Override
+-                    public int compare(FragmentKey fragmentKey1, FragmentKey fragmentKey2) {
+-                        if (fragmentKey1.getEpoch() > fragmentKey2.getEpoch()) {
+-                            return -1;
+-                        } else if (fragmentKey1.getEpoch() < fragmentKey2.getEpoch()) {
+-                            return 1;
+-                        } else {
+-                            return fragmentKey1
+-                                    .getMessageSeq()
+-                                    .compareTo(fragmentKey2.getMessageSeq());
+-                        }
+-                    }
+-                });
+ 
+         for (FragmentKey key : orderedFragmentKeys) {
+             FragmentCollector fragmentCollector = fragments.get(key);
+@@ -101,11 +85,6 @@ public class FragmentManager {
+                 }
+             }
+             if (!fragmentCollector.isInterpreted()) {
+-                if (!skipMessageSequences
+-                        && key.getMessageSeq() != lastInterpretedMessageSeq + 1
+-                        && !fragmentCollector.isRetransmission()) {
+-                    break;
+-                }
+                 if (onlyIfComplete && !fragmentCollector.isMessageComplete()) {
+                     LOGGER.debug(
+                             "Incomplete message. Not processing: msg_sqn: "
+@@ -115,7 +94,7 @@ public class FragmentManager {
+                 } else {
+                     handshakeFragmentList.add(fragmentCollector.buildCombinedFragment());
+                     fragmentCollector.setInterpreted(true);
+-                    lastInterpretedMessageSeq = key.getMessageSeq();
++                    clearFragmentedMessage(key.getMessageSeq(), key.getEpoch());
+                 }
+             }
+         }
+diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java
+index 34778e092..2f8c02119 100644
+--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java
++++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java
+@@ -11,6 +11,7 @@ package de.rub.nds.tlsattacker.core.record.crypto;
+ import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
+ import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
+ import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
++import de.rub.nds.tlsattacker.core.exceptions.EndOfStreamException;
+ import de.rub.nds.tlsattacker.core.exceptions.ParserException;
+ import de.rub.nds.tlsattacker.core.layer.context.TlsContext;
+ import de.rub.nds.tlsattacker.core.record.Record;
+@@ -59,7 +60,7 @@ public class RecordDecryptor extends Decryptor {
+                     || record.getContentMessageType() != ProtocolMessageType.CHANGE_CIPHER_SPEC) {
+                 try {
+                     recordCipher.decrypt(record);
+-                } catch (ParserException | CryptoException ex) {
++                } catch (ParserException | CryptoException | EndOfStreamException ex) {
+                     if (recordCipherList.indexOf(recordCipher) > 0) {
+                         LOGGER.warn(
+                                 "Failed to decrypt record, will try to process with previous cipher");

install.sh

@@ -12,7 +12,7 @@ readonly PROTOCOLSTATEFUZZER_REP_URL="https://github.com/protocol-fuzzing/protoc
 readonly PROTOCOLSTATEFUZZER_FOLDER="ProtocolState-Fuzzer"
 readonly PROTOCOLSTATEFUZZER_PATCH="$PATCHES_DIR/protocolstate-fuzzer-$PROTOCOLSTATEFUZZER_COMMIT.patch"
 
-readonly TLSATTACKER_VERSION="v5.2.1"
+readonly TLSATTACKER_VERSION="v5.3.0"
 readonly TLSATTACKER_REP_URL="https://github.com/tls-attacker/TLS-Attacker.git"
 readonly TLSATTACKER_FOLDER="TLS-Attacker"
 readonly TLSATTACKER_PATCH="$PATCHES_DIR/TLS-Attacker-$TLSATTACKER_VERSION.patch"

pom.xml

@@ -17,8 +17,8 @@
         <log4j.version>2.23.1</log4j.version>
         <modifiable-variable.version>4.1.2</modifiable-variable.version>
         <osgi.version>8.1.0</osgi.version>
-        <tlsattacker.core.version>5.2.1</tlsattacker.core.version>
-        <tlsattacker.transport.version>5.2.1</tlsattacker.transport.version>
+        <tlsattacker.core.version>5.3.0</tlsattacker.core.version>
+        <tlsattacker.transport.version>5.3.0</tlsattacker.transport.version>
     </properties>
 
     <dependencyManagement>