upgrade TLS-Attacker dependency from 6.3.3 to 6.3.4

Removed patches for RSAClientKeyExchangePreparator.java, TlsContext.java and Context.java

Author: c-southwest

experiments/patches/TLS-Attacker-v6.3.4.patch

@@ -0,0 +1,196 @@
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java	2025-02-20 15:19:04.898118063 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/FragmentManager.java	2025-02-20 15:38:12.424092502 +0100
+@@ -23,7 +23,6 @@
+ 
+     private Map<FragmentKey, FragmentCollector> fragments;
+     private Config config;
+-    private int lastInterpretedMessageSeq = -1;
+ 
+     public FragmentManager(Config config) {
+         fragments = new HashMap<>();
+@@ -69,21 +68,6 @@
+             boolean onlyIfComplete, boolean skipMessageSequences) {
+         List<DtlsHandshakeMessageFragment> handshakeFragmentList = new LinkedList<>();
+         List<FragmentKey> orderedFragmentKeys = new ArrayList<>(fragments.keySet());
+-        orderedFragmentKeys.sort(
+-                new Comparator<FragmentKey>() {
+-                    @Override
+-                    public int compare(FragmentKey fragmentKey1, FragmentKey fragmentKey2) {
+-                        if (fragmentKey1.getEpoch() > fragmentKey2.getEpoch()) {
+-                            return -1;
+-                        } else if (fragmentKey1.getEpoch() < fragmentKey2.getEpoch()) {
+-                            return 1;
+-                        } else {
+-                            return fragmentKey1
+-                                    .getMessageSeq()
+-                                    .compareTo(fragmentKey2.getMessageSeq());
+-                        }
+-                    }
+-                });
+ 
+         for (FragmentKey key : orderedFragmentKeys) {
+             FragmentCollector fragmentCollector = fragments.get(key);
+@@ -100,11 +84,6 @@
+                 }
+             }
+             if (!fragmentCollector.isInterpreted()) {
+-                if (!skipMessageSequences
+-                        && key.getMessageSeq() != lastInterpretedMessageSeq + 1
+-                        && !fragmentCollector.isRetransmission()) {
+-                    break;
+-                }
+                 if (onlyIfComplete && !fragmentCollector.isMessageComplete()) {
+                     LOGGER.debug(
+                             "Incomplete message. Not processing: msg_sqn: "
+@@ -114,7 +93,7 @@
+                 } else {
+                     handshakeFragmentList.add(fragmentCollector.buildCombinedFragment());
+                     fragmentCollector.setInterpreted(true);
+-                    lastInterpretedMessageSeq = key.getMessageSeq();
++                    clearFragmentedMessage(key.getMessageSeq(), key.getEpoch());
+                 }
+             }
+         }
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/LayerStackFactory.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/LayerStackFactory.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/LayerStackFactory.java	2025-02-20 15:19:04.907853961 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/LayerStackFactory.java	2025-02-20 15:38:28.834162918 +0100
+@@ -32,7 +32,7 @@
+                         new MessageLayer(context),
+                         new DtlsFragmentLayer(context),
+                         new RecordLayer(context),
+-                        new UdpLayer(context));
++                        new FirstCachedUdpLayer(context));
+             case QUIC:
+                 return new LayerStack(
+                         context,
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/FirstCachedUdpLayer.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/FirstCachedUdpLayer.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/FirstCachedUdpLayer.java	1970-01-01 01:00:00.000000000 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/FirstCachedUdpLayer.java	2025-02-20 15:40:32.718070889 +0100
+@@ -0,0 +1,64 @@
++/*
++ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
++ *
++ * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
++ *
++ * Licensed under Apache License, Version 2.0
++ * http://www.apache.org/licenses/LICENSE-2.0.txt
++ */
++package de.rub.nds.tlsattacker.core.layer.impl;
++
++import de.rub.nds.tlsattacker.core.layer.hints.LayerProcessingHint;
++import de.rub.nds.tlsattacker.core.layer.stream.HintedLayerInputStream;
++import de.rub.nds.tlsattacker.core.state.Context;
++import de.rub.nds.tlsattacker.core.udp.UdpDataPacket;
++import java.io.ByteArrayInputStream;
++import java.io.IOException;
++
++/**
++ * The UDP layer is a wrapper around an underlying UDP socket. It forwards the sockets InputStream
++ * for reading and sends any data over the UDP layer without modifications.
++ */
++public class FirstCachedUdpLayer extends UdpLayer {
++
++    private byte[] firstClientHello = null;
++    private boolean isFirstClientHelloConsumed = false;
++
++    public boolean isFuzzingClient = false;
++
++    public FirstCachedUdpLayer(Context context) {
++        super(context);
++    }
++
++    public void setFirstClientHelo(byte[] bytes) {
++        this.firstClientHello = bytes;
++    }
++
++    public byte[] getFirstClientHelo() {
++        return this.firstClientHello;
++    }
++
++    @Override
++    public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException {
++        byte[] receivedPacket = null;
++        if (!isFirstClientHelloConsumed && isFuzzingClient) {
++            receivedPacket = firstClientHello;
++            isFirstClientHelloConsumed = true;
++        } else {
++            receivedPacket = getTransportHandler().fetchData();
++        }
++        UdpDataPacket udpDataPacket = new UdpDataPacket();
++        udpDataPacket
++                .getParser(context, new ByteArrayInputStream(receivedPacket))
++                .parse(udpDataPacket);
++        udpDataPacket.getPreparator(context).prepareAfterParse();
++        udpDataPacket.getHandler(context).adjustContext(udpDataPacket);
++        addProducedContainer(udpDataPacket);
++        if (currentInputStream == null) {
++            currentInputStream = new HintedLayerInputStream(null, this);
++            currentInputStream.extendStream(receivedPacket);
++        } else {
++            currentInputStream.extendStream(receivedPacket);
++        }
++    }
++}
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/UdpLayer.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/UdpLayer.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/UdpLayer.java	2025-02-20 15:19:04.907853961 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/impl/UdpLayer.java	2025-02-20 15:42:08.984094197 +0100
+@@ -26,7 +26,7 @@
+  */
+ public class UdpLayer extends ProtocolLayer<LayerProcessingHint, UdpDataPacket> {
+ 
+-    private final Context context;
++    protected final Context context;
+ 
+     public UdpLayer(Context context) {
+         super(ImplementedLayers.UDP);
+@@ -88,7 +88,7 @@
+         return new LayerProcessingResult<UdpDataPacket>(null, getLayerType(), true);
+     }
+ 
+-    private UdpTransportHandler getTransportHandler() {
++    protected UdpTransportHandler getTransportHandler() {
+         if (context.getTransportHandler() == null) {
+             throw new RuntimeException("TransportHandler is not set in context!");
+         }
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/CertificateMessagePreparator.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/CertificateMessagePreparator.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/CertificateMessagePreparator.java	2025-02-20 15:19:04.917589863 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/CertificateMessagePreparator.java	2025-02-20 15:50:28.959229375 +0100
+@@ -114,7 +114,8 @@
+ 
+             case X509:
+                 List<CertificateEntry> entryList = msg.getCertificateEntryList();
+-                if (chooser.getConfig().getDefaultExplicitCertificateChain() == null) {
++                if (chooser.getConfig().getDefaultExplicitCertificateChain() == null
++                        || entryList != null) {
+                     if (entryList == null) {
+                         if (chooser.getConfig().getAutoAdjustCertificate()) {
+                             X509PublicKeyType[] certificateKeyTypes =
+@@ -223,7 +224,6 @@
+                 prepareCert(entryList, x509Context, certConfig, i);
+             }
+         }
+-        chooser.getContext().getTlsContext().setTalkingX509Context(x509Context);
+     }
+ 
+     private void prepareCert(
+diff -ruN TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java
+--- TLS-Attacker/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java	2025-02-20 15:19:04.927325762 +0100
++++ TLS-Attacker_patched/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java	2025-02-20 15:48:31.109280624 +0100
+@@ -8,6 +8,7 @@
+  */
+ package de.rub.nds.tlsattacker.core.record.crypto;
+ 
++import de.rub.nds.protocol.exception.EndOfStreamException;
+ import de.rub.nds.protocol.exception.ParserException;
+ import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
+ import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
+@@ -55,7 +56,7 @@
+                     || record.getContentMessageType() != ProtocolMessageType.CHANGE_CIPHER_SPEC) {
+                 try {
+                     recordCipher.decrypt(record);
+-                } catch (ParserException | CryptoException ex) {
++                } catch (ParserException | CryptoException | EndOfStreamException ex) {
+                     if (recordCipherList.indexOf(recordCipher) > 0) {
+                         LOGGER.warn(
+                                 "Failed to decrypt record, will try to process with previous cipher");

install.sh

@@ -11,7 +11,7 @@ readonly PROTOCOLSTATEFUZZER_COMMIT="398c9bc"
 readonly PROTOCOLSTATEFUZZER_REP_URL="https://github.com/protocol-fuzzing/protocol-state-fuzzer.git"
 readonly PROTOCOLSTATEFUZZER_FOLDER="ProtocolState-Fuzzer"
 
-readonly TLSATTACKER_VERSION="v6.3.3"
+readonly TLSATTACKER_VERSION="v6.3.4"
 readonly TLSATTACKER_REP_URL="https://github.com/tls-attacker/TLS-Attacker.git"
 readonly TLSATTACKER_FOLDER="TLS-Attacker"
 readonly TLSATTACKER_PATCH="$PATCHES_DIR/TLS-Attacker-$TLSATTACKER_VERSION.patch"

pom.xml

@@ -18,8 +18,8 @@
         <log4j.version>2.24.3</log4j.version>
         <modifiable-variable.version>4.2.2</modifiable-variable.version>
         <osgi.version>8.1.0</osgi.version>
-        <tlsattacker.core.version>6.3.3</tlsattacker.core.version>
-        <tlsattacker.transport.version>6.3.3</tlsattacker.transport.version>
+        <tlsattacker.core.version>6.3.4</tlsattacker.core.version>
+        <tlsattacker.transport.version>6.3.4</tlsattacker.transport.version>
         <x509-attacker.version>3.1.7</x509-attacker.version>
         <protocol-attacker.version>1.1.5</protocol-attacker.version>
     </properties>