Add a test for unencrypted alert

#! /usr/bin/env perl

# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

#

# Licensed under the OpenSSL license (the "License").  You may not use

# this file except in compliance with the License.  You can obtain a copy

# in the file LICENSE in the source distribution or at

# https://www.openssl.org/source/license.html

use strict;

use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;

use OpenSSL::Test::Utils;

use TLSProxy::Proxy;

my $test_name = "test_tls13alerts";

setup($test_name);

plan skip_all => "TLSProxy isn't usable on $^O"

    if $^O =~ /^(VMS)$/;

plan skip_all => "$test_name needs the dynamic engine feature enabled"

    if disabled("engine") || disabled("dynamic-engine");

plan skip_all => "$test_name needs the sock feature enabled"

    if disabled("sock");

plan skip_all => "$test_name needs TLS1.3 enabled"

    if disabled("tls1_3");

$ENV{OPENSSL_ia32cap} = '~0x200000200000000';

my $proxy = TLSProxy::Proxy->new(

    undef,

    cmdstr(app(["openssl"]), display => 1),

    srctop_file("apps", "server.pem"),

    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})

);

#Test 1: We test that a server can handle an unencrypted alert when normally the

#        next message is encrypted

$proxy->filter(\&alert_filter);

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 1;

my $alert = TLSProxy::Message->alert();

ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unecrypted alert");

sub alert_filter

{

    my $proxy = shift;

    if ($proxy->flight != 1) {

        return;

    }

    ${$proxy->message_list}[1]->session_id_len(1);

    ${$proxy->message_list}[1]->repack();

}

# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

#

# Licensed under the OpenSSL license (the "License").  You may not use

# this file except in compliance with the License.  You can obtain a copy

# in the file LICENSE in the source distribution or at

# https://www.openssl.org/source/license.html

use strict;

package TLSProxy::Alert;

sub new

{

    my $class = shift;

    my ($server,

        $encrypted,

        $level,

        $description) = @_;

    my $self = {

        server => $server,

        encrypted => $encrypted,

        level => $level,

        description => $description

    };

    return bless $self, $class;

}

#Read only accessors

sub server

{

    my $self = shift;

    return $self->{server};

}

sub encrypted

{

    my $self = shift;

    return $self->{encrypted};

}

sub level

{

    my $self = shift;

    return $self->{level};

}

sub description

{

    my $self = shift;

    return $self->{description};

}

1;

package TLSProxy::Message;

use TLSProxy::Alert;

use constant TLS_MESSAGE_HEADER_LENGTH => 4;

#Message types

my @message_frag_lens = ();

my $ciphersuite = 0;

my $successondata = 0;

my $alert;

sub clear

{

    $successondata = 0;

    @message_rec_list = ();

    @message_frag_lens = ();

    $alert = undef;

}

#Class method to extract messages from a record

        if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) {

            $end = 1;

        }

        $alert = TLSProxy::Alert->new(

            $server,

            $record->encrypted,

            $alertlev,

            $alertdesc);

    }

    return @messages;

    my $class = shift;

    return !$success && $end;

}

sub alert

{

    return $alert;

}

sub new

{

    my $class = shift;

            $data       # decrypt_data

        );

        if ($content_type != RT_CCS) {

        if ($content_type != RT_CCS

                && (!TLSProxy::Proxy->is_tls13()

                    || $content_type != RT_ALERT)) {

            if (($server && $server_encrypting)

                     || (!$server && $client_encrypting)) {

                if (!TLSProxy::Proxy->is_tls13() && $etm) {