Enable TLSProxy to talk TLS1.3

# Test that maximally-padded records are accepted.

my $bad_padding_offset = -1;

$proxy->serverflags("-tls1_2");

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 1 + scalar(@test_offsets);

ok(TLSProxy::Message->success(), "Maximally-padded record test");

#Test 1: Injecting out of context empty records should fail

my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;

my $inject_recs_num = 1;

$proxy->serverflags("-tls1_2");

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 9;

ok(TLSProxy::Message->fail(), "Out of context empty records test");

#Test 2: Injecting in context empty records should succeed

$proxy->clear();

$content_type = TLSProxy::Record::RT_HANDSHAKE;

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->success(), "In context empty records test");

$proxy->clear();

#We allow 32 consecutive in context empty records

$inject_recs_num = 33;

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->fail(), "Too many in context empty records test");

#        alert, i.e. this will look like a disorderly close

$proxy->clear();

$proxy->filter(\&add_frag_alert_filter);

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(!TLSProxy::Message->end(), "Fragmented alert records test");

my $sslv2testtype = TLSV1_2_IN_SSLV2;

$proxy->clear();

$proxy->filter(\&add_sslv2_filter);

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");

#        protocol so we don't even send an alert in this case.

$sslv2testtype = SSLV2_IN_SSLV2;

$proxy->clear();

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");

#        reasons

$sslv2testtype = FRAGMENTED_IN_TLSV1_2;

$proxy->clear();

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");

#        record; and another TLS1.2 record. This isn't allowed so should fail

$sslv2testtype = FRAGMENTED_IN_SSLV2;

$proxy->clear();

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");

#        fail because an SSLv2 ClientHello must be the first record.

$sslv2testtype = ALERT_BEFORE_SSLV2;

$proxy->clear();

$proxy->serverflags("-tls1_2");

$proxy->start();

ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");

sub add_empty_recs_filter

        cert => $cert,

        debug => $debug,

        cipherc => "",

        ciphers => "AES128-SHA",

        ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256",

        flight => 0,

        record_list => [],

        message_list => [],

    my $self = shift;

    $self->clearClient;

    $self->{ciphers} = "AES128-SHA";

    $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256";

    $self->{serverflags} = "";

    $self->{serverconnects} = 1;

    $self->{serverpid} = 0;

                or die "Failed to redirect stdout: $!";

            open(STDERR, ">&STDOUT");

        }

        # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher

        # because the TLS1.3 ciphersuites are not compatible with ossltest

        my $execcmd = $self->execute

            ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept "

            ." s_server -no_comp -rev -engine ossltest -accept "

            .($self->server_port)

            ." -cert ".$self->cert." -naccept ".$self->serverconnects;

        if ($self->ciphers ne "") {

            if (($server && $server_ccs_seen)

                     || (!$server && $client_ccs_seen)) {

                if ($etm) {

                if ($version != VERS_TLS_1_3() && $etm) {

                    $record->decryptETM();

                } else {

                    $record->decrypt();

sub decrypt()

{

    my ($self) = shift;

    my $mactaglen = 20;

    my $data = $self->data;

    if($self->version >= VERS_TLS_1_1()) {

        #TLS1.1+ has an explicit IV. Throw it away

    #Throw away any IVs

    if ($self->version >= VERS_TLS_1_3()) {

        #8 bytes for a GCM IV

        $data = substr($data, 8);

        $mactaglen = 16;

    } elsif ($self->version >= VERS_TLS_1_1()) {

        #16 bytes for a standard IV

        $data = substr($data, 16);

    }

        #Find out what the padding byte is

        my $padval = unpack("C", substr($data, length($data) - 1));

        #Throw away the padding

        $data = substr($data, 0, length($data) - ($padval + 1));

    }

    #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)

    $data = substr($data, 0, length($data) - 20);

    #Throw away the MAC or TAG

    $data = substr($data, 0, length($data) - $mactaglen);

    $self->decrypt_data($data);

    $self->decrypt_len(length($data));