diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 01517c19c..89dc54802 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -58,6 +58,18 @@ ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0 SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice ssl_set_hostname_twice:"server0":"server1" +SSL session serialization: Wrong major version +ssl_session_serialize_version_check:1:0:0:0 + +SSL session serialization: Wrong minor version +ssl_session_serialize_version_check:1:0:0:0 + +SSL session serialization: Wrong patch version +ssl_session_serialize_version_check:1:0:0:0 + +SSL session serialization: Wrong config +ssl_session_serialize_version_check:1:0:0:0 + Record crypt, AES-128-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4faa5d33f..80c0ab044 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -921,3 +921,53 @@ exit: mbedtls_free( bad_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_SERIALIZED_STRUCTURES_LOCAL_ONLY */ +void ssl_session_serialize_version_check( int corrupt_major, + int corrupt_minor, + int corrupt_patch, + int corrupt_config ) +{ + unsigned char serialized_session[ 2048 ]; + size_t serialized_session_len; + + mbedtls_ssl_session session; + mbedtls_ssl_session_init( &session ); + + /* Infer length of serialized session. */ + TEST_ASSERT( mbedtls_ssl_session_save( &session, + serialized_session, + sizeof( serialized_session ), + &serialized_session_len ) == 0 ); + + mbedtls_ssl_session_free( &session ); + + /* Without any modification, we should be able to successfully + * de-serialize the session - double-check that. */ + TEST_ASSERT( mbedtls_ssl_session_load( &session, + serialized_session, + serialized_session_len ) == 0 ); + mbedtls_ssl_session_free( &session ); + + if( corrupt_major ) + serialized_session[0] ^= (uint8_t) 0x1; + + if( corrupt_minor ) + serialized_session[1] ^= (uint8_t) 0x1; + + if( corrupt_patch ) + serialized_session[2] ^= (uint8_t) 0x1; + + if( corrupt_config ) + { + serialized_session[3] ^= (uint8_t) 0x1; + serialized_session[4] ^= (uint8_t) 0x1; + serialized_session[5] ^= (uint8_t) 0x1; + } + + TEST_ASSERT( mbedtls_ssl_session_load( &session, + serialized_session, + serialized_session_len ) == + MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +} +/* END_CASE */