Add negative tests for unexpected ver/cfg in session deserialization
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 4faa5d3..80c0ab0 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -921,3 +921,53 @@
mbedtls_free( bad_buf );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:!MBEDTLS_SSL_SERIALIZED_STRUCTURES_LOCAL_ONLY */
+void ssl_session_serialize_version_check( int corrupt_major,
+ int corrupt_minor,
+ int corrupt_patch,
+ int corrupt_config )
+{
+ unsigned char serialized_session[ 2048 ];
+ size_t serialized_session_len;
+
+ mbedtls_ssl_session session;
+ mbedtls_ssl_session_init( &session );
+
+ /* Infer length of serialized session. */
+ TEST_ASSERT( mbedtls_ssl_session_save( &session,
+ serialized_session,
+ sizeof( serialized_session ),
+ &serialized_session_len ) == 0 );
+
+ mbedtls_ssl_session_free( &session );
+
+ /* Without any modification, we should be able to successfully
+ * de-serialize the session - double-check that. */
+ TEST_ASSERT( mbedtls_ssl_session_load( &session,
+ serialized_session,
+ serialized_session_len ) == 0 );
+ mbedtls_ssl_session_free( &session );
+
+ if( corrupt_major )
+ serialized_session[0] ^= (uint8_t) 0x1;
+
+ if( corrupt_minor )
+ serialized_session[1] ^= (uint8_t) 0x1;
+
+ if( corrupt_patch )
+ serialized_session[2] ^= (uint8_t) 0x1;
+
+ if( corrupt_config )
+ {
+ serialized_session[3] ^= (uint8_t) 0x1;
+ serialized_session[4] ^= (uint8_t) 0x1;
+ serialized_session[5] ^= (uint8_t) 0x1;
+ }
+
+ TEST_ASSERT( mbedtls_ssl_session_load( &session,
+ serialized_session,
+ serialized_session_len ) ==
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+}
+/* END_CASE */