diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d055794610..7bb7456f2d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1915,11 +1915,11 @@ static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session, size_t buf_len ) { unsigned char *p = buf; - size_t needed = 1 /* endpoint */ - + 2 /* ciphersuite */ - + 4 /* ticket_age_add */ - + 2 /* key_len */ - + session->key_len; /* key */ + size_t needed = 1 /* endpoint */ + + 2 /* ciphersuite */ + + 4 /* ticket_age_add */ + + 2 /* resumption_key length */ + + session->resumption_key_len; /* resumption_key */ #if defined(MBEDTLS_HAVE_TIME) needed += 8; /* start_time or ticket_received */ @@ -1943,10 +1943,10 @@ static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session, p[7] = session->ticket_flags; /* save resumption_key */ - p[8] = session->key_len; + p[8] = session->resumption_key_len; p += 9; - memcpy( p, session->key, session->key_len ); - p += session->key_len; + memcpy( p, session->resumption_key, session->resumption_key_len ); + p += session->resumption_key_len; #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if( session->endpoint == MBEDTLS_SSL_IS_SERVER ) @@ -1994,16 +1994,16 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session, session->ticket_flags = p[7]; /* load resumption_key */ - session->key_len = p[8]; + session->resumption_key_len = p[8]; p += 9; - if( end - p < session->key_len ) + if( end - p < session->resumption_key_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( sizeof( session->key ) < session->key_len) + if( sizeof( session->resumption_key ) < session->resumption_key_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - memcpy( session->key, p, session->key_len ); - p += session->key_len; + memcpy( session->resumption_key, p, session->resumption_key_len ); + p += session->resumption_key_len; #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if( session->endpoint == MBEDTLS_SSL_IS_SERVER ) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9d50ce76e2..d7b2fdf64c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -796,19 +796,19 @@ ssl_set_hostname_twice:"server0":"server1" SSL session serialization: Wrong major version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_session_serialize_version_check:1:0:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong minor version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_session_serialize_version_check:0:1:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong patch version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_session_serialize_version_check:0:0:1:0:0:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong config depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: session serialization: Wrong major version depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C @@ -3201,27 +3201,27 @@ ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef12345678 Session serialization, save-load: no ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save-load: small ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save-load: large ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save-load: no ticket, cert depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save-load: small ticket, cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save-load: large ticket, cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, save-load: no ticket depends_on:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3241,27 +3241,27 @@ ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSIO Session serialization, load-save: no ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load-save: small ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load-save: large ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load-save: no ticket, cert depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load-save: small ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_load_save:42:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load-save: large ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_load_save:1023:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_save:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, load-save: no ticket depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3281,27 +3281,27 @@ ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_T Session serialization, save buffer size: no ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save buffer size: small ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save buffer size: large ticket, no cert depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save buffer size: no ticket, cert depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save buffer size: small ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, save buffer size: large ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, save buffer size: no ticket depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3321,27 +3321,27 @@ ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI Session serialization, load buffer size: no ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load buffer size: small ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load buffer size: large ticket, no cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load buffer size: no ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load buffer size: small ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 Session serialization, load buffer size: large ticket, cert depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 +ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, load buffer size: no ticket depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ee1bddddcd..8dbd3056bc 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1818,8 +1818,8 @@ static int ssl_tls13_populate_session( mbedtls_ssl_session *session, session->ticket_age_add = 0x87654321; session->ticket_flags = 0x7; - session->key_len = 32; - memset( session->key, 0x99, sizeof( session->key ) ); + session->resumption_key_len = 32; + memset( session->resumption_key, 0x99, sizeof( session->resumption_key ) ); #if defined(MBEDTLS_HAVE_TIME) if( session->endpoint == MBEDTLS_SSL_IS_SERVER ) @@ -4688,7 +4688,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file, ((void) endpoint_type); ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3) + if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { TEST_ASSERT( ssl_tls13_populate_session( &original, 0, endpoint_type ) == 0 ); @@ -4730,8 +4730,8 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file, #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - TEST_ASSERT( ( original.peer_cert == NULL ) == - ( restored.peer_cert == NULL ) ); + TEST_ASSERT( ( original.peer_cert == NULL ) == + ( restored.peer_cert == NULL ) ); if( original.peer_cert != NULL ) { TEST_ASSERT( original.peer_cert->raw.len ==