Adds failure test case

aws · Jul 22, 2024 · f8c2cbe · f8c2cbe
1 parent d12d63d
commit f8c2cbe
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/tests/unit/s2n_resume_test.c b/tests/unit/s2n_resume_test.c
@@ -1292,10 +1292,32 @@ int main(int argc, char **argv)
         {
             DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
                     s2n_connection_ptr_free);
+            EXPECT_NOT_NULL(conn);
             EXPECT_ERROR_WITH_ERRNO(s2n_resume_encrypt_session_ticket(conn, &conn->client_ticket_to_decrypt),
                     S2N_ERR_NO_TICKET_ENCRYPT_DECRYPT_KEY);
         }
 
+        /* Check error is thrown when stuffer is out of memory for the ticket */
+        {
+            DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_NOT_NULL(config);
+
+            /* Adds a valid ticket encryption key */
+            EXPECT_SUCCESS(s2n_config_set_session_tickets_onoff(config, 1));
+            uint64_t current_time = 0;
+            EXPECT_SUCCESS(config->wall_clock(config->sys_clock_ctx, &current_time));
+            EXPECT_SUCCESS(s2n_config_add_ticket_crypto_key(config, ticket_key_name, strlen((char *) ticket_key_name),
+                    ticket_key.data, ticket_key.size, current_time / ONE_SEC_IN_NANOS));
+
+            DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
+                    s2n_connection_ptr_free);
+            EXPECT_NOT_NULL(conn);
+            EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
+
+            struct s2n_stuffer output = { 0 };
+            EXPECT_ERROR_WITH_ERRNO(s2n_resume_encrypt_session_ticket(conn, &output), S2N_ERR_STUFFER_IS_FULL);
+        }
+
         /* Check encrypted data can be decrypted correctly for TLS12 */
         {
             struct s2n_connection *conn = NULL;

diff --git a/tls/s2n_resume.c b/tls/s2n_resume.c
@@ -880,16 +880,9 @@ S2N_RESULT s2n_resume_decrypt_session_ticket(struct s2n_connection *conn, struct
     struct s2n_stuffer state_stuffer = { 0 };
     RESULT_GUARD_POSIX(s2n_stuffer_init(&state_stuffer, &state_blob));
     RESULT_GUARD_POSIX(s2n_stuffer_skip_write(&state_stuffer, state_blob_size));
-
-    /* Session caching feature also uses this codepath */
-    if (!conn->config->use_tickets) {
-        RESULT_GUARD(s2n_deserialize_resumption_state(conn, NULL, &state_stuffer));
-        return S2N_RESULT_OK;
-    }
-
     RESULT_GUARD(s2n_deserialize_resumption_state(conn, &from->blob, &state_stuffer));
 
-    if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13) {
+    if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13 || !conn->config->use_tickets) {
         return S2N_RESULT_OK;
     }