Outdated SSL_SERIALIZED_SESSION_CONFIG_BITFLAG in ssl_tls.c

[ronald-cron-arm]

Summary

The TLS session serialized data (saved with mbedtls_ssl_session_save() and loaded with mbedtls_ssl_session_load()) depend on the configuration thus session serialized data saved with one configuration of the library may not be used by the library compiled under another configuration. To detect that, before to parse serialized data, mbedtls_ssl_session_load() check that the mask of configurations
saved in the data in equal to the mask of configurations of the library, namely SSL_SERIALIZED_SESSION_CONFIG_BITFLAG, trying to load the data. SSL_SERIALIZED_SESSION_CONFIG_BITFLAG has not been updated when adding data for early data and record size limit. Other compilation flags may be missing as well.

System information

Mbed TLS version (number or commit id): development, post 3.5 release.
Operating system and version: -
Configuration (if not default, please attach mbedtls_config.h): -
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): -
Additional environment information: -

Expected behavior

SSL_SERIALIZED_SESSION_CONFIG_BITFLAG in session serialized data reflects correctly the enabled configuration options for the library that saved the session serialized data.

Steps to reproduce

This has been undetected because we do not have test covering that. We should add tests in test_suite_ssl where we save a session and then check SSL_SERIALIZED_SESSION_CONFIG_BITFLAG. With several test cases with the same test function but different dependencies (based on the configuration options relevant to session serialized data) we should be able to add tests that would potentially detect when we miss updating SSL_SERIALIZED_SESSION_CONFIG_BITFLAG while changing session serialized data.