Serializing a context does not save the user data

The user data is typically a pointer to a data structure or a handle which may no longer be valid after the session is restored. If the user data needs to be preserved, let the application do it. This way, it is a conscious decision for the application to save/restore either the pointer/handle itself or the object it refers to. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-30 16:20:11 +00:00 · 2022-01-27 23:25:51 +01:00 · 2022-01-27 23:25:51 +01:00 · 49d7ddf7f3
commit 49d7ddf7f3
parent 80dae04f24
2 changed files with 19 additions and 2 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1689,6 +1689,10 @@ struct mbedtls_ssl_context
     *
     * The library sets this to \p 0 when creating a context and does not
     * access it afterwards.
+     *
+     * \warning Serializing and restoring an SSL context with
+     *          mbedtls_ssl_context_save() and mbedtls_ssl_context_load()
+     *          does not currently restore the user data.
     */
    uintptr_t MBEDTLS_PRIVATE(user_data);
 };
@ -4509,6 +4513,14 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
 *
 * \see            mbedtls_ssl_context_load()
 *
+ * \note           The serialized data only contains the data that is
+ *                 necessary to resume the connection: negotiated protocol
+ *                 options, session identifier, keys, etc.
+ *                 Loading a saved SSL context does not restore settings and
+ *                 state related to how the application accesses the context,
+ *                 such as configured callback functions, user data, pending
+ *                 incoming or outgoing data, etc.
+ *
 * \note           This feature is currently only available under certain
 *                 conditions, see the documentation of the return value
 *                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
@ -4587,8 +4599,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
 *                 (unless they were already set before calling
 *                 mbedtls_ssl_session_reset() and the values are suitable for
 *                 the present connection). Specifically, you want to call
- *                 at least mbedtls_ssl_set_bio() and
- *                 mbedtls_ssl_set_timer_cb(). All other SSL setter functions
+ *                 at least mbedtls_ssl_set_bio(),
+ *                 mbedtls_ssl_set_timer_cb(), and
+ *                 mbedtls_ssl_set_user_data_n() or
+ *                 mbedtls_ssl_set_user_data_p() if they were set originally.
+ *                 All other SSL setter functions
 *                 are not necessary to call, either because they're only used
 *                 in handshakes, or because the setting is already saved. You
 *                 might choose to call them anyway, for example in order to
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -2105,6 +2105,8 @@ void perform_handshake( handshake_test_options* options )
                             mbedtls_mock_tcp_recv_msg,
                             NULL );

+        mbedtls_ssl_set_user_data_p( &server.ssl, &server );
+
 #if defined(MBEDTLS_TIMING_C)
        mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
                                  mbedtls_timing_set_delay,