eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Serializing a context does not save the user data

Browse source 
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-01-27 23:25:51 +01:00
parent 80dae04f24
commit 49d7ddf7f3
2 changed files with 19 additions and 2 deletions
include/mbedtls
ssl.h
tests/suites
test_suite_ssl.function

19
include/mbedtls/ssl.h
View file

@ -1689,6 +1689,10 @@ struct mbedtls_ssl_context
* *
* The library sets this to \p 0 when creating a context and does not * The library sets this to \p 0 when creating a context and does not
* access it afterwards. * access it afterwards.
*
* \warning Serializing and restoring an SSL context with
* mbedtls_ssl_context_save() and mbedtls_ssl_context_load()
* does not currently restore the user data.
*/ */
uintptr_t MBEDTLS_PRIVATE(user_data); uintptr_t MBEDTLS_PRIVATE(user_data);
}; };
@ -4509,6 +4513,14 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
* *
* \see mbedtls_ssl_context_load() * \see mbedtls_ssl_context_load()
* *
* \note The serialized data only contains the data that is
* necessary to resume the connection: negotiated protocol
* options, session identifier, keys, etc.
* Loading a saved SSL context does not restore settings and
* state related to how the application accesses the context,
* such as configured callback functions, user data, pending
* incoming or outgoing data, etc.
*
* \note This feature is currently only available under certain * \note This feature is currently only available under certain
* conditions, see the documentation of the return value * conditions, see the documentation of the return value
* #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
@ -4587,8 +4599,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
* (unless they were already set before calling * (unless they were already set before calling
* mbedtls_ssl_session_reset() and the values are suitable for * mbedtls_ssl_session_reset() and the values are suitable for
* the present connection). Specifically, you want to call * the present connection). Specifically, you want to call
* at least mbedtls_ssl_set_bio() and * at least mbedtls_ssl_set_bio(),
* mbedtls_ssl_set_timer_cb(). All other SSL setter functions * mbedtls_ssl_set_timer_cb(), and
* mbedtls_ssl_set_user_data_n() or
* mbedtls_ssl_set_user_data_p() if they were set originally.
* All other SSL setter functions
* are not necessary to call, either because they're only used * are not necessary to call, either because they're only used
* in handshakes, or because the setting is already saved. You * in handshakes, or because the setting is already saved. You
* might choose to call them anyway, for example in order to * might choose to call them anyway, for example in order to

2
tests/suites/test_suite_ssl.function
View file

@ -2105,6 +2105,8 @@ void perform_handshake( handshake_test_options* options )
mbedtls_mock_tcp_recv_msg, mbedtls_mock_tcp_recv_msg,
NULL ); NULL );
mbedtls_ssl_set_user_data_p( &server.ssl, &server );
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server, mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,