mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-10 13:14:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
mbedtls/library
History
Eduardo Silva e1bfffc4f6 x509_crt: handle properly broken links when looking for certificates 
On non-windows environments, when loading certificates from a given
path through mbedtls_x509_crt_parse_path() function, if a symbolic
link is found and is broken (meaning the target file don't exists),
the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is
not honoring the default behavior of just skip the bad certificate file
and increase the counter of wrong files.

The problem have been raised many times in our open source project
called Fluent Bit which depends on MbedTLS:

https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209

The expected behavior is that if a simple certificate cannot be processed,
it should just be skipped.

This patch implements a workaround with lstat(2) and stat(2) to determinate
first if the entry found in the directory is a symbolic link or not, if is
a simbolic link, do a proper stat(2) for the target file, otherwise process
normally. Upon find a broken symbolic link it will increase the counter of
not processed certificates.

Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>
2022-07-20 14:36:12 +01:00
..
.gitignore
Add psa_crypto_driver_wrappers.c to .gitignore
2021-12-18 13:29:10 +05:30
aes.c
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
2022-05-11 21:25:51 +01:00
aesni.c
Move aesni.h to library
2021-03-10 12:52:37 +00:00
aesni.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
aria.c
Replace 3 byte shift with appropriate macro
2021-08-19 09:55:42 +01:00
asn1parse.c
Add missing const attribute to asn1 api
2021-01-26 13:57:46 +01:00
asn1write.c
Fix bug whereby 0 was written as 0200 rather than 020100
2022-06-10 20:13:33 +02:00
base64.c
Delete base64_invasive.h due to functions are moved to the constant-time module
2021-11-26 17:20:02 +01:00
bignum_internal.h
Fix Doxygen for mbedtls_mpi_core_mla()
2022-04-11 13:44:15 +01:00
bignum.c
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
2022-06-29 15:02:59 +01:00
bn_mul.h
Add comment explaining structure of UMAAL assembly
2022-04-17 06:59:33 +01:00
camellia.c
Add Character byte reading macros
2021-08-19 09:55:41 +01:00
ccm.c
Fix typos in documentation and constants with typo finding tool
2022-05-18 14:15:33 -04:00
chacha20.c
Replace instances of byte reading macros with PUT
2021-08-19 09:56:47 +01:00
chachapoly.c
Replace instances of byte reading macros with PUT
2021-08-19 09:56:47 +01:00
check_crypto_config.h
psa: config: Add CAMELLIA to the list of possible CMAC ciphers
2021-03-25 14:25:46 +01:00
cipher_wrap.c
Use separate MBEDTLS_MODE for the CCM*.
2021-10-27 10:42:31 +02:00
cipher_wrap.h
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-03 12:53:24 +01:00
cipher.c
Deprecate mbedtls_cipher_setup_psa()
2022-05-06 10:55:10 +02:00
cmac.c
Allow skipping 3DES in CMAC self-test when ALT implemented
2021-03-02 10:18:08 +01:00
CMakeLists.txt
Bump version to 3.2.1
2022-07-12 10:51:55 +01:00
common.h
fix wrong para name in doxygen comments
2021-10-28 10:26:13 +08:00
constant_time_internal.h
Fix uninitialised memory access in constant time functions
2022-05-19 18:23:24 +01:00
constant_time_invasive.h
Add documentation for the functions
2021-11-26 17:25:14 +01:00
constant_time.c
Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access
2022-06-01 11:42:51 +02:00
ctr_drbg.c
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
2022-07-04 10:12:22 +01:00
debug.c
Add missing parentheses
2021-06-17 21:46:29 +02:00
des.c
Catch failures of AES or DES operations
2021-09-27 16:22:08 +02:00
dhm.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
ecdh.c
Fix typos in documentation and constants with typo finding tool
2022-05-18 14:15:33 -04:00
ecdsa.c
Rename error translation functions and move them to library/pk_wrap.*
2022-03-01 15:21:02 +01:00
ecjpake.c
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
2022-05-11 21:25:51 +01:00
ecp_curves.c
Since the group is unloaded for all curves, it is better to initialize the group also for all curves.
2022-05-06 18:43:58 +02:00
ecp_internal_alt.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
ecp_invasive.h
Move mbedtls_mpi_random to the bignum module
2021-06-03 18:10:04 +02:00
ecp.c
Merge pull request #5766 from leorosen/fix-var-init
2022-05-16 14:47:00 +01:00
entropy_poll.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
entropy_poll.h
Rename config.h to mbedtls_config.h
2021-06-28 09:28:33 +01:00
entropy.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
gcm.c
Add missing local variable initialization
2022-05-13 18:08:11 +01:00
hkdf.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
hmac_drbg.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
Makefile
Bump library and so versions for 3.2.0 release
2022-07-11 13:56:01 +01:00
md5.c
GET macros use a target variable
2021-08-19 09:31:55 +01:00
md_wrap.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
md.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
memory_buffer_alloc.c
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
2022-05-11 21:25:51 +01:00
mps_common.h
Fix typos in documentation and constants with typo finding tool
2022-05-18 14:15:33 -04:00
mps_error.h
Fix Doxygen headers for MPS files
2021-03-29 14:20:18 +01:00
mps_reader.c
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
2021-12-10 13:47:55 +01:00
mps_reader.h
Fix Doxygen headers for MPS files
2021-03-29 14:20:18 +01:00
mps_trace.c
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
2021-12-10 13:47:55 +01:00
mps_trace.h
Capitalise MPS trace macros
2021-04-07 12:45:35 +01:00
net_sockets.c
Add a missing guard for time.h in net_sockets.c
2022-03-04 05:07:45 -05:00
nist_kw.c
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
oid.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
padlock.c
Move padlock.h to library
2021-03-10 12:52:37 +00:00
padlock.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
pem.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
pk_wrap.c
Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
2022-05-04 11:02:37 +02:00
pk_wrap.h
Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
2022-05-04 11:02:37 +02:00
pk.c
Check when usage == 0 in mbedtls_pk_can_do_ext()
2022-05-20 09:26:16 +02:00
pkcs5.c
Apply MBEDTLS_ERROR_ADD to library
2021-04-15 11:19:47 +01:00
pkcs12.c
Add missing local variable initialization
2022-05-13 18:08:11 +01:00
pkparse.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
pkwrite.c
Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der()
2022-04-07 15:01:24 +02:00
pkwrite.h
Rename max sizes of RSA & EC DER keys defines
2022-03-01 10:03:21 +01:00
platform_util.c
Add comment
2022-05-12 09:45:03 +01:00
platform.c
Fix code formatting
2022-07-01 16:43:25 +01:00
poly1305.c
Replace instances of byte reading macros with PUT
2021-08-19 09:57:41 +01:00
psa_crypto_aead.c
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
2021-12-09 14:49:42 +01:00
psa_crypto_aead.h
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
2022-05-11 21:25:51 +01:00
psa_crypto_cipher.c
If a cipher algorithm is not supported, fail during setup
2022-04-05 15:03:39 +02:00
psa_crypto_cipher.h
Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr
2021-12-14 10:58:18 +01:00
psa_crypto_client.c
Move the inclusion of crypto_spe.h to psa/crypto_platform.h
2021-06-17 11:43:58 +02:00
psa_crypto_core.h
Code style improvements
2021-09-08 22:04:13 +05:30
psa_crypto_driver_wrappers.h
Merge pull request #5292 from mprse/asym_encrypt
2022-03-10 20:07:38 +01:00
psa_crypto_ecp.c
psa: Remove test code in the library
2021-12-06 07:50:27 +01:00
psa_crypto_ecp.h
psa: test driver: Move driver test entry points prototypes
2021-12-06 07:50:27 +01:00
psa_crypto_hash.c
psa: Fix and improve comments
2021-12-06 07:50:27 +01:00
psa_crypto_hash.h
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
2022-05-11 21:25:51 +01:00
psa_crypto_invasive.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
psa_crypto_its.h
Update documentation
2020-11-25 13:10:50 +01:00
psa_crypto_mac.c
psa: Fix and improve comments
2021-12-06 07:50:27 +01:00
psa_crypto_mac.h
psa: test driver: Move driver test entry points prototypes
2021-12-06 07:50:27 +01:00
psa_crypto_random_impl.h
Work around MSVC bug with duplicate static declarations
2021-02-16 18:55:05 +01:00
psa_crypto_rsa.c
psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt
2022-01-10 12:55:06 +01:00
psa_crypto_rsa.h
psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt
2022-01-10 12:55:06 +01:00
psa_crypto_se.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_se.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
psa_crypto_slot_management.c
Merge pull request #4878 from SiliconLabs/remove_dependency_4877
2021-09-20 22:20:16 +02:00
psa_crypto_slot_management.h
psa: Fix error code when creating/registering a key with invalid id
2021-04-01 14:05:41 +02:00
psa_crypto_storage.c
Erase secrets in allocated memory before freeing said memory
2022-02-25 11:14:59 +01:00
psa_crypto_storage.h
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
2021-02-15 14:26:44 +01:00
psa_crypto.c
Merge pull request #5834 from mprse/HKDF_1
2022-06-20 15:27:46 +02:00
psa_its_file.c
Call setbuf when reading or writing files: library
2022-06-30 17:03:40 +02:00
ripemd160.c
GET macros use a target variable
2021-08-19 09:31:55 +01:00
rsa_alt_helpers.c
Rename rsa_internal.* to rsa_alt_helpers.*
2021-03-10 12:52:37 +00:00
rsa_alt_helpers.h
Replace all inclusions of config.h
2021-06-28 09:24:07 +01:00
rsa.c
Merge pull request #5766 from leorosen/fix-var-init
2022-05-16 14:47:00 +01:00
sha1.c
GET macros use a target variable
2021-08-19 09:31:55 +01:00
sha256.c
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
2022-04-19 13:52:24 +01:00
sha512.c
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
2022-04-19 13:52:24 +01:00
ssl_cache.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_ciphersuites.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_client.c
Mark static int SSL functions CHECK_RETURN_CRITICAL
2022-06-20 21:12:52 +02:00
ssl_client.h
Mark internal int SSL functions CHECK_RETURN_CRITICAL
2022-06-20 21:12:55 +02:00
ssl_cookie.c
Mark static int SSL functions CHECK_RETURN_CRITICAL
2022-06-20 21:12:52 +02:00
ssl_debug_helpers.h
add named group debug helper
2022-05-09 15:49:00 +08:00
ssl_misc.h
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_msg.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_ticket.c
Mark static int SSL functions CHECK_RETURN_CRITICAL
2022-06-20 21:12:52 +02:00
ssl_tls12_client.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_tls12_server.c
Ensure return for mbedtls_ssl_write_alpn_ext() is checked
2022-07-11 12:37:47 +01:00
ssl_tls13_client.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_tls13_generic.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_tls13_invasive.h
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_tls13_keys.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
ssl_tls13_keys.h
Mark internal int SSL functions CHECK_RETURN_CRITICAL
2022-06-20 21:12:55 +02:00
ssl_tls13_server.c
fix comment issue
2022-07-15 14:38:38 +08:00
ssl_tls.c
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
threading.c
Fix typo "phtreads" to "pthreads"
2022-03-29 17:43:56 +02:00
timing.c
Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
2022-04-08 04:41:42 -04:00
version.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_create.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_crl.c
Do not include time.h without MBEDTLS_HAVE_TIME
2022-03-04 05:07:45 -05:00
x509_crt.c
x509_crt: handle properly broken links when looking for certificates
2022-07-20 14:36:12 +01:00
x509_csr.c
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
2021-04-28 17:31:55 +01:00
x509.c
Merge pull request #5980 from mprse/md_dep_fix
2022-06-29 10:18:41 +02:00
x509write_crt.c
Use ASN1 UTC tags for dates before 2000
2022-06-01 16:24:28 +01:00
x509write_csr.c
Improving readability of x509_crt and x509write_crt for PR
2022-03-07 13:59:44 +01:00