src/streams/mbedtls.c


Log

Author Commit Date CI Message
Patrick Steinhardt 0ceac0d0 2019-01-23T14:45:19 mbedtls: fix potential size overflow when reading or writing data The mbedtls library uses a callback mechanism to allow downstream users to plug in their own receive and send functions. We implement `bio_read` and `bio_write` functions, which simply wrap the `git_stream_read` and `git_stream_write` functions, respectively. The problem arises due to the return value of the callback functions: mbedtls expects us to return an `int` containing the actual number of bytes that were read or written. But this is in fact completely misdesigned, as callers are allowed to pass in a buffer with length `SIZE_MAX`. We thus may be unable to represent the number of bytes written via the return value. Fix this by only ever reading or writing at most `INT_MAX` bytes.
Patrick Steinhardt 75918aba 2019-01-23T14:43:54 mbedtls: make global variables static The mbedtls stream implementation makes use of some global variables which are not marked as `static`, even though they're only used in this compilation unit. Fix this and remove a duplicate declaration.
Patrick Steinhardt 7613086d 2019-01-23T15:49:28 streams: handle short writes only in generic stream Now that the function `git_stream__write_full` exists and callers of `git_stream_write` have been adjusted, we can lift logic for short writes out of the stream implementations. Instead, this is now handled either by `git_stream__write_full` or by callers of `git_stream_write` directly.
Patrick Steinhardt 193e7ce9 2019-01-23T15:42:07 streams: make file-local functions static The callback functions that implement the `git_stream` structure are only used inside of their respective implementation files, but they are not marked as `static`. Fix this.
Edward Thomson f1986a23 2019-01-21T09:56:23 streams: don't write more than SSIZE_MAX Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson 21142c5a 2018-10-29T10:04:48 http: remove cURL We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency.
Edward Thomson 2878ad08 2018-10-29T08:59:33 streams: remove unused tls functions The implementations of git_openssl_stream_new and git_mbedtls_stream_new have callers protected by #ifdefs and are never called unless compiled in. There's no need for a dummy implementation. Remove them.
Edward Thomson 43b592ac 2018-10-25T08:49:01 tls: introduce a wrap function Introduce `git_tls_stream_wrap` which will take an existing `stream` with an already connected socket and begin speaking TLS on top of it. This is useful if you've built a connection to a proxy server and you wish to begin CONNECT over it to tunnel a TLS connection. Also update the pluggable TLS stream layer so that it can accept a registration structure that provides an `init` and `wrap` function, instead of a single initialization function.
Patrick Steinhardt d4198d4d 2018-07-26T12:11:34 mbedtls: remove unused variable "cacert" In commit 382ed1e87 (mbedtls: load default CA certificates, 2018-03-29), the function `git_mbedtls_stream_global_init` was refactored to call out to `git_mbedtls__set_cert_location` instead of setting up the certificates itself. The conversion forgot to remove the now-unused "cacert" variable, which is now only getting declared to be free'd at the end of the function. Remove it.
Edward Thomson 2fabb622 2018-07-21T01:36:46 mbedtls: free stream on shutdown
Edward Thomson 9e002cd5 2018-07-21T01:11:58 mbedtls: make ciphers_list a static array Instead of allocating the ciphers_list, make it a static array. This prevents us from leaking it or having to manage its memory.
Edward Thomson 4e62d26f 2018-07-21T00:45:24 mbedtls: free ciphers_list
Edward Thomson defa9709 2018-07-21T00:41:38 mbedtls: check allocations
Patrick Steinhardt d19381e2 2018-06-25T14:57:07 mbedtls: fix `inline` being used in mbedtls headers The mbedtls headers make direct use of the `inline` attribute to instruct the compiler to inline functions. As this function is not C90 compliant, this can cause the compiler to error as soon as any of these files is included and the `-std=c90` flag is being added. The mbedtls headers declaring functions as inline always have a prelude which define `inline` as a macro in case it is not yet defined. Thus, we can easily replace their define with our own define, which simply copies the logic of our own `GIT_INLINE` macro.
Etienne Samson 1edde0bc 2018-03-29T22:14:08 mbedtls: use mbedTLS certificate verification Taken from https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-verify.patch, with some modifications.
Etienne Samson 4165bb7f 2018-03-29T22:14:06 mbedtls: use our own certificate validation Otherwise REQUIRED means that `git_stream_certificate` will always error. We're doing the mbedtls check in verify_server_cert though.
Etienne Samson ec79b0fd 2018-03-29T22:14:04 mbedtls: fix libgit2 hanging due to incomplete writes
Etienne Samson 2419cccd 2018-03-29T22:14:02 mbedtls: default cipher list support
Etienne Samson 60e1ad92 2018-03-29T22:14:01 mbedtls: add global initialization
Etienne Samson 1a1875f3 2018-03-29T22:13:58 mbedtls: proper certificate verification
Etienne Samson ca3b2234 2018-03-29T22:13:56 mbedtls: initial support
Etienne Samson b3e0280d 2018-03-29T22:14:11 mbedtls: display error codes as hex for consistency with mbedTLS docs Remaining parts of https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-fixup.patch
Etienne Samson 382ed1e8 2018-03-29T22:14:09 mbedtls: load default CA certificates