Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix premature fopen() call in mbedtls_entropy_write_seed_file #3616

Merged
merged 4 commits into from
Mar 30, 2021
Merged

Fix premature fopen() call in mbedtls_entropy_write_seed_file #3616

merged 4 commits into from
Mar 30, 2021

Conversation

militant-daos
Copy link
Contributor

@militant-daos militant-daos commented Aug 26, 2020
edited by ronald-cron-arm
Loading

Signed-off-by: Victor Krasnoshchok ct3da21164@protonmail.ch

Description

The PR fixes potential seed file corruption in case if path param of mbedtls_entropy_write_seed_file is equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE (or vice versa; i.e. the same file is used to read from and to write to).

Status

READY

Requires Backporting

Yes

  • 2.16
  • 2.7

Migrations

NO

Steps to test

  1. Define MBEDTLS_ENTROPY_NV_SEED in the active config (config.h);
  2. Edit test_suite_entropy.data in such a way to make entropy_seed_file define the same name as MBEDTLS_PLATFORM_STD_NV_SEED_FILE (seedfile by default);
  3. Build and run test_suite_entropy target - NV-file related tests should pass.

@militant-daos
Fix premature fopen() call in mbedtls_entropy_write_seed_file Mbed-TL…
e79812e 
…S#3175

Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
@militant-daos militant-daos mentioned this pull request Aug 26, 2020
Closed
@yanesca
Copy link
Contributor

yanesca commented Aug 28, 2020

@militant-daos Thank you very much for contributing to Mbed TLS!

Could you please add an entry to test_suite_entropy.data with a non-regression test as you described it in step 2. of reproducing the issue? (We are testing a configuration in the CI that takes care of step 1 and 3.)

yanesca
yanesca requested changes Aug 28, 2020
View reviewed changes
@yanesca yanesca added bug needs-backports Backports are missing or are pending review and approval. needs-review Every commit must be reviewed by at least two team members, needs-work labels Aug 28, 2020
@militant-daos
Copy link
Contributor Author

@militant-daos Thank you very much for contributing to Mbed TLS!

Could you please add an entry to test_suite_entropy.data with a non-regression test as you described it in step 2. of reproducing the issue? (We are testing a configuration in the CI that takes care of step 1 and 3.)

Sure, will update the suite.

@militant-daos
Refactoring after CR and new unit test Mbed-TLS#3175
b3129ba 
Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
yanesca
yanesca previously approved these changes Sep 2, 2020
View reviewed changes
Copy link
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@yanesca
Copy link
Contributor

yanesca commented Sep 2, 2020

The failure in the CI is only a glitch in the infrastructure.

@yanesca yanesca removed the needs-work label Sep 2, 2020
@yanesca yanesca mentioned this pull request Sep 3, 2020
Open
@yanesca
Copy link
Contributor

yanesca commented Sep 3, 2020
edited
Loading

@militant-daos Could you please add a signed-by line to the last commit message?

@militant-daos
Code style fix Mbed-TLS#3175
a0c2d19 
Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
@militant-daos
Copy link
Contributor Author

@militant-daos Could you please add a signed-by line to the last commit message?

Sorry, I forgot to do that yesterday (I will create a pre-commit hook for this), thanks for pointing out. Added.

yanesca
yanesca previously approved these changes Sep 3, 2020
View reviewed changes
Copy link
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, looks good to me!

@gabor-mezei-arm gabor-mezei-arm self-requested a review September 7, 2020 13:29
gabor-mezei-arm
gabor-mezei-arm previously approved these changes Sep 7, 2020
View reviewed changes
@yanesca
Copy link
Contributor

yanesca commented Sep 7, 2020

@militant-daos Now that the main PR is approved, could you please create the backports as well?

Also, we normally credit contributors in our ChangeLog. Please feel free to add a file with your entry in ChangeLog.d if you would like to be mentioned there. There is a readme about writing changelog entries in that directory as well.

@yanesca yanesca removed the needs-review Every commit must be reviewed by at least two team members, label Sep 7, 2020
@militant-daos
Copy link
Contributor Author

@yanesca sure, will do. But first I need to reinstall my dev. environment, so this may take a while (I'll push the corresponding changes tomorrow)

@militant-daos
Changelog update Mbed-TLS#3175
6361ad9 
Signed-off-by: Victor Krasnoshchok <ct3da21164@protonmail.ch>
@yanesca yanesca mentioned this pull request Sep 28, 2020
Merged
yanesca
yanesca approved these changes Oct 5, 2020
View reviewed changes
Copy link
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@yanesca
Copy link
Contributor

yanesca commented Oct 5, 2020

The 2.16 backport looks good to me too, we can merge them as soon as the 2.7 backport is ready too.

@militant-daos
Copy link
Contributor Author

@yanesca please take a look at #3821 - I've finally created the backport for 2.7. I'm sorry that it took so long, I hope that such things won't happen in future. Thanks in advance.

@gilles-peskine-arm gilles-peskine-arm changed the title Fix premature fopen() call in mbedtls_entropy_write_seed_file #3175 Fix premature fopen() call in mbedtls_entropy_write_seed_file Nov 3, 2020
@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Mar 30, 2021
edited
Loading

Since the only missing thing was an approved 2.7 backport, this pull request is ready for merge. I just want to re-run the pr-merge CI first.

@gilles-peskine-arm gilles-peskine-arm merged commit bf792e0 into Mbed-TLS:development Mar 30, 2021
daverodgman pushed a commit that referenced this pull request Apr 23, 2021
@gilles-peskine-arm
Merge pull request #3616 from militant-daos/bug_3175
2d764bd 
Fix premature fopen() call in mbedtls_entropy_write_seed_file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yanesca yanesca yanesca approved these changes

@gabor-mezei-arm gabor-mezei-arm gabor-mezei-arm approved these changes

Assignees

@yanesca yanesca

Labels
bug needs-backports Backports are missing or are pending review and approval.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@militant-daos @yanesca @gilles-peskine-arm @gabor-mezei-arm @daverodgman