1cf7b30dc8
Rewrite test to make Coverity happier
...
With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.
2015-06-25 10:59:56 +02:00
db5d15e227
Minor tune-ups in CMake
2015-06-25 10:59:56 +02:00
5c59a4fea5
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
8d4a613cc5
Small Makefile improvements
...
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
for debugging typos
2015-06-25 10:59:56 +02:00
21dcc1e748
fixup
2015-06-25 10:59:56 +02:00
463e09d64b
Prepare library split
2015-06-24 12:05:33 +02:00
bae389b4d4
Fix uninitialized access
...
Found using Codenomicon Defensics.
2015-06-24 10:47:33 +02:00
ac5361f7dc
Fix small issues in tests found by Coverity
2015-06-24 01:08:09 +02:00
bcc030849a
Avoid fclose( NULL )
...
Found by Coverity Scan.
2015-06-24 00:09:29 +02:00
7f9049baf4
Make config.pl more resistant to misuse
2015-06-23 23:30:16 +02:00
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
79c4e3ee59
Rm obsolete comments
2015-06-23 18:44:10 +02:00
52fa38a214
Better cleanup in all.sh
2015-06-23 18:44:10 +02:00
b86145e6cd
Avoid potential NULL dereference.
...
May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.
(Found with Clang's scan-build.)
2015-06-23 18:44:10 +02:00
14bf7063b9
Add SSL "assertions" to help static analyzers
...
scan-build was reporting NULL dereferences
2015-06-23 18:44:10 +02:00
b9c93d0d0a
Fix earlier incomplete change in RSA PMS reading
...
Probably a bad merge from the 1.3 branch
2015-06-23 18:43:53 +02:00
19389753c8
Avoid dead stores (makes scan-build happier)
2015-06-23 13:46:44 +02:00
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
e244f9ffc0
Improve doc about length of strings written
2015-06-23 13:09:11 +02:00
d23f593737
Avoid static buffer in debug module
...
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
96fb685e31
Some more init calls
2015-06-23 13:09:11 +02:00
496f24e949
Deduplicate SHA-2 wrappers
2015-06-23 13:09:11 +02:00
ab5932192a
Call init functions in MD alloc wrappers
...
When someone defines MBEDTLS_MD5_ALT for example, the init function may need
to do more that just zeroizing the context
2015-06-23 13:09:11 +02:00
1cd10adc7c
Update prototype of x509write_set_key_usage()
...
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
655a964539
Adapt check_key_usage to new weird bits
2015-06-23 13:09:10 +02:00
9a702255f4
Add parsing/printing for new X.509 keyUsage flags
2015-06-23 13:09:10 +02:00
b80d16d171
Fix return convention of x509_wildcard_verify()
2015-06-23 13:09:10 +02:00
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
7320eb46d4
Remove references to some Montgomery curves
...
After all it looks like those won't become standard.
2015-06-23 13:09:10 +02:00
9386664543
Move from inttypes.h to stdint.h
...
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
e7e89844d6
Fix and document corner-cases of time checking
2015-06-22 23:41:24 +02:00
57e10d71be
Fix potential NULL dereference.
...
Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer.
2015-06-22 23:40:44 +02:00
e91e21cf1b
Simplify code in test suites
...
Hopefully makes it easier on static analyzers
2015-06-22 18:47:07 +02:00
f9b85d96a9
Fix potential resource leak in X.509 parse dir
...
Found with fbinfer.
2015-06-22 18:39:57 +02:00
bcf13bab5d
Fix issue with MemSan and entropy
...
Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.
I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work.
2015-06-22 18:25:41 +02:00
96aba64e13
Merge branch 'set_hs' into development
...
* set_hs:
Add tests for mbedtls_set_hs_ca_chain()
Add tests for mbedtls_ssl_set_hs_authmode()
Add support for SNI CA and authmode in ssl_server2
Add mbedtls_ssl_set_hs_authmode
2015-06-22 18:20:56 +02:00
6ea831dcf4
Add tests for mbedtls_set_hs_ca_chain()
2015-06-22 17:30:18 +02:00
c948a798bd
Add tests for mbedtls_ssl_set_hs_authmode()
2015-06-22 16:04:20 +02:00
4d6f178376
Add support for SNI CA and authmode in ssl_server2
2015-06-22 14:52:40 +02:00
cdc26ae099
Add mbedtls_ssl_set_hs_authmode
...
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
a752d8780c
Merge branch 'snprintf' into development
...
* snprintf:
Rationalize other snprintf() uses
Rationalize snprintf() usage in X.509 modules
Add tests for snprintf
Include fixed snprintf for Windows in platform.c
2015-06-22 14:51:28 +02:00
9dbaf400ef
Rationalize other snprintf() uses
2015-06-22 14:42:04 +02:00
1685368408
Rationalize snprintf() usage in X.509 modules
2015-06-22 14:42:04 +02:00
7b6dcbe993
Add tests for snprintf
...
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
6c0c8e0d3d
Include fixed snprintf for Windows in platform.c
...
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
2015-06-22 14:42:04 +02:00
bbc60db221
Adjustments for armcc in all.sh
...
- no HAVE_TIME -> no HAVE_TIME_DATE
- check if --help works, so that the test is cleanly skipped if license server
cannot be reached
2015-06-22 14:41:37 +02:00
8ba88f0460
Fix stupid typo in documentation
2015-06-22 14:40:56 +02:00
f9cbd73191
Update generated files
2015-06-22 14:40:56 +02:00
d5f38b045d
Fix dependencies on time on x509 test suite
2015-06-22 14:40:56 +02:00
