Commit graph

2165 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard db2468d7aa Update old comment 2015-06-30 17:19:48 +02:00
Manuel Pégourié-Gonnard 3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free()
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard 91895853ac Move from naked int to a structure in net.c
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard 16a17a496c Fix net_accept() for UDP sockets on Windows
On Windows, recvfrom() returns an error code if the destination buffer is too
small to hold the next datagram.
2015-06-30 11:31:10 +02:00
Manuel Pégourié-Gonnard a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard 80d627a5ae Remove now useless function 2015-06-29 20:12:51 +02:00
Manuel Pégourié-Gonnard b74c245a20 Rework debug to not need dynamic alloc
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard fa67ebaebb Fix X.509 keysize check with multiple CAs
Assume we have two trusted CAs with the same name, the first uses ECDSA 256
bits, the second RSA 2048; cert is signed by the second. If we do the keysize
check before we checked the key types match, we'll raise the badkey flags when
checking the EC-256 CA and it will remain up even when we finally find the
correct CA. So, move the check for the key size after signature verification,
which implicitly checks the key type.
2015-06-27 14:41:38 +02:00
Manuel Pégourié-Gonnard f659d2cd40 Tune up Windows snprintf() support
When we build with Visual Studio in debug mode, the invalid parameter handler
aborts the application (and offers to debug it) when n is 0. We want to
just return -1 instead (as calls with n == 0 are expected and happen in our
tests).
2015-06-26 17:45:00 +02:00
Manuel Pégourié-Gonnard e1d34d1707 cmake: add shortcut 'lib' for all libraries
Name chosen to match the existing make target.
2015-06-25 14:53:13 +02:00
Manuel Pégourié-Gonnard 574ae18088 Fix stupid typo that broke make SHARED=1 2015-06-25 14:30:51 +02:00
Manuel Pégourié-Gonnard 147be4f315 Rm old variable from (c)make files 2015-06-25 11:57:13 +02:00
Manuel Pégourié-Gonnard 752c501126 One soversion per library 2015-06-25 11:56:17 +02:00
Manuel Pégourié-Gonnard c7781addcb Split library in CMake 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard ba2c8763b6 cmake: adjust libraries linking 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard cde2aba0af Do no test net_usleep in timing_selftest
Timing belongs in libcrypto (due to havege depending on it)
while net.c was put in libtls (only test ssl servers use it)
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 53585eeb17 Remove test DHM params from certs.c
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard dba460f2f3 Add SSL "assertion" to help static analysis 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 1cf7b30dc8 Rewrite test to make Coverity happier
With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard 5c59a4fea5 Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard 21dcc1e748 fixup 2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard 463e09d64b Prepare library split 2015-06-24 12:05:33 +02:00
Manuel Pégourié-Gonnard bae389b4d4 Fix uninitialized access
Found using Codenomicon Defensics.
2015-06-24 10:47:33 +02:00
Manuel Pégourié-Gonnard bcc030849a Avoid fclose( NULL )
Found by Coverity Scan.
2015-06-24 00:09:29 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard 79c4e3ee59 Rm obsolete comments 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard b86145e6cd Avoid potential NULL dereference.
May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.

(Found with Clang's scan-build.)
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard 14bf7063b9 Add SSL "assertions" to help static analyzers
scan-build was reporting NULL dereferences
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard b9c93d0d0a Fix earlier incomplete change in RSA PMS reading
Probably a bad merge from the 1.3 branch
2015-06-23 18:43:53 +02:00
Manuel Pégourié-Gonnard 19389753c8 Avoid dead stores (makes scan-build happier) 2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard d23f593737 Avoid static buffer in debug module
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 96fb685e31 Some more init calls 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 496f24e949 Deduplicate SHA-2 wrappers 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard ab5932192a Call init functions in MD alloc wrappers
When someone defines MBEDTLS_MD5_ALT for example, the init function may need
to do more that just zeroizing the context
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage()
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard b80d16d171 Fix return convention of x509_wildcard_verify() 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 7320eb46d4 Remove references to some Montgomery curves
After all it looks like those won't become standard.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9386664543 Move from inttypes.h to stdint.h
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard 57e10d71be Fix potential NULL dereference.
Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer.
2015-06-22 23:40:44 +02:00
Manuel Pégourié-Gonnard f9b85d96a9 Fix potential resource leak in X.509 parse dir
Found with fbinfer.
2015-06-22 18:39:57 +02:00
Manuel Pégourié-Gonnard bcf13bab5d Fix issue with MemSan and entropy
Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.

I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work.
2015-06-22 18:25:41 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 9dbaf400ef Rationalize other snprintf() uses 2015-06-22 14:42:04 +02:00