Manuel Pégourié-Gonnard
fa67ebaebb
Fix X.509 keysize check with multiple CAs
...
Assume we have two trusted CAs with the same name, the first uses ECDSA 256
bits, the second RSA 2048; cert is signed by the second. If we do the keysize
check before we checked the key types match, we'll raise the badkey flags when
checking the EC-256 CA and it will remain up even when we finally find the
correct CA. So, move the check for the key size after signature verification,
which implicitly checks the key type.
2015-06-27 14:41:38 +02:00
Manuel Pégourié-Gonnard
1c5b9fc19f
Avoid truncating peer cert info in ssl_server2
2015-06-27 14:38:51 +02:00
Manuel Pégourié-Gonnard
f659d2cd40
Tune up Windows snprintf() support
...
When we build with Visual Studio in debug mode, the invalid parameter handler
aborts the application (and offers to debug it) when n is 0. We want to
just return -1 instead (as calls with n == 0 are expected and happen in our
tests).
2015-06-26 17:45:00 +02:00
Manuel Pégourié-Gonnard
fc36708697
Use $(MAKE), not make
...
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard
633c6b6485
Run timing selftest on all platforms
...
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard
03db6b0da1
Cosmetics in test scripts
...
Some versions of "which" print on stderr.
2015-06-26 15:45:30 +02:00
Manuel Pégourié-Gonnard
4fd0b256a8
Fix dual use of buffer in test
...
x509_get_name() does not make defensive copies of strings in its input (which
is OK as usually the caller will have made a copy already), so we shouldn't
reuse its input buffer as an output while "parsed" is still alive.
2015-06-26 14:15:48 +02:00
Manuel Pégourié-Gonnard
4b00f08e20
Fix snprintf test
...
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
9db2887672
Actually enable fixed snprintf on windows
2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard
e1d34d1707
cmake: add shortcut 'lib' for all libraries
...
Name chosen to match the existing make target.
2015-06-25 14:53:13 +02:00
Manuel Pégourié-Gonnard
574ae18088
Fix stupid typo that broke make SHARED=1
2015-06-25 14:30:51 +02:00
Manuel Pégourié-Gonnard
ea9556a76e
Fix mistaken changes in Makefile's clean target
...
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard
dc54ff8578
Improve documentation about SSL ticket encryption
2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard
a25ffc3b0f
Update Changelog for target split
2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard
147be4f315
Rm old variable from (c)make files
2015-06-25 11:57:13 +02:00
Manuel Pégourié-Gonnard
752c501126
One soversion per library
2015-06-25 11:56:17 +02:00
Manuel Pégourié-Gonnard
ace35999b0
Fix GNUism in bump_version.sh
2015-06-25 11:51:12 +02:00
Manuel Pégourié-Gonnard
f7c42d885c
Update visualc projects
2015-06-25 11:33:48 +02:00
Manuel Pégourié-Gonnard
6dc2651f02
Cosmetics
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c84d0e1ec1
Use LD_LIBRARY_PATH to run test with SHARED=1
...
In my tests on Linux, LD_PRELOAD does not seem to work, but LD_LIBRARY_PATH
does.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
9b06abe1d1
Add a shared build with make on Linux to all.sh
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c7781addcb
Split library in CMake
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
ba2c8763b6
cmake: adjust libraries linking
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c8293b20a9
cmake: no reason for test to depend on gcc/clang
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
216a1831de
Fix whitespace in CMakeLists.txt
...
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
e058ea2ed8
More consistent toolchains in all.sh
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
cde2aba0af
Do no test net_usleep in timing_selftest
...
Timing belongs in libcrypto (due to havege depending on it)
while net.c was put in libtls (only test ssl servers use it)
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
53585eeb17
Remove test DHM params from certs.c
...
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
21e1ac205e
Fix linking order with make
...
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
0761733c1b
Fix potential NULL dereference
...
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)
Also made me notice net_recv_timeout didn't do its job properly.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
dba460f2f3
Add SSL "assertion" to help static analysis
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
1cf7b30dc8
Rewrite test to make Coverity happier
...
With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
db5d15e227
Minor tune-ups in CMake
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
5c59a4fea5
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
8d4a613cc5
Small Makefile improvements
...
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
for debugging typos
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
21dcc1e748
fixup
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
463e09d64b
Prepare library split
2015-06-24 12:05:33 +02:00
Manuel Pégourié-Gonnard
bae389b4d4
Fix uninitialized access
...
Found using Codenomicon Defensics.
2015-06-24 10:47:33 +02:00
Manuel Pégourié-Gonnard
ac5361f7dc
Fix small issues in tests found by Coverity
2015-06-24 01:08:09 +02:00
Manuel Pégourié-Gonnard
bcc030849a
Avoid fclose( NULL )
...
Found by Coverity Scan.
2015-06-24 00:09:29 +02:00
Manuel Pégourié-Gonnard
7f9049baf4
Make config.pl more resistant to misuse
2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
79c4e3ee59
Rm obsolete comments
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
52fa38a214
Better cleanup in all.sh
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
b86145e6cd
Avoid potential NULL dereference.
...
May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.
(Found with Clang's scan-build.)
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
14bf7063b9
Add SSL "assertions" to help static analyzers
...
scan-build was reporting NULL dereferences
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
b9c93d0d0a
Fix earlier incomplete change in RSA PMS reading
...
Probably a bad merge from the 1.3 branch
2015-06-23 18:43:53 +02:00
Manuel Pégourié-Gonnard
19389753c8
Avoid dead stores (makes scan-build happier)
2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00