1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

10 commits

Author SHA1 Message Date
Andy Green
4b089788bc tls: mbedtls-3
Adapt mbedtls support for compatibility with v3, while maintaining
compatibility with v2.

Notice v3 has removed the ability to encrypt with pubkey and
decrypt with privkey.  Openssl still has it, atm with v3 these
fall back to encrypt with privkey and decrypt with pubkey.

> The RSA module no longer supports private-key operations with the
> public key or vice versa. As a consequence, RSA operation functions
> no longer have a mode parameter. If you were calling RSA operations
> with the normal mode (public key for verification or encryption,
> private key for signature or decryption), remove the
> MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were
> calling RSA operations with the wrong mode, which rarely makes sense
>from a security perspective, this is no longer supported.
2021-07-13 13:22:50 +01:00
Andy Green
c9731c5f17 type comparisons: fixes
This is a huge patch that should be a global NOP.

For unix type platforms it enables -Wconversion to issue warnings (-> error)
for all automatic casts that seem less than ideal but are normally concealed
by the toolchain.

This is things like passing an int to a size_t argument.  Once enabled, I
went through all args on my default build (which build most things) and
tried to make the removed default cast explicit.

With that approach it neither change nor bloat the code, since it compiles
to whatever it was doing before, just with the casts made explicit... in a
few cases I changed some length args from int to size_t but largely left
the causes alone.

From now on, new code that is relying on less than ideal casting
will complain and nudge me to improve it by warnings.
2021-01-05 10:56:38 +00:00
Andy Green
692f269045 coverity: 62140: if newer mbedtls apis available use and check returns
mbedtls has older and newer hashing apis, if we detected the newer ones
we use them like the older ones since generally, hashing doesn't have a
way to fail for sha and md5 update etc.

Coverity objects... change it to dumbly check the retcode.
2020-08-19 07:46:21 +01:00
Andy Green
2a7a92f4d5 mbedtls: support old 2.2-era version from xenial 2020-03-21 14:43:53 +00:00
Andy Green
26319663f7 license: switch LGPLv2.1+SLE parts to MIT 2019-08-14 10:44:38 +01:00
Andy Green
080373f18f genhash: add MD5 2019-07-17 13:09:40 -07:00
Andy Green
eda102e397 jwe 2018-12-27 06:45:32 +08:00
Andy Green
a3dcc95471 genec: generic ECDH crypto layer
!!! WIP

This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.

API tests are added for the parts that are implemented so far.

Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
2018-12-27 06:45:31 +08:00
Andy Green
640620dbdc mbedtls: adapt to deprecated api in 2.7 2018-02-19 06:24:30 +08:00
Andy Green
dd3e5619cb lws_genhash: add HMAC
Like the simple hashes, these work the same regardless of if the backend is
OpenSSL or mbedTLS.

Also move into ./lib/tls/ and split into two specific to mbedtls or openssl
backends.
2017-11-10 16:56:44 +08:00
Renamed from lib/misc/lws-genhash.c (Browse further)