1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

10 commits

Author SHA1 Message Date
Andy Green
843ee10205 mbedtls: v3.1 reverts privacy of mbedtls_net_context fd
mbedtls seemed to realize that they went overboard with the privacy stuff
on v3.0 and removed some of it.  Introduce support for those members that
are only private on exactly v3.0 and unprotected before and after.
2022-03-15 10:28:09 +00:00
Andy Green
7b34626a22 mbedtls-x509: coverity: remove needless check
ip can't be NULL, it's set to the address of another object.
2021-11-08 13:44:45 +00:00
Andy Green
81a69d10e9 jit-trust: show coverity we handle NULL attribute source
Coverity doesn't understand that since we already handled
akid.keyIdentifier.MBEDTLS_PRIVATE(len) being zero, we don't need to
check for akid.keyIdentifier.MBEDTLS_PRIVATE(p) being NULL.

So explicitly check it, even though it is a NOP.
2021-11-08 13:44:45 +00:00
Andy Green
4db2ff872b cose: keys and signing + validation
Support for COSE keys and signing / validation

 - lws_cose_key_t and import / export / generation apis for EC / RSA / SYMMETRIC

 - cose_sign1 ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign1-tests
 - cose_sign  ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign-tests
 - cose_mac0  HS256/HS256_64/384/512      sign + validate, passes RFC8152 WG tests hmac-examples
 - cose_mac   HS256/HS256_64/384/512             validate, passes RFC8152 WG tests hmac-examples

 - lws-crypto-cose-key commandline tool for key / key set dumping and
   creation
 - lws-crypro-cose-sign commandline tool for signing / validation

 - lws-api-test-cose - large number of test vectors and tests from RFC8152
2021-08-31 05:45:35 +01:00
Andy Green
4b089788bc tls: mbedtls-3
Adapt mbedtls support for compatibility with v3, while maintaining
compatibility with v2.

Notice v3 has removed the ability to encrypt with pubkey and
decrypt with privkey.  Openssl still has it, atm with v3 these
fall back to encrypt with privkey and decrypt with pubkey.

> The RSA module no longer supports private-key operations with the
> public key or vice versa. As a consequence, RSA operation functions
> no longer have a mode parameter. If you were calling RSA operations
> with the normal mode (public key for verification or encryption,
> private key for signature or decryption), remove the
> MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were
> calling RSA operations with the wrong mode, which rarely makes sense
>from a security perspective, this is no longer supported.
2021-07-13 13:22:50 +01:00
Andy Green
983edafdb4 mbedtls: add AKID and SKID support 2021-06-22 15:55:29 +01:00
Andreas Weigel
12d535f839 x509: support DER recovery 2021-03-13 08:06:17 +00:00
Andy Green
c9731c5f17 type comparisons: fixes
This is a huge patch that should be a global NOP.

For unix type platforms it enables -Wconversion to issue warnings (-> error)
for all automatic casts that seem less than ideal but are normally concealed
by the toolchain.

This is things like passing an int to a size_t argument.  Once enabled, I
went through all args on my default build (which build most things) and
tried to make the removed default cast explicit.

With that approach it neither change nor bloat the code, since it compiles
to whatever it was doing before, just with the casts made explicit... in a
few cases I changed some length args from int to size_t but largely left
the causes alone.

From now on, new code that is relying on less than ideal casting
will complain and nudge me to improve it by warnings.
2021-01-05 10:56:38 +00:00
Andy Green
6b3221ffc1 mbedtls: only free crt_parse when something came back
Mbedtls mbedtls_x509_crt_parse() returns 0 for success which is good.
But it has a complicated idea about what to return on fail... if it
couldn't make even one cert from the data, then it returns a negative
return indicating the parsing problem and there is nothing to free.

If it managed to parse at least one cert, instead it retuns a positive
number indicating the number of certs it didn't parse successfully,
and there is something to free.

Adapt the code to understand this quirk.
2020-07-09 15:30:34 +01:00
Andy Green
d7f0521aeb private.h: rename to contain dir
Having unique private header names is a requirement of a particular
platform build system it's desirable to work with
2019-08-15 10:49:52 +01:00
Renamed from lib/tls/mbedtls/x509.c (Browse further)