1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

16 commits

Author SHA1 Message Date
Andy Green
a8a443e645 wolfssl: update gencrypto 2021-09-08 09:42:11 +01:00
Andy Green
4db2ff872b cose: keys and signing + validation
Support for COSE keys and signing / validation

 - lws_cose_key_t and import / export / generation apis for EC / RSA / SYMMETRIC

 - cose_sign1 ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign1-tests
 - cose_sign  ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign-tests
 - cose_mac0  HS256/HS256_64/384/512      sign + validate, passes RFC8152 WG tests hmac-examples
 - cose_mac   HS256/HS256_64/384/512             validate, passes RFC8152 WG tests hmac-examples

 - lws-crypto-cose-key commandline tool for key / key set dumping and
   creation
 - lws-crypro-cose-sign commandline tool for signing / validation

 - lws-api-test-cose - large number of test vectors and tests from RFC8152
2021-08-31 05:45:35 +01:00
Andy Green
dc051fb2ae OpenBSD: various api ports 2021-02-17 11:39:15 +00:00
Andy Green
c9731c5f17 type comparisons: fixes
This is a huge patch that should be a global NOP.

For unix type platforms it enables -Wconversion to issue warnings (-> error)
for all automatic casts that seem less than ideal but are normally concealed
by the toolchain.

This is things like passing an int to a size_t argument.  Once enabled, I
went through all args on my default build (which build most things) and
tried to make the removed default cast explicit.

With that approach it neither change nor bloat the code, since it compiles
to whatever it was doing before, just with the casts made explicit... in a
few cases I changed some length args from int to size_t but largely left
the causes alone.

From now on, new code that is relying on less than ideal casting
will complain and nudge me to improve it by warnings.
2021-01-05 10:56:38 +00:00
Andy Green
5c7b5af92a cmake: disable export visibility when building lws static
This is complicated by the fact extern on a function declaration implies
visibility... we have to make LWS_EXTERN empty when building static.

And, setting target_compile_definitions() doesn't work inside macros,
so it has to be set explicitly for the plugins.

Checking the symbol status needs nm -C -D as per

https://stackoverflow.com/questions/37934388/symbol-visibility-not-working-as-expected

after this patch, libwebsockets.a shows no symbols when checked like that and
the static-linked minimal examples only show -U for their other dynamic
imports.

In a handful of cases we use LWS_EXTERN on extern data declarations,
those then need to change to explicit extern.
2020-09-06 11:46:25 +01:00
Andy Green
30e6c22e14 openssl3: migrate genhmac to EVP
The low level apis for HMAC (including those only introduced at 1.1.0...)
are all deprecated in OpenSSL v3.

Let's bite the bullet and migrate to EVP, it's already existing in modern
OpenSSL and we already use it for genhash.

EVP needs a PKEY, sort that out and keep it around until the hmac is
destroyed.
2020-06-16 19:45:35 +01:00
Andy Green
157acfc906 windows: clean type warnings
There are some minor public api type improvements rather than cast everywhere
inside lws and user code to work around them... these changed from int to
size_t

 - lws_buflist_use_segment() return
 - lws_tokenize_t .len and .token_len
 - lws_tokenize_cstr() length
 - lws_get_peer_simple() namelen
 - lws_get_peer_simple_fd() namelen, int fd -> lws_sockfd_type fd
 - lws_write_numeric_address() len
 - lws_sa46_write_numeric_address() len

These changes are typically a NOP for user code
2020-01-11 14:04:50 +00:00
Andy Green
b177435945 COV225133: coverity false positive 2019-09-22 03:08:36 -07:00
Andy Green
26319663f7 license: switch LGPLv2.1+SLE parts to MIT 2019-08-14 10:44:38 +01:00
Andy Green
080373f18f genhash: add MD5 2019-07-17 13:09:40 -07:00
Andy Green
e76982a090 boringssl: deal with loss of EVP_PKEY_new_mac_key
Rewrite HMAC stuff to use HMAC_ apis instead of EVP

Bit trickly since modern OpenSSL has opaque HMAC_CTX and older
OpenSSL does not have any apis to allocate and free it.

Add another cmake check for the allocation api to decide
what to do.
2019-07-09 18:18:10 +01:00
Andy Green
658afbc658 crypto: openssl: use EVP hmac objects directly 2 2019-01-29 15:28:56 +08:00
Andy Green
eda102e397 jwe 2018-12-27 06:45:32 +08:00
Andy Green
a3dcc95471 genec: generic ECDH crypto layer
!!! WIP

This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.

API tests are added for the parts that are implemented so far.

Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
2018-12-27 06:45:31 +08:00
Andy Green
be525cb624 appveyor: Enable 64-bit build with OpenSSL and HTTP2
Fix warnings found from that

Introduce lws_ptr_diff(head, tail) helper to normalize
pointers to char *, do the subtraction and cast the
result to int.
2017-11-26 19:16:17 +08:00
Andy Green
dd3e5619cb lws_genhash: add HMAC
Like the simple hashes, these work the same regardless of if the backend is
OpenSSL or mbedTLS.

Also move into ./lib/tls/ and split into two specific to mbedtls or openssl
backends.
2017-11-10 16:56:44 +08:00