Rewrite HMAC stuff to use HMAC_ apis instead of EVP
Bit trickly since modern OpenSSL has opaque HMAC_CTX and older
OpenSSL does not have any apis to allocate and free it.
Add another cmake check for the allocation api to decide
what to do.
Building with LWS_WITH_ASAN was broken when using Clang, due to some
flags being given that Clang doesn't recognize.
Fixed this by adding those flags only when the compiler isn't Clang.
The fix in 1d6128d1fe worked for
MinGW with GCC7, but GCC8 evidentially got smarter, and it
also substitutes bzero->memset for larger arrays.
Set the emitted warning as an error to avoid misdetection.
Using a C compiler ignores non-existent functions, and tries to link them anyway.
The compiler optimizes `bzero(buf, 1)` to `movb $0x0,0xf(%esp)`, so bzero is
not called at all, and the linker succeeds.
Increase the buffer size to 100 to avoid this optimization.
We use POSIX dir scanning apis normally, but for windows, we require libuv
to do it for us.
Formalize that into a wrapper lws_dir() that hides the backend code.
Make it configurable, ON by default and forced on with lejp-conf that
depends on it.
The cmake config on the build system actually decides the release build optimization policy.
On Fedora, it's -O2. On Ubuntu, it's -O3.
Anything given in CMakeLists.txt is overridden by the build system policy since it goes at
the end of the compiler commandline.
When you are building cross, the build system's opinion of your cross binary optimization
level is irrelevant, and at worst destructive. Some versions of gcc contain broken optimizations
that are applied only at -O3.
This patch removes any doomed attempt to set -O in CMakeLists.txt, which has
no effect since the build system policy is still added at the end, but
removes confusion; and adds code to all the cross build files to forcibly
override release optimization level to -O2, removing the build system's
opinion of how your cross build should look.
Until now lws only parses headers it knows at build-time from its
prebuilt lexical analyzer.
This adds an on-by-default cmake option and a couple of apis
to also store and query "custom", ie, unknown-to-lws headers.
A minimal example is also provided.
At the moment it only works on h1, h2 support needs improvements
to the hpack implementation.
Since it bloats ah memory usage compared to without it if custom
headers are present, the related code and ah footprint can be
disabled with the cmake option LWS_WITH_CUSTOM_HEADERS, but it's
on by default normally. ESP32 platform disables it.
https://github.com/warmcat/libwebsockets/pull/1499
!!! WIP
This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.
API tests are added for the parts that are implemented so far.
Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
Although RSA can be used directly for signing / JWS
on large chunks of data since it's only operating on
the hash, when JWE support arrives, which allows bulk
encryption, it's going to be mandatory to support
secondary AES ciphers to use on the bulk data.
This adds generic support for all AES modes that OpenSSL
and mbedTLS have in common, works on both mbedTLS and
OpenSSL the same, and adds unit tests for each mode
in api-test-gencrypto, to run in CI.
Until now the JOSE pieces only had enough support for ACME.
This patch improves the JWK parsing to prepare for more
complete support and for adding JWE, genaes and genec in
later patches.
In the now default case that THREADPOOL is enabled... not sure what OSX
will make of that as previously it blew up with -pthread on clang cmdline
at link time
This lets you build using the runtime Address Sanitizer in gcc.
LWS is heavily tested with valgrind routinely during development. But ASAN
did find some theoretical-only issues with shifting, strictly ~(1 << 31) is
a signed int, it should be ~(1u << 31). Gcc does the same for both, but it's
good to have the ability to find these.
