[Libwebsockets] HMAC functions not exported
andy at warmcat.com
Thu Aug 30 00:22:20 CEST 2018
On 08/29/2018 07:13 PM, Gerard Juijn wrote:
> Hi all,
> I’m new to libwebsockets. First of all, thanks for a wonderful library!
> I’m glad I found it and have been able to work with it for some weeks now.
> I do have a question about the HMAC functions in lws-genhash.h. For some
> reason they are not decorated with LWS_VISIBLE LWS_EXTERN.
Right... it's an oversight... the user for those in lws is the JSON Web
Signature stuff for ACME, which is part of the lws build and doesn't
require them externally VISIBLE.
I pushed patches on master + v3.0-stable fixing this... they're in the
public API headers because they are meant to be usable externally.
> Is there a reason for this? The next problem I found that if I hack in
> the decorations the functions actually throw an error from OpenSSL.
Well... "I got an error from OpenSSL" is not very actionable. It can be
(and often is, if it's related to build) about the exact version of OpenSSL.
If you configure lws with
cmake .. -DLWS_WITH_GENHASH=1 -DLWS_WITH_SELFTESTS=1 -DLWS_WITH_JWS=1
when you run eg the test server, at context creation time it will run
the built-in lws RFC7515 selftest that uses JWK / genrsa, genhash and
genhmac with RFC-defined inputs checked against a defined output.
[2018/08/30 06:10:18:2990] NOTICE: libwebsockets test server - license
[2018/08/30 06:10:18:2990] NOTICE: (C) Copyright 2010-2018 Andy Green
<andy at warmcat.com>
Using resource path "/usr/local/share/libwebsockets-test-server"
[2018/08/30 06:10:18:3037] NOTICE: lws_jws_selftest: selftest OK <<<---
This is using Fedora 28 openssl-1.1.0h package.
If something different is coming for you, please paste what it is,
openssl version etc.
> I ended up writing my own function using OpenSSL directly, but it would
> be nice to just rely on libwebsockets API, as it contains everything
> else I need!
The genhash / genhmac / genrsa stuff is especially useful because it all
works the same with OpenSSL or mbedTLS backend transparently... if you
ever port to a very resource-constrained device that will come in handy.
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets