spacemonkeygo / openssl Goto Github PK
View Code? Open in Web Editor NEWOpenSSL bindings for Go
Home Page: http://godoc.org/github.com/spacemonkeygo/openssl
License: Apache License 2.0
OpenSSL bindings for Go
Home Page: http://godoc.org/github.com/spacemonkeygo/openssl
License: Apache License 2.0
I can't seem to get a server that is run with server := &http.Server{...}; server.Serve(theOpensslListener)
to serve http2. I've tried setting TLSNextProto to nil and to call http2.ConfigureServer etc, which works when not going through openssl's listener. Any suggestions? Thanks!
This is probably related to issue #19
I have the following method:
func (s myConf) Verify(data []byte, sig []byte) (bool, error) {
digest, err := openssl.SHA256(data)
if err != nil {
return false, err
}
if err := (*(s.public)).VerifyPKCS1v15(openssl.SHA256_Method, digest[:], signature); err != nil {
return false, err
} else {
return true, nil
}
}
I just recently noticed that my unit tests usually pass, though occasionally they will fail with the error:
verifypkcs1v15: failed to finalize verify
Maybe every 3rd or 4th time I run it is fails. If I click run again, it will pass.
I created multiple *openssl.Ctx
. When one goes out of scope, the finalizer tries to free a bunch of stuff including the *openssl.Certificate associated with that context (https://github.com/spacemonkeygo/openssl/blob/master/cert.go#L326). My program keeps crashing and it seems like the finalizer is being called twice. The workaround is to never let the openssl.Ctx
go out of scope. The following is the relevant crash error:
main(97262,0xb0104000) malloc: *** error for object 0x5216a20: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
SIGABRT: abort
PC=0x7fff8da09286
signal arrived during cgo execution
goroutine 19 [syscall]:
runtime.cgocall(0x4002560, 0x46f4f10)
/usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/cgocall.c:143 +0xe5 fp=0x46f4ef8 sp=0x46f4eb0
github.com/spacemonkeygo/openssl._Cfunc_X509_free(0x52152d0)
github.com/spacemonkeygo/openssl/_obj/_cgo_defun.c:1460 +0x31 fp=0x46f4f10 sp=0x46f4ef8
github.com/spacemonkeygo/openssl.func·007(0xc208085980)
/Users/i/proj/src/github.com/spacemonkeygo/openssl/cert.go:327 +0x2a fp=0x46f4f20 sp=0x46f4f10
runtime.call16(0x446ade8, 0xc2080003d0, 0x1000000010)
/usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/asm_amd64.s:360 +0x32 fp=0x46f4f38 sp=0x46f4f20
runfinq()
/usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/mgc0.c:2682 +0x207 fp=0x46f4fa8 sp=0x46f4f38
runtime.goexit()
/usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/proc.c:1445 fp=0x46f4fb0 sp=0x46f4fa8
created by runtime.gc
/usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/mgc0.c:2268
does support dlls?
CGO_LDFLAGS="-g" "-O2" "-lssl" "-lcrypto" /usr/lib/golang/pkg/tool/linux_amd64/cgo -objdir $WORK/github.com/spacemonkeygo/openssl/_obj/ -importpath github.com/spacemonkeygo/openssl -- -I $WORK/github.com/spacemonkeygo/openssl/_obj/ bio.go build.go cert.go ciphers.go ciphers_gcm.go conn.go ctx.go dhparam.go digest.go engine.go hostname.go init.go init_posix.go key.go old_openssl_compat.go sha1.go sha256.go ssl.go tickets.go
# github.com/spacemonkeygo/openssl
could not determine kind of name for C.EVP_sha
Happens with libressl 2.3.2.
reproducable code: http://paste.ubuntu.com/8450867/
When provided with a valid certificate, bundle and key , the pasted code works fine on Go 1.2.2, but crashes on 1.3 and 1.3.2 .
Crashdump: http://pastie.org/private/eszbzktmuyk5o1fgztc6nw
Each time it manages to get 5 to 10 requests out before crashing.
To reproduce, run the following :
go build reproduce.go && sudo ./reproduce -cert=/path/to/cert.crt -key=/path/to/key.key -bundle=/path/to/bundle.crt
on another window.
openssl s_client -connect 127.0.0.1:443 -CApath /etc/ssl/certs
This command successfully validates the cert now that we have the chain added.. but...
Run this about 5 to 10 times and it should crash the server...
My environment
Ubuntu 14.04 (3.13.0-34-generic)
libssl-dev:amd64 1.0.1f-1ubuntu2.5
Hi:
I Have a ssl accelerator hardware .
How to use this API to coding for hardware supported.
I know openssl.EngineById("cavium"), but I need more detail about how to used it
Thanks.
The connections in Spacemonkey openssl wrapper makes use of cgo calls and this is an issue because it leads to massive number of threads for simultaneous ssl connections. cgo marks all C code as syscall causing scheduler to allocate a new thread if needed. Can this be addressed ?
Unless I'm mistaken, this module does not wrap the OpenSSL library function for enabling FIPS mode. Since this is the only OpenSSL binding library of which I'm aware for golang, it would be really great to be able to have this function available. For reference:
I opened pull request #56 to fix the build on OSX by using the "brew" build tag, but the tests don't pass.
The TestOpenSSLSimple and other tests which exercise SSL handshaking fail on OSX. Not sure why. SSH_get_error returns SSL_ERROR_SSL, but ERR_get_error returns 0. I don't see any other indication why the ssl handshake is failing.
I'm using el capitan and golang 1.6.2. Tests pass normally on debian.
Based on the code comment here: https://github.com/spacemonkeygo/openssl/blob/master/http.go#L51
... it seems that an HTTP client is not implemented. Are there any known/recommended HTTP clients that can accept/embed the connection object created by this library? I do not need all of the functionality of the standard lib, just need to make REST calls against a secure service.
I found this package only support fewer ciphers as below:
openssl.SetCiphers("ALL")
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing CAMELLIA128-SHA...YES
Testing DES-CBC3-SHA...YES
the morden configuration about ssl_ciphers list as below:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-S128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-A:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
So what should I do ?
We know, we know.
Just filing this ticket so people can track our progress on fixing this.
HI
I couldn't found any api about session or ticket to get or set .
Cause the openssl use it's own builtin cache .
I want to build a center of session cache for ssl compute cluster.
Making this bug report on request of rfjakob/gocryptfs#15 (comment)
OS X no longer ships openssl as of OS X 10.11, and as such an installed version of openssl is probably new enough to support GCM, but they are not built in this project so long as the platform is darwin ala
https://github.com/spacemonkeygo/openssl/blob/master/ciphers_gcm.go#L15
with no checks made to see if the installed openssl provides support or not.
Personally I have OpenSSL 1.0.2e installed on OS X 10.11.2 and removing the "!darwin" from that linked file allows these bindings to continue to build just fine
The "performance" section in the documentation has not been updated since April 2014. Running the benchmarks today with go 1.7 and 1.8, it seems this library is slower than the stdlib in all but one benchmark (BenchmarkSHA256Large_*
):
Go 1.8:
$ go version
go version go1.8.1 darwin/amd64
$ go test -bench=. -ldflags=-s
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
BenchmarkSHA256HMAC-4 2000000 979 ns/op
BenchmarkSHA1Large_openssl-4 2000 1161567 ns/op 902.72 MB/s
BenchmarkSHA1Large_stdlib-4 1000 1125683 ns/op 931.50 MB/s
BenchmarkSHA1Small_openssl-4 1000000 1774 ns/op 0.56 MB/s
BenchmarkSHA1Small_stdlib-4 10000000 206 ns/op 4.85 MB/s
BenchmarkSHA256Large_openssl-4 500 2560554 ns/op 409.51 MB/s
BenchmarkSHA256Large_stdlib-4 500 2934527 ns/op 357.32 MB/s
BenchmarkSHA256Small_openssl-4 500000 2017 ns/op 0.50 MB/s
BenchmarkSHA256Small_stdlib-4 5000000 286 ns/op 3.49 MB/s
BenchmarkStdlibThroughput-4 200000 7676 ns/op 133.40 MB/s
BenchmarkOpenSSLThroughput-4 50000 32563 ns/op 31.45 MB/s
BenchmarkStdlibOpenSSLThroughput-4 200000 8320 ns/op 123.07 MB/s
BenchmarkOpenSSLStdlibThroughput-4 300000 5981 ns/op 171.19 MB/s
PASS
ok github.com/spacemonkeygo/openssl 104.153s
Go 1.7:
$ go version
go version go1.7.5 darwin/amd64
$ go test -bench=. -ldflags=-s
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
BenchmarkSHA256HMAC-4 1000000 1352 ns/op
BenchmarkSHA1Large_openssl-4 2000 1251402 ns/op 837.92 MB/s
BenchmarkSHA1Large_stdlib-4 2000 1101072 ns/op 952.32 MB/s
BenchmarkSHA1Small_openssl-4 500000 2579 ns/op 0.39 MB/s
BenchmarkSHA1Small_stdlib-4 10000000 202 ns/op 4.93 MB/s
BenchmarkSHA256Large_openssl-4 500 2456446 ns/op 426.87 MB/s
BenchmarkSHA256Large_stdlib-4 500 2891912 ns/op 362.59 MB/s
BenchmarkSHA256Small_openssl-4 500000 2962 ns/op 0.34 MB/s
BenchmarkSHA256Small_stdlib-4 5000000 277 ns/op 3.60 MB/s
BenchmarkStdlibThroughput-4 200000 6965 ns/op 147.01 MB/s
BenchmarkOpenSSLThroughput-4 50000 33866 ns/op 30.24 MB/s
BenchmarkStdlibOpenSSLThroughput-4 200000 6940 ns/op 147.53 MB/s
BenchmarkOpenSSLStdlibThroughput-4 200000 6994 ns/op 146.40 MB/s
PASS
ok github.com/spacemonkeygo/openssl 97.231s
Hi ,
How can I sign an input with EVP in golang with this library ?
Like this link...
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
I can not find any explanation to the error as Ctx is clearly defined in ctx.go. This only happens when GOOS=windows and or GOARCH=386. Trying with latest 1.10.2 golang:
dmagyar@dmtest:~/go/ossl$ GOOS=windows GOARCH=amd64 go get github.com/spacemonkeygo/openssl
# github.com/spacemonkeygo/openssl
../src/github.com/spacemonkeygo/openssl/net.go:24:7: undefined: Ctx
dmagyar@dmtest:~/go/ossl$ GOOS=linux GOARCH=amd64 go get github.com/spacemonkeygo/openssl
dmagyar@dmtest:~/go/ossl$ GOOS=linux GOARCH=386 go get github.com/spacemonkeygo/openssl
# github.com/spacemonkeygo/openssl
../src/github.com/spacemonkeygo/openssl/net.go:24:7: undefined: Ctx
dmagyar@dmtest:~/go/ossl$
Any ideas what this could be?
I am using the latest spacemonkeygo/openssl as of today. My code is as follows:
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
ClientAuth: clientAuth,
ClientCAs: clientCertPool,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
}
cfg.Rand = rand.Reader
srv := &http.Server{
Addr: ":" + httpsPort,
Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
// some proprietary stuff
handler.ServeHTTP(w, req)
}),
TLSConfig: cfg,
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
}
log.Fatal(openssl.ServerListenAndServeTLS(srv, certFile, pkeyFile))
As you can see, MinVersion is set to TLS 1.2 and I also specified a narrow set of CipherSuites. However, sslscan shows that TLS1.0-1.2 are all accepted:
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits SEED-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Preferred TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits SEED-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Preferred TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits SEED-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits DES-CBC3-SHA
I have further verified that calling srv.ListenAndServeTLS(certFile, pkeyFile) instead works as expected and only TLS 1.2 ciphers are returned:
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-521 DHE 521
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA
FYI I need to use spacemonkeygo openssl pkg as I need FIPS mode support.
I tried to implement ssl tls ticket feature. But haven't enough skill.
So can someone help me with it. Any examples will be good. I stack with callback function implementation in cgo.
I'm talking about this: https://www.openssl.org/docs/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
Thank you.
Hi,
It seems to be good to change listener to Listener in https://github.com/spacemonkeygo/openssl/blob/master/net.go#L22. It will be useful for extend listener. For example add custom timeouts:
type BalancerListener struct {
openssl.Listener
ReadTimeout time.Duration
WriteTimeout time.Duration
TCPkeepAlivePeriod time.Duration
}
func (bl *BalancerListener) Accept() (c net.Conn, err error) {
conn, err := bl.Listener.Accept()
if err != nil {
return
}
conn.SetReadDeadline(time.Now().Add(bl.ReadTimeout))
conn.SetWriteDeadline(time.Now().Add(bl.WriteTimeout))
return conn, nil
}
I'm trying to add Travis support, but some of the tests fail:
=== RUN TestGCM
--- FAIL: TestGCM (0.00 seconds)
ciphers_test.go:154: Decryption with b=256: Failed to add authenticated data: failed to add additional authenticated data
=== RUN TestGCMWithNoAAD
--- FAIL: TestGCMWithNoAAD (0.00 seconds)
ciphers_test.go:172: Decryption failure: Failed to perform a decryption: failed to decrypt
=== RUN TestBadTag
--- FAIL: TestBadTag (0.00 seconds)
ciphers_test.go:198: Decryption failure: Failed to perform a decryption: failed to decrypt
=== RUN TestBadCiphertext
--- FAIL: TestBadCiphertext (0.00 seconds)
ciphers_test.go:224: Decryption failure: Failed to add authenticated data: failed to add additional authenticated data
=== RUN TestBadAAD
--- FAIL: TestBadAAD (0.00 seconds)
ciphers_test.go:250: Decryption failure: Failed to add authenticated data: failed to add additional authenticated data
The travis-ci.org boxes are running Ubuntu 12.04. I installed libssl-dev as a dependency.
Tests do not fail on my own Ubuntu 14.04 VM. I'm setting up a 12.04 VM to debug.
I have a problem building mongodb using linuxbrew. It crashes when it tries to build this module.
Building bsondump...
# github.com/spacemonkeygo/openssl
vendor/src/github.com/spacemonkeygo/openssl/net.go:121: conn.setSession undefined (type *Conn has no field or method setSession)
vendor/src/github.com/spacemonkeygo/openssl/net.go:128: conn.SetTlsExtHostName undefined (type *Conn has no field or method SetTlsExtHostName)
Do you have any idea what's causing the problem?
See this related issue for full log: https://github.com/Linuxbrew/homebrew-core/issues/1892
代码里没有定义SSL_OP_ALL,是否已默认设置?如果没有默认设置,请开发者们添加上吧?
I'm working on implementing elliptic curve cryptography using OpenSSL and I borrowed a lot of code from ciphers.go. While testing my own project, I noticed that while initializing the decryption context using the NewDecryptionCipherCtx function and "aes-256-cbc" as the cipher, it wouldn't do the decryption properly even though the IV, key and the ciphertext were as expected. Further investigation revealed that this was because of EVP_EncryptInit_ex function on line 156 of ciphers.go.
My solution to the problem was adding a new variable called do to the function which would determine whether the intended operation is encryption or decryption and do everything accordingly. More here: https://github.com/ishbir/elliptic/blob/master/ciphers.go#L123
I think that the same fix should be made in this package.
The documentation lack of examples on how to generate certificates.
I tried to generate a signed p12 but i was unable to do that.
I also started a stackoverflow post on it but no one has replied, so probably no one know how to do that, some examples are definitely necessary.
/tmp/go-build226287687/github.com/superchalupa/go-redfish/vendor/github.com/spacemonkeygo/openssl/_obj/shim.o: In function X_EVP_sha': vendor/github.com/spacemonkeygo/openssl/shim.c:258: undefined reference to
EVP_sha'
I had to #if 0 out these couple of lines to get it to compile. After that, everything worked ok (Didn't test anything related to EVP_sha, so that probably doesnt work.)
Cross compiled for ARM and openssl 1.0.2j
LockOSThread() is not needed anywhere in spacemonkeygo. Using it is detrimental because:
Hi,
I am using spacemonkeygo openssl for openssl binding. I have tcp server running with fips mode set.
When I use Openssl version 1.0.2o, read request at server fails with following error under load (500 requests per second).
"Errored while reading request. Error: %vSSL errors: SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac"
Above error is not seen if fips mode is off. Also above error is not seen with 1.0.1 version (with or without fips mode).
Find attached sample server code using which I am able to reproduce issue.
Thanks,
Ajay
This openssl go package has been of great use to us so far in our project !!
However, in our product, we need openssl APIs for MD4 hash (unfortunately we use MSCHAPv2).
I have added required changes in my forked repo, and I am temporarily referencing that forked repo in our code-base. I would like to switch to the original repo (this one) instead of using a forked repo for all openssl calls.
I wish to know if it was okay to create a PR for opening up openssl MD4 APIs ? I realize MD4 is not widely used, but some projects (like us) are still using MD4. (I could also add MD5 hash along with it.) Please let me know.
I get the following when I get the package:
go get github.com/spacemonkeygo/openssl
/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:48: cannot use params (type *_Ctype_DH) as type *_Ctype_struct_dh_st in field value
/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:50: cannot use dhparams.dh (type *_Ctype_struct_dh_st) as type *_Ctype_DH in function argument
/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:61: cannot use dh.dh (type *_Ctype_struct_dh_st) as type *_Ctype_DH in function argument
Any time a C struct is allocated under a Go struct, a GC finalizer should be added to the Go struct with runtime.SetFinalizer
, unless "ownership" of the object passes to OpenSSL (which is hard to verify).
For this to work, Go objects need to maintain references to potentially GC-able objects, otherwise OpenSSL allocations still in use when GC runs will cause segfaults as in #10.
This can be made simpler for some objects with a 1:1 mapping by embedding C structs in Go objects and using OpenSSL's _init()
instead of _new()
functions, like done by the SHA implementation.
Examples:
EVP_PKEY_free
is called, but maybe needs to be tracked on Ctx when you call a UsePrivateKey()
function or set a key on a cert (in theory)why sha512() isn't exported ?,
btw, good work guys!
cgo marks all C calls as syscall causing scheduler to allocate a new thread everytime. This leads to scaling issues of applications, Is it possible to make the BIO as non blocking in which case most of the thread lock time will be highly optimized.
Hi, My name is Kim Jeong Jin.
I want to complie on windows 32bit environment, but it is not compile~
Is there a way to compile on window 32bit environment?
In https://github.com/spacemonkeygo/openssl/blob/master/cert.go you're using SHA-0. This standard was never used as collisions were found prior to ratifying it as a standard, please remove it from the code.
Context: OpenSSL 1.1 removed SHA-0 completely (as did LibreSSL). Building breaks on could not determine kind of name for C.EVP_sha
I've tried running http servers: plain, openssl and gotls with this small program: https://play.golang.org/p/lY41nYV_uG.
Benchmarking it I've got following numbers:
Plain HTTP: 72.5k rps
gotls: 45k rps
openssl: 24k
Is this expected or performance profile could be improved?
I have got a problem during command execution:
go get -u github.com/spacemonkeygo/openssl
and and errors i have got looks like that:
37: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE'
38: error: use of undeclared identifier 'X509_V_ERR_EXCLUDED_VIOLATION'
38: error: use of undeclared identifier 'X509_V_ERR_PERMITTED_VIOLATION'
38: error: use of undeclared identifier 'X509_V_ERR_DIFFERENT_CRL_SCOPE'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_NAME_SYNTAX'
38: error: use of undeclared identifier 'X509_V_ERR_CRL_PATH_VALIDATION_ERROR'
38: error: use of undeclared identifier 'X509_V_ERR_SUBTREE_MINMAX'
OpenSSL version: OpenSSL 0.9.8za 5 Jun 2014
OS Details:
Software:
System Software Overview:
System Version: OS X 10.10 (14A386b)
Kernel Version: Darwin 14.0.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: XXX
User Name: XXX
Secure Virtual Memory: Enabled
Time since boot: 19:05
While generating key via api call
openssl.GenerateECKey(), the generation is success
when decoding the key via asn1.1 i found there is no curve id in key asn1 dump.
When when i generate key using go or openssl, the key asn1 dump shows curve id.
I need to write my own wrapper function.
When I use a certificate chain in ListenAndServeTLS it doesn't seem to serve up any more than the first certificate. This works properly using the stdlib's ListenAndServeTLS.
/usr/local/bin/ld: $WORK/github.com/spacemonkeygo/openssl/_obj/cert.cgo2.o: undefined reference to symbol 'EVP_dss1'
//usr/local/lib/libcrypto.so.8: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
I'm trying to use this wrapper to generate x509v3 certificates (with v3-specific extensions), however I'm getting output of x509v1. The underlying openssl code has a function set_version()
that would enable me to specify that the certificates should be x509v3, but it is not exposed in this module.
I am using the openssl library to encrypt/decrypt data.
I have a Unit test to encrypt/decrypt empty data ( like: []byte("")
). It causes a panic as follows:
--- FAIL: TestEmptyEncryption (0.00s)
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range
goroutine 7 [running]:
testing.tRunner.func1(0xc42015c0f0)
/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:711 +0x2d2
panic(0x434b140, 0x45959f0)
/usr/local/Cellar/go/1.9.2/libexec/src/runtime/panic.go:491 +0x283
goef/vendor/github.com/spacemonkeygo/openssl.(*encryptionCipherCtx).EncryptUpdate(0xc42000e0b0, 0x45bf568, 0x0, 0x0, 0x20, 0xc4200146b0, 0x10, 0x10, 0x456b9a0)
/Users/rarayapr/go-workspace/src/goef/vendor/github.com/spacemonkeygo/openssl/ciphers.go:285 +0x21a
goef/pac.(*CryptObject).EncryptData(0xc42005e940, 0x45bf568, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x407ce96)
/Users/rarayapr/go-workspace/src/goef/pac/cipher.go:61 +0xe0
goef/pac.TestEmptyEncryption(0xc42015c0f0)
/Users/rarayapr/go-workspace/src/goef/pac/cipher_test.go:98 +0x150
testing.tRunner(0xc42015c0f0, 0x43c45f0)
/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:746 +0xd0
created by testing.(*T).Run
/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:789 +0x2de
exit status 2
must make an Authenticating on a SOAP server for client: http.Client = { } using digital .pfx certificate type , it is possible using spacemonkeygo / openssl .
Have any example?
Thanks
I'm building my application within a golang
docker container (which uses debian Jessie), but I'm getting the error could not determine kind of name for C.SSLv3_method
. I installed libopenssl-1.0.2e.
I'm quite new to go, any ideas what I'm doing wrong?
You can reproduce the problem with:
docker run -i -t golang /bin/bash
echo "deb http://httpredir.debian.org/debian stretch main" >> /etc/apt/sources.list
apt-get update
apt-get install -y libssl-dev pkg-config
go get github.com/spacemonkeygo/openssl
see the comment here: 20fdb1c#commitcomment-10036847
probably need a C wrapper around that function, as the C type checking is looser
I'm trying to encipher my data using this function (which is available here)
func (c *Crypter) Encrypt(input []byte) ([]byte, error) {
ctx, err := openssl.NewEncryptionCipherCtx(c.cipher, nil, c.key, c.iv)
if err != nil {
return nil, err
}
cipherbytes, err := ctx.EncryptUpdate(input)
if err != nil {
return nil, err
}
finalbytes, err := ctx.EncryptFinal()
if err != nil {
return nil, err
}
cipherbytes = append(cipherbytes, finalbytes...)
return cipherbytes, nil
}
But the result is not the same as if i try then openssl command.
So, Finally decryption doesn't work as well.
I think the problem went from the use of []byte key instead of string key.
Is there any plan to introduce support for PKCS7?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.