The "performance" section in the documentation has not been updated since April 2014. Running the benchmarks today with go 1.7 and 1.8, it seems this library is slower than the stdlib in all but one benchmark (BenchmarkSHA256Large_*):

Go 1.8:

$ go version
go version go1.8.1 darwin/amd64
$ go test -bench=. -ldflags=-s
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
BenchmarkSHA256HMAC-4                     2000000           979 ns/op
BenchmarkSHA1Large_openssl-4                 2000       1161567 ns/op     902.72 MB/s
BenchmarkSHA1Large_stdlib-4                  1000       1125683 ns/op     931.50 MB/s
BenchmarkSHA1Small_openssl-4              1000000          1774 ns/op       0.56 MB/s
BenchmarkSHA1Small_stdlib-4              10000000           206 ns/op       4.85 MB/s
BenchmarkSHA256Large_openssl-4                500       2560554 ns/op     409.51 MB/s
BenchmarkSHA256Large_stdlib-4                 500       2934527 ns/op     357.32 MB/s
BenchmarkSHA256Small_openssl-4             500000          2017 ns/op       0.50 MB/s
BenchmarkSHA256Small_stdlib-4             5000000           286 ns/op       3.49 MB/s
BenchmarkStdlibThroughput-4                200000          7676 ns/op     133.40 MB/s
BenchmarkOpenSSLThroughput-4                50000         32563 ns/op      31.45 MB/s
BenchmarkStdlibOpenSSLThroughput-4         200000          8320 ns/op     123.07 MB/s
BenchmarkOpenSSLStdlibThroughput-4         300000          5981 ns/op     171.19 MB/s
PASS
ok      github.com/spacemonkeygo/openssl    104.153s

Go 1.7:

$ go version
go version go1.7.5 darwin/amd64
$ go test -bench=. -ldflags=-s
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
# github.com/spacemonkeygo/openssl
ld: warning: directory not found for option '-L/usr/local/opt/[email protected]/lib'
BenchmarkSHA256HMAC-4                     1000000          1352 ns/op
BenchmarkSHA1Large_openssl-4                 2000       1251402 ns/op     837.92 MB/s
BenchmarkSHA1Large_stdlib-4                  2000       1101072 ns/op     952.32 MB/s
BenchmarkSHA1Small_openssl-4               500000          2579 ns/op       0.39 MB/s
BenchmarkSHA1Small_stdlib-4              10000000           202 ns/op       4.93 MB/s
BenchmarkSHA256Large_openssl-4                500       2456446 ns/op     426.87 MB/s
BenchmarkSHA256Large_stdlib-4                 500       2891912 ns/op     362.59 MB/s
BenchmarkSHA256Small_openssl-4             500000          2962 ns/op       0.34 MB/s
BenchmarkSHA256Small_stdlib-4             5000000           277 ns/op       3.60 MB/s
BenchmarkStdlibThroughput-4                200000          6965 ns/op     147.01 MB/s
BenchmarkOpenSSLThroughput-4                50000         33866 ns/op      30.24 MB/s
BenchmarkStdlibOpenSSLThroughput-4         200000          6940 ns/op     147.53 MB/s
BenchmarkOpenSSLStdlibThroughput-4         200000          6994 ns/op     146.40 MB/s
PASS
ok      github.com/spacemonkeygo/openssl    97.231s

I get the following when I get the package:

go get github.com/spacemonkeygo/openssl

github.com/spacemonkeygo/openssl

/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:48: cannot use params (type *_Ctype_DH) as type *_Ctype_struct_dh_st in field value
/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:50: cannot use dhparams.dh (type *_Ctype_struct_dh_st) as type *_Ctype_DH in function argument
/root/go/src/github.com/spacemonkeygo/openssl/dhparam.go:61: cannot use dh.dh (type *_Ctype_struct_dh_st) as type *_Ctype_DH in function argument

Hi ,
How can I sign an input with EVP in golang with this library ?

Like this link...
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying

Hi:
I Have a ssl accelerator hardware .
How to use this API to coding for hardware supported.

I know openssl.EngineById("cavium"), but I need more detail about how to used it

Thanks.

I've tried running http servers: plain, openssl and gotls with this small program: https://play.golang.org/p/lY41nYV_uG.

Benchmarking it I've got following numbers:
Plain HTTP: 72.5k rps
gotls: 45k rps
openssl: 24k

Is this expected or performance profile could be improved?

I tried to implement ssl tls ticket feature. But haven't enough skill.
So can someone help me with it. Any examples will be good. I stack with callback function implementation in cgo.
I'm talking about this: https://www.openssl.org/docs/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html

Thank you.

I opened pull request #56 to fix the build on OSX by using the "brew" build tag, but the tests don't pass.

The TestOpenSSLSimple and other tests which exercise SSL handshaking fail on OSX. Not sure why. SSH_get_error returns SSL_ERROR_SSL, but ERR_get_error returns 0. I don't see any other indication why the ssl handshake is failing.

I'm using el capitan and golang 1.6.2. Tests pass normally on debian.

I have a problem building mongodb using linuxbrew. It crashes when it tries to build this module.

Building bsondump...
# github.com/spacemonkeygo/openssl
vendor/src/github.com/spacemonkeygo/openssl/net.go:121: conn.setSession undefined (type *Conn has no field or method setSession)
vendor/src/github.com/spacemonkeygo/openssl/net.go:128: conn.SetTlsExtHostName undefined (type *Conn has no field or method SetTlsExtHostName)

Do you have any idea what's causing the problem?

See this related issue for full log: https://github.com/Linuxbrew/homebrew-core/issues/1892

We know, we know.

Just filing this ticket so people can track our progress on fixing this.

does support dlls?

I'm trying to add Travis support, but some of the tests fail:

=== RUN TestGCM
--- FAIL: TestGCM (0.00 seconds)
    ciphers_test.go:154: Decryption with b=256: Failed to add authenticated data: failed to add additional authenticated data
=== RUN TestGCMWithNoAAD
--- FAIL: TestGCMWithNoAAD (0.00 seconds)
    ciphers_test.go:172: Decryption failure: Failed to perform a decryption: failed to decrypt
=== RUN TestBadTag
--- FAIL: TestBadTag (0.00 seconds)
    ciphers_test.go:198: Decryption failure: Failed to perform a decryption: failed to decrypt
=== RUN TestBadCiphertext
--- FAIL: TestBadCiphertext (0.00 seconds)
    ciphers_test.go:224: Decryption failure: Failed to add authenticated data: failed to add additional authenticated data
=== RUN TestBadAAD
--- FAIL: TestBadAAD (0.00 seconds)
    ciphers_test.go:250: Decryption failure: Failed to add authenticated data: failed to add additional authenticated data

The travis-ci.org boxes are running Ubuntu 12.04. I installed libssl-dev as a dependency.

Tests do not fail on my own Ubuntu 14.04 VM. I'm setting up a 12.04 VM to debug.

Hi, My name is Kim Jeong Jin.

I want to complie on windows 32bit environment, but it is not compile~

Is there a way to compile on window 32bit environment?

While generating key via api call
openssl.GenerateECKey(), the generation is success
when decoding the key via asn1.1 i found there is no curve id in key asn1 dump.

When when i generate key using go or openssl, the key asn1 dump shows curve id.

I need to write my own wrapper function.

I can't seem to get a server that is run with server := &http.Server{...}; server.Serve(theOpensslListener) to serve http2. I've tried setting TLSNextProto to nil and to call http2.ConfigureServer etc, which works when not going through openssl's listener. Any suggestions? Thanks!

I'm building my application within a golang docker container (which uses debian Jessie), but I'm getting the error could not determine kind of name for C.SSLv3_method. I installed libopenssl-1.0.2e.

I'm quite new to go, any ideas what I'm doing wrong?

You can reproduce the problem with:

docker run -i -t golang /bin/bash
echo "deb http://httpredir.debian.org/debian stretch main" >> /etc/apt/sources.list
apt-get update
apt-get install -y libssl-dev pkg-config
go get github.com/spacemonkeygo/openssl

why sha512() isn't exported ?,
btw, good work guys!

LockOSThread() is not needed anywhere in spacemonkeygo. Using it is detrimental because:

• in case of high load, with many opened connections, the Golang runtime creates a lot of Kernel threads. For example hundreds or even thousands of threads even if the number of processors is 24 for example. Reason is given here https://golang.org/pkg/runtime/debug/#SetMaxThreads: "A Go program creates a new thread only when a goroutine is ready to run but all the existing threads are blocked in system calls, cgo calls, or are locked to other goroutines due to use of runtime.LockOSThread.". These goes against the power of Golang: multiplexing tens of thousands of goroutines over a very small number of threads.
• minor performance degradation (see for ex. golang/go#21827)

cgo marks all C calls as syscall causing scheduler to allocate a new thread everytime. This leads to scaling issues of applications, Is it possible to make the BIO as non blocking in which case most of the thread lock time will be highly optimized.

In https://github.com/spacemonkeygo/openssl/blob/master/cert.go you're using SHA-0. This standard was never used as collisions were found prior to ratifying it as a standard, please remove it from the code.

Context: OpenSSL 1.1 removed SHA-0 completely (as did LibreSSL). Building breaks on could not determine kind of name for C.EVP_sha

Unless I'm mistaken, this module does not wrap the OpenSSL library function for enabling FIPS mode. Since this is the only OpenSSL binding library of which I'm aware for golang, it would be really great to be able to have this function available. For reference:

https://wiki.openssl.org/index.php/FIPS_mode_set%28%29

CGO_LDFLAGS="-g" "-O2" "-lssl" "-lcrypto" /usr/lib/golang/pkg/tool/linux_amd64/cgo -objdir $WORK/github.com/spacemonkeygo/openssl/_obj/ -importpath github.com/spacemonkeygo/openssl -- -I $WORK/github.com/spacemonkeygo/openssl/_obj/ bio.go build.go cert.go ciphers.go ciphers_gcm.go conn.go ctx.go dhparam.go digest.go engine.go hostname.go init.go init_posix.go key.go old_openssl_compat.go sha1.go sha256.go ssl.go tickets.go
# github.com/spacemonkeygo/openssl
could not determine kind of name for C.EVP_sha

Happens with libressl 2.3.2.

I have got a problem during command execution:

go get -u github.com/spacemonkeygo/openssl

and and errors i have got looks like that:

37: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE'
38: error: use of undeclared identifier 'X509_V_ERR_EXCLUDED_VIOLATION'
38: error: use of undeclared identifier 'X509_V_ERR_PERMITTED_VIOLATION'
38: error: use of undeclared identifier 'X509_V_ERR_DIFFERENT_CRL_SCOPE'
38: error: use of undeclared identifier 'X509_V_ERR_UNSUPPORTED_NAME_SYNTAX'
38: error: use of undeclared identifier 'X509_V_ERR_CRL_PATH_VALIDATION_ERROR'
38: error: use of undeclared identifier 'X509_V_ERR_SUBTREE_MINMAX'

OpenSSL version: OpenSSL 0.9.8za 5 Jun 2014

OS Details:

Software:

    System Software Overview:

      System Version: OS X 10.10 (14A386b)
      Kernel Version: Darwin 14.0.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      Computer Name: XXX
      User Name: XXX
      Secure Virtual Memory: Enabled
      Time since boot: 19:05

This is probably related to issue #19

I have the following method:

func (s myConf) Verify(data []byte, sig []byte) (bool, error) {
    digest, err := openssl.SHA256(data)
    if err != nil {
        return false, err
    }

    if err := (*(s.public)).VerifyPKCS1v15(openssl.SHA256_Method, digest[:], signature); err != nil {
        return false, err
    } else {
        return true, nil
    }
}

I just recently noticed that my unit tests usually pass, though occasionally they will fail with the error:

verifypkcs1v15: failed to finalize verify

Maybe every 3rd or 4th time I run it is fails. If I click run again, it will pass.

I'm working on implementing elliptic curve cryptography using OpenSSL and I borrowed a lot of code from ciphers.go. While testing my own project, I noticed that while initializing the decryption context using the NewDecryptionCipherCtx function and "aes-256-cbc" as the cipher, it wouldn't do the decryption properly even though the IV, key and the ciphertext were as expected. Further investigation revealed that this was because of EVP_EncryptInit_ex function on line 156 of ciphers.go.

My solution to the problem was adding a new variable called do to the function which would determine whether the intended operation is encryption or decryption and do everything accordingly. More here: https://github.com/ishbir/elliptic/blob/master/ciphers.go#L123

I think that the same fix should be made in this package.

./bio.go:40:1: error: variable 'writeBioMethod' has initializer but incomplete type
static BIO_METHOD writeBioMethod = {
^
./bio.go:54:1: error: variable 'readBioMethod' has initializer but incomplete type
static BIO_METHOD readBioMethod = {
^

What is the problem?Thanks!

reproducable code: http://paste.ubuntu.com/8450867/

When provided with a valid certificate, bundle and key , the pasted code works fine on Go 1.2.2, but crashes on 1.3 and 1.3.2 .

Crashdump: http://pastie.org/private/eszbzktmuyk5o1fgztc6nw

Each time it manages to get 5 to 10 requests out before crashing.

To reproduce, run the following :

go build reproduce.go && sudo ./reproduce -cert=/path/to/cert.crt -key=/path/to/key.key -bundle=/path/to/bundle.crt
on another window.
openssl s_client -connect 127.0.0.1:443 -CApath /etc/ssl/certs
This command successfully validates the cert now that we have the chain added.. but...
Run this about 5 to 10 times and it should crash the server...

My environment
Ubuntu 14.04 (3.13.0-34-generic)
libssl-dev:amd64 1.0.1f-1ubuntu2.5

I am using the openssl library to encrypt/decrypt data.

I have a Unit test to encrypt/decrypt empty data ( like: []byte("") ). It causes a panic as follows:

--- FAIL: TestEmptyEncryption (0.00s)
panic: runtime error: index out of range [recovered]
	panic: runtime error: index out of range

goroutine 7 [running]:
testing.tRunner.func1(0xc42015c0f0)
	/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:711 +0x2d2
panic(0x434b140, 0x45959f0)
	/usr/local/Cellar/go/1.9.2/libexec/src/runtime/panic.go:491 +0x283
goef/vendor/github.com/spacemonkeygo/openssl.(*encryptionCipherCtx).EncryptUpdate(0xc42000e0b0, 0x45bf568, 0x0, 0x0, 0x20, 0xc4200146b0, 0x10, 0x10, 0x456b9a0)
	/Users/rarayapr/go-workspace/src/goef/vendor/github.com/spacemonkeygo/openssl/ciphers.go:285 +0x21a
goef/pac.(*CryptObject).EncryptData(0xc42005e940, 0x45bf568, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x407ce96)
	/Users/rarayapr/go-workspace/src/goef/pac/cipher.go:61 +0xe0
goef/pac.TestEmptyEncryption(0xc42015c0f0)
	/Users/rarayapr/go-workspace/src/goef/pac/cipher_test.go:98 +0x150
testing.tRunner(0xc42015c0f0, 0x43c45f0)
	/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:746 +0xd0
created by testing.(*T).Run
	/usr/local/Cellar/go/1.9.2/libexec/src/testing/testing.go:789 +0x2de
exit status 2

Based on the code comment here: https://github.com/spacemonkeygo/openssl/blob/master/http.go#L51

... it seems that an HTTP client is not implemented. Are there any known/recommended HTTP clients that can accept/embed the connection object created by this library? I do not need all of the functionality of the standard lib, just need to make REST calls against a secure service.

I'm trying to encipher my data using this function (which is available here)

func (c *Crypter) Encrypt(input []byte) ([]byte, error) {
  ctx, err := openssl.NewEncryptionCipherCtx(c.cipher, nil, c.key, c.iv)
  if err != nil {
    return nil, err
  }

  cipherbytes, err := ctx.EncryptUpdate(input)
  if err != nil {
    return nil, err
  }

  finalbytes, err := ctx.EncryptFinal()
  if err != nil {
    return nil, err
  }

  cipherbytes = append(cipherbytes, finalbytes...)
  return cipherbytes, nil
}

But the result is not the same as if i try then openssl command.
So, Finally decryption doesn't work as well.

I think the problem went from the use of []byte key instead of string key.

Hi,

It seems to be good to change listener to Listener in https://github.com/spacemonkeygo/openssl/blob/master/net.go#L22. It will be useful for extend listener. For example add custom timeouts:

type BalancerListener struct {
    openssl.Listener
    ReadTimeout  time.Duration
    WriteTimeout time.Duration
    TCPkeepAlivePeriod time.Duration
}

func (bl *BalancerListener) Accept() (c net.Conn, err error) {

    conn, err := bl.Listener.Accept()
    if err != nil {
        return
    }

    conn.SetReadDeadline(time.Now().Add(bl.ReadTimeout))
    conn.SetWriteDeadline(time.Now().Add(bl.WriteTimeout))

    return conn, nil
}

HI
I couldn't found any api about session or ticket to get or set .
Cause the openssl use it's own builtin cache .
I want to build a center of session cache for ssl compute cluster.

When I use a certificate chain in ListenAndServeTLS it doesn't seem to serve up any more than the first certificate. This works properly using the stdlib's ListenAndServeTLS.

I am using the latest spacemonkeygo/openssl as of today. My code is as follows:

    cfg := &tls.Config{
            MinVersion:               tls.VersionTLS12,
            CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
            PreferServerCipherSuites: true,
            ClientAuth:               clientAuth,
            ClientCAs:                clientCertPool,
            CipherSuites: []uint16{
                    tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
                    tls.TLS_RSA_WITH_AES_256_CBC_SHA,
            },
    }
    cfg.Rand = rand.Reader

    srv := &http.Server{
                   Addr: ":" + httpsPort,
                   Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
                                    // some proprietary stuff

                                    handler.ServeHTTP(w, req)
                            }),
                            TLSConfig:    cfg,
                            TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
       }
       log.Fatal(openssl.ServerListenAndServeTLS(srv, certFile, pkeyFile))

As you can see, MinVersion is set to TLS 1.2 and I also specified a narrow set of CipherSuites. However, sslscan shows that TLS1.0-1.2 are all accepted:
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits SEED-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Preferred TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits SEED-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Preferred TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits SEED-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits DES-CBC3-SHA

I have further verified that calling srv.ListenAndServeTLS(certFile, pkeyFile) instead works as expected and only TLS 1.2 ciphers are returned:
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-521 DHE 521
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA

FYI I need to use spacemonkeygo openssl pkg as I need FIPS mode support.

The connections in Spacemonkey openssl wrapper makes use of cgo calls and this is an issue because it leads to massive number of threads for simultaneous ssl connections. cgo marks all C code as syscall causing scheduler to allocate a new thread if needed. Can this be addressed ?

Any time a C struct is allocated under a Go struct, a GC finalizer should be added to the Go struct with runtime.SetFinalizer, unless "ownership" of the object passes to OpenSSL (which is hard to verify).

For this to work, Go objects need to maintain references to potentially GC-able objects, otherwise OpenSSL allocations still in use when GC runs will cause segfaults as in #10.

This can be made simpler for some objects with a 1:1 mapping by embedding C structs in Go objects and using OpenSSL's _init() instead of _new() functions, like done by the SHA implementation.

Examples:

• EVP_PKEY_free is called, but maybe needs to be tracked on Ctx when you call a UsePrivateKey() function or set a key on a cert (in theory)
• When you add a certificate to a context or certificate store, the certificate must be both added to the C structure and the Go object.

see the comment here: 20fdb1c#commitcomment-10036847

probably need a C wrapper around that function, as the C type checking is looser

Making this bug report on request of rfjakob/gocryptfs#15 (comment)

OS X no longer ships openssl as of OS X 10.11, and as such an installed version of openssl is probably new enough to support GCM, but they are not built in this project so long as the platform is darwin ala
https://github.com/spacemonkeygo/openssl/blob/master/ciphers_gcm.go#L15
with no checks made to see if the installed openssl provides support or not.

Personally I have OpenSSL 1.0.2e installed on OS X 10.11.2 and removing the "!darwin" from that linked file allows these bindings to continue to build just fine

Is there any plan to introduce support for PKCS7?

代码里没有定义SSL_OP_ALL，是否已默认设置？如果没有默认设置，请开发者们添加上吧？

Hi,

I am using spacemonkeygo openssl for openssl binding. I have tcp server running with fips mode set.
When I use Openssl version 1.0.2o, read request at server fails with following error under load (500 requests per second).
"Errored while reading request. Error: %vSSL errors: SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac"

Above error is not seen if fips mode is off. Also above error is not seen with 1.0.1 version (with or without fips mode).

Find attached sample server code using which I am able to reproduce issue.

Thanks,
Ajay

The documentation lack of examples on how to generate certificates.
I tried to generate a signed p12 but i was unable to do that.
I also started a stackoverflow post on it but no one has replied, so probably no one know how to do that, some examples are definitely necessary.

/tmp/go-build226287687/github.com/superchalupa/go-redfish/vendor/github.com/spacemonkeygo/openssl/_obj/shim.o: In function X_EVP_sha': vendor/github.com/spacemonkeygo/openssl/shim.c:258: undefined reference to EVP_sha'

I had to #if 0 out these couple of lines to get it to compile. After that, everything worked ok (Didn't test anything related to EVP_sha, so that probably doesnt work.)

Cross compiled for ARM and openssl 1.0.2j

I'm trying to use this wrapper to generate x509v3 certificates (with v3-specific extensions), however I'm getting output of x509v1. The underlying openssl code has a function set_version() that would enable me to specify that the certificates should be x509v3, but it is not exposed in this module.

I created multiple *openssl.Ctx. When one goes out of scope, the finalizer tries to free a bunch of stuff including the *openssl.Certificate associated with that context (https://github.com/spacemonkeygo/openssl/blob/master/cert.go#L326). My program keeps crashing and it seems like the finalizer is being called twice. The workaround is to never let the openssl.Ctx go out of scope. The following is the relevant crash error:

main(97262,0xb0104000) malloc: *** error for object 0x5216a20: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
SIGABRT: abort
PC=0x7fff8da09286
signal arrived during cgo execution

goroutine 19 [syscall]:
runtime.cgocall(0x4002560, 0x46f4f10)
    /usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/cgocall.c:143 +0xe5 fp=0x46f4ef8 sp=0x46f4eb0
github.com/spacemonkeygo/openssl._Cfunc_X509_free(0x52152d0)
    github.com/spacemonkeygo/openssl/_obj/_cgo_defun.c:1460 +0x31 fp=0x46f4f10 sp=0x46f4ef8
github.com/spacemonkeygo/openssl.func·007(0xc208085980)
    /Users/i/proj/src/github.com/spacemonkeygo/openssl/cert.go:327 +0x2a fp=0x46f4f20 sp=0x46f4f10
runtime.call16(0x446ade8, 0xc2080003d0, 0x1000000010)
    /usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/asm_amd64.s:360 +0x32 fp=0x46f4f38 sp=0x46f4f20
runfinq()
    /usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/mgc0.c:2682 +0x207 fp=0x46f4fa8 sp=0x46f4f38
runtime.goexit()
    /usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/proc.c:1445 fp=0x46f4fb0 sp=0x46f4fa8
created by runtime.gc
    /usr/local/Cellar/go/1.3.1/libexec/src/pkg/runtime/mgc0.c:2268

must make an Authenticating on a SOAP server for client: http.Client = { } using digital .pfx certificate type , it is possible using spacemonkeygo / openssl .
Have any example?

Thanks

I can not find any explanation to the error as Ctx is clearly defined in ctx.go. This only happens when GOOS=windows and or GOARCH=386. Trying with latest 1.10.2 golang:

dmagyar@dmtest:~/go/ossl$ GOOS=windows GOARCH=amd64 go get github.com/spacemonkeygo/openssl
# github.com/spacemonkeygo/openssl
../src/github.com/spacemonkeygo/openssl/net.go:24:7: undefined: Ctx
dmagyar@dmtest:~/go/ossl$ GOOS=linux GOARCH=amd64 go get github.com/spacemonkeygo/openssl
dmagyar@dmtest:~/go/ossl$ GOOS=linux GOARCH=386 go get github.com/spacemonkeygo/openssl
# github.com/spacemonkeygo/openssl
../src/github.com/spacemonkeygo/openssl/net.go:24:7: undefined: Ctx
dmagyar@dmtest:~/go/ossl$

Any ideas what this could be?

This openssl go package has been of great use to us so far in our project !!

However, in our product, we need openssl APIs for MD4 hash (unfortunately we use MSCHAPv2).
I have added required changes in my forked repo, and I am temporarily referencing that forked repo in our code-base. I would like to switch to the original repo (this one) instead of using a forked repo for all openssl calls.

I wish to know if it was okay to create a PR for opening up openssl MD4 APIs ? I realize MD4 is not widely used, but some projects (like us) are still using MD4. (I could also add MD5 hash along with it.) Please let me know.

I found this package only support fewer ciphers as below:
openssl.SetCiphers("ALL")

Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing CAMELLIA128-SHA...YES
Testing DES-CBC3-SHA...YES

the morden configuration about ssl_ciphers list as below:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-S128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-A:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

So what should I do ?