Open bimbimprasetyoafif opened 2 years ago
same issue @bimbimprasetyoafif , have you got any solution ?
same issue @bimbimprasetyoafif , have you got any solution ?
Nope, i just downgrade to ubuntu 20 to solve my problem, I thought there's no dependency for latest version. Beside, this repo has been no update since 2018 @nisarg0103
You need to downgrade your ubuntu version to 20 from 22...
Now this comes in My macbook M1 chip
See my untested pull request for a possible solution. https://github.com/spacemonkeygo/openssl/pull/154
same issue, is there any solution except downgrade ubuntu?
FIPS_mode_set got removed in OpenSSL 3. There is an OpenSSL 3 only fork that doesn't use deprecated symbols here: https://github.com/pexip/go-openssl
Is there any solution for this error
../../../go/pkg/mod/github.com/spacemonkeygo/openssl@v0.0.0-20181017203307-c2dcc5cca94a/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set
@Rocky210 see my previous comment regarding deprecated symbols in OpenSSL3 here: https://github.com/spacemonkeygo/openssl/issues/151#issuecomment-1828163438
I need a clear demonstration for implementation ,could you please explain .
On Wed, Apr 17, 2024 at 2:28 PM Huw Jones @.***> wrote:
@Rocky210 https://github.com/Rocky210 see my previous comment regarding deprecated symbols in OpenSSL3 here: #151 (comment) https://github.com/spacemonkeygo/openssl/issues/151#issuecomment-1828163438
— Reply to this email directly, view it on GitHub https://github.com/spacemonkeygo/openssl/issues/151#issuecomment-2060752005, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5N6MQIXVJLOUGXBEPNR5JTY5Y2RTAVCNFSM5ULIZJ7KU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBWGA3TKMRQGA2Q . You are receiving this because you were mentioned.Message ID: @.***>
I need a clear demonstration for implementation ,could you please explain .
I will do my best to explain what's changed, point you in the right direction and provide you with some untested code snippets.
From the OpenSSL 3 manpage, gone are FIPS_mode()
and FIPS_mode_set()
, hence this issue. They do not exist, you cannot call them.
OpenSSL 3 introduced an architecture change with the introduction of library contexts and providers. If no provider is loaded and cryptographic functions are called, the "default" provider will be loaded. Therefore users requiring programmatic enabling of the FIPS module should load the fips provider into the default library context before performing any crypto operations.
I've just had a look at what we've got in our OpenSSL 3 fork and it appears we load the default provider on init. https://github.com/pexip/go-openssl/blob/master/init.go#L108 https://github.com/pexip/go-openssl/blob/60019a99ece1aea7302abbb6b9a6157252bac72a/provider.go#L26-L31
Because of how we use FIPS crypto in our product, we enable/disable FIPS mode on a VM level, so we do not do any programmatic loading. However, if I were to add support to our fork, I'd probably do something like in https://github.com/pexip/go-openssl/blob/master/provider.go
func loadFIPSProvider() error {
defaultCtx = &LibraryContext{
ctx: nil, providers: make(map[string]*C.OSSL_PROVIDER), mu: &sync.Mutex{},
}
runtime.SetFinalizer(defaultCtx, func(c *LibraryContext) { c.finalise() })
if err := defaultCtx.LoadProvider("fips"); err != nil {
return fmt.Errorf("failed to load fips provider: %w", err)
}
if err := defaultCtx.LoadProvider("base"); err != nil {
return fmt.Errorf("failed to load base provider: %w", err)
}
return nil
}
That snippet above roughly matches the spirit of the C example in the manpage.
Then you'd have to fiddle with init.go/init
to either not load the default provider, thereby forcing the user to, or alternatively provide a function to unload the preloaded providers in the library context and re-initialise the default library context with the fips one.
Something like this should do the trick
func LoadFIPSProvider() error {
oldDefaultCtx := defaultCtx
oldDefaultCtx.finalize()
return loadFIPSProvider()
}
i hope this repo not die yet. I face error when running my golang app that used this library. it return
# github.com/spacemonkeygo/openssl ../../go/pkg/mod/github.com/spacemonkeygo/openssl@v0.0.0-20181017203307-c2dcc5cca94a/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set
my thought is the version of openssl, this library used and mine was different.note: running on ubuntu 22.04, openssl 3.0.2