-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl FIPS_mode_set error #151
Comments
same issue @bimbimprasetyoafif , have you got any solution ? |
Nope, i just downgrade to ubuntu 20 to solve my problem, I thought there's no dependency for latest version. Beside, this repo has been no update since 2018 @nisarg0103 |
You need to downgrade your ubuntu version to 20 from 22... |
Now this comes in My macbook M1 chip |
See my untested pull request for a possible solution. |
same issue, is there any solution except downgrade ubuntu? |
FIPS_mode_set got removed in OpenSSL 3. |
Is there any solution for this error github.com/spacemonkeygo/openssl../../../go/pkg/mod/github.com/spacemonkeygo/[email protected]/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set |
@Rocky210 see my previous comment regarding deprecated symbols in OpenSSL3 here: #151 (comment) |
I need a clear demonstration for implementation ,could you please explain .
…On Wed, Apr 17, 2024 at 2:28 PM Huw Jones ***@***.***> wrote:
@Rocky210 <https://github.com/Rocky210> see my previous comment regarding
deprecated symbols in OpenSSL3 here: #151 (comment)
<#151 (comment)>
—
Reply to this email directly, view it on GitHub
<#151 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A5N6MQIXVJLOUGXBEPNR5JTY5Y2RTAVCNFSM5ULIZJ7KU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBWGA3TKMRQGA2Q>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I will do my best to explain what's changed, point you in the right direction and provide you with some untested code snippets. From the OpenSSL 3 manpage, gone are OpenSSL 3 introduced an architecture change with the introduction of library contexts and providers. I've just had a look at what we've got in our OpenSSL 3 fork and it appears we load the default provider on init. Because of how we use FIPS crypto in our product, we enable/disable FIPS mode on a VM level, so we do not do any programmatic loading. However, if I were to add support to our fork, I'd probably do something like in https://github.com/pexip/go-openssl/blob/master/provider.go func loadFIPSProvider() error {
defaultCtx = &LibraryContext{
ctx: nil, providers: make(map[string]*C.OSSL_PROVIDER), mu: &sync.Mutex{},
}
runtime.SetFinalizer(defaultCtx, func(c *LibraryContext) { c.finalise() })
if err := defaultCtx.LoadProvider("fips"); err != nil {
return fmt.Errorf("failed to load fips provider: %w", err)
}
if err := defaultCtx.LoadProvider("base"); err != nil {
return fmt.Errorf("failed to load base provider: %w", err)
}
return nil
} That snippet above roughly matches the spirit of the C example in the manpage. Then you'd have to fiddle with Something like this should do the trick func LoadFIPSProvider() error {
oldDefaultCtx := defaultCtx
oldDefaultCtx.finalize()
return loadFIPSProvider()
} |
i hope this repo not die yet. I face error when running my golang app that used this library.
it return
# github.com/spacemonkeygo/openssl ../../go/pkg/mod/github.com/spacemonkeygo/[email protected]/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set
my thought is the version of openssl, this library used and mine was different.
note: running on ubuntu 22.04, openssl 3.0.2
The text was updated successfully, but these errors were encountered: