gossl

package module
v0.0.0-...-956af9a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2021 License: MIT Imports: 13 Imported by: 0

README

gossl is a go library for interfacing with the venerable openssl library. It currently provides a dropin replacement for: crypto/sha512 crypto/sha256 crypto/sha crypto/aes (the aes 128, 192, and 256 ECB mode ciphers) crypto/tls.{Listener,LoadX509KeyPair}

Also included are a couple example command line utilities for hashing files and strings. They should run as fast as an equivalant c program (sha256sum). All of the openssl context api functions there. A new BIO has been created that allows OpenSSL to treat a go net.Conn the same way it would treat a raw socket connection, pretty neat!

Instructions

Make sure you have libssl-dev and libssl1.0.0 installed on your system. This is needed to link against openssl. This is a standard go package, so you should be able to just:

go install github.com/shanemhansen/gossl/examples/hashfile githum.com/shanemhansen/gossl/examples/hashstring

hashfile /etc/hosts
hashstring 'something'

go install github.com/shanemhansen/gossl/examples/...

testhttpserver -cert $somecert -key $somekey

Rationale

You might ask, "why create another crypto library?".

  • OpenSSL is a well audited and tested codebase.
  • Performance
  • Access to existing plugins/engines (cryptodev, gmp, af_alg)
  • More options for parsing exotic certificates and keys (including passphrase protected)
  • More ciphers and digests supported
  • OpenSSL provides more hooks (that we don't yet expose) for fine grained control of validation.
  • All TLS/SSL versions supported. (DTLS support coming soon)
  • Works better with buggy clients/servers. (For example ab chokes on crypto/tls based servers)

Unrationale

  • Requires CGO
  • Nowhere as elegant as crypto/tls
  • crypto/tls will probably catch up in terms of features and performance

Roadmap

Expose the complete OpenSSL api as well as making interoperability between crypto/tls and gossl possible. For example, you can use gossl to parse keys and certificates that crypto/tls can't handle yet. Connections are net.Conn's Listeners are net.Listener's, hashes and digests are... well you get the point.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Init 

func Init() int

Initialize the OpenSSL library. Takes care of several bookkeeping functions like populating error messages and cipher lists.

Types

type BIO 

type BIO struct {
	BIO *C.BIO
	// contains filtered or unexported fields
}

func NewBIO 

func NewBIO(method *BIOMethod) *BIO

func (*BIO) Ctrl 

func (bio *BIO) Ctrl(cmd int, larg int, data unsafe.Pointer) int

func (*BIO) GetAppData 

func (bio *BIO) GetAppData() *Conn

func (*BIO) GetBytes 

func (bio *BIO) GetBytes() []byte

func (*BIO) Read 

func (bio *BIO) Read(b []byte) int

Thin wrappers over OpenSSL bio. See BIO_read documentation for return value negative means error error message is gotten be calling ssl.getError()

func (*BIO) SetAppData 

func (bio *BIO) SetAppData(conn *Conn)

func (*BIO) Write 

func (bio *BIO) Write(b []byte) int

See BIO_write

type BIOMethod 

type BIOMethod struct {
	BIOMethod *C.BIO_METHOD
}

func BIOConn 

func BIOConn() *BIOMethod

func BIOSMem 

func BIOSMem() *BIOMethod

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

func NewClientConn 

func NewClientConn(ctx *Context, conn net.Conn) (*Conn, error)

create a new client connection

func NewServerConn 

func NewServerConn(ctx *Context, conn net.Conn) (*Conn, error)

create a new server connection

func (*Conn) Close 

func (self *Conn) Close() error

func (*Conn) Conn 

func (self *Conn) Conn() net.Conn

func (*Conn) Handshake 

func (self *Conn) Handshake() (err error)

func (*Conn) LocalAddr 

func (self *Conn) LocalAddr() net.Addr

func (*Conn) Read 

func (self *Conn) Read(b []byte) (int, error)

func (*Conn) RemoteAddr 

func (self *Conn) RemoteAddr() net.Addr

func (*Conn) SetDeadline 

func (self *Conn) SetDeadline(t time.Time) error

func (*Conn) SetReadDeadline 

func (self *Conn) SetReadDeadline(t time.Time) error

func (*Conn) SetWriteDeadline 

func (self *Conn) SetWriteDeadline(t time.Time) error

func (*Conn) Write 

func (self *Conn) Write(b []byte) (int, error)

type Context 

type Context struct {
	Ctx *C.SSL_CTX
}

func NewContext 

func NewContext(method *METHOD) *Context

func (*Context) AddClientCA 

func (self *Context) AddClientCA(cert *x509.Certificate) int

func (*Context) CheckPrivateKey 

func (self *Context) CheckPrivateKey() error

func (*Context) Ctrl 

func (self *Context) Ctrl(op int, op2 int, data unsafe.Pointer) int

func (*Context) FlushSessions 

func (self *Context) FlushSessions(t time.Time)

func (*Context) GetAppData 

func (self *Context) GetAppData() unsafe.Pointer

func (*Context) GetCertStore 

func (self *Context) GetCertStore() *x509.X509Store

func (*Context) GetOptions 

func (self *Context) GetOptions() int

func (*Context) GetQuietShuwdown 

func (self *Context) GetQuietShuwdown() int

func (*Context) GetTimeout 

func (self *Context) GetTimeout() time.Time

func (*Context) LoadVerifyLocations 

func (self *Context) LoadVerifyLocations(cafile, capath *string) int

func (*Context) SetAppData 

func (self *Context) SetAppData(data unsafe.Pointer)

func (*Context) SetCertStore 

func (self *Context) SetCertStore(store *x509.X509Store)

func (*Context) SetCipherList 

func (self *Context) SetCipherList(list string) int

func (*Context) SetClientCAList 

func (self *Context) SetClientCAList(names []x509.X509Name)

func (*Context) SetDefaultVerifyPaths 

func (self *Context) SetDefaultVerifyPaths() int

func (*Context) SetOptions 

func (self *Context) SetOptions(options Option)

func (*Context) SetPurpose 

func (self *Context) SetPurpose(purpose int) int

func (*Context) SetQuietShutdown 

func (self *Context) SetQuietShutdown(mode int)

func (*Context) SetSessionIdContext 

func (self *Context) SetSessionIdContext(ctx []byte)

func (*Context) SetTimeout 

func (self *Context) SetTimeout(t time.Time)

func (*Context) SetTrust 

func (self *Context) SetTrust(trust int) int

func (*Context) SetVerify 

func (self *Context) SetVerify(mode VerifyMode)

func (*Context) SetVerifyDepth 

func (self *Context) SetVerifyDepth(depth int)

func (*Context) UseCertificate 

func (self *Context) UseCertificate(cert *x509.Certificate) error

func (*Context) UseCertificateChainFile 

func (self *Context) UseCertificateChainFile(file string) error

func (*Context) UseCertificateFile 

func (self *Context) UseCertificateFile(file string, filetype FileType) error

func (*Context) UsePSKIdentityHint 

func (self *Context) UsePSKIdentityHint(hint string) int

func (*Context) UsePrivateKey 

func (self *Context) UsePrivateKey(key *evp.PKey) error

func (*Context) UsePrivateKeyFile 

func (self *Context) UsePrivateKeyFile(file string, filetype FileType) error

func (*Context) UseRSAPrivateKeyFile 

func (self *Context) UseRSAPrivateKeyFile(file string, filetype int) error

type FileType 

type FileType int
const (
	FileTypePem  FileType = C.SSL_FILETYPE_PEM
	FileTypeASN1 FileType = C.SSL_FILETYPE_ASN1
)

type Listener 

type Listener struct {
	net.Listener
	Context *Context
}

Listener is a net listener with a TLS context

func NewListener 

func NewListener(inner net.Listener, context *Context) (*Listener, error)

More OpenSSL'ish interface to create a listener

func (*Listener) Accept 

func (self *Listener) Accept() (net.Conn, error)

Accept a new connection and complete handshake. TODO: do handshake later, this blocks future accepts.

type METHOD 

type METHOD struct {
	// contains filtered or unexported fields
}

A set of functions for generating OpenSSL methods

func DTLSv1ClientMethod 

func DTLSv1ClientMethod() *METHOD

func DTLSv1Method 

func DTLSv1Method() *METHOD

DTLSv1, or TLS over Datagram (UDP)

func DTLSv1ServerMethod 

func DTLSv1ServerMethod() *METHOD

func SSLv23ClientMethod 

func SSLv23ClientMethod() *METHOD

func SSLv23Method 

func SSLv23Method() *METHOD

SSLv3 with fallback to v

func SSLv23ServerMethod 

func SSLv23ServerMethod() *METHOD

func SSLv3ClientMethod 

func SSLv3ClientMethod() *METHOD

func SSLv3Method 

func SSLv3Method() *METHOD

SSLv3 method

func SSLv3ServerMethod 

func SSLv3ServerMethod() *METHOD

func TLSv1ClientMethod 

func TLSv1ClientMethod() *METHOD

func TLSv1Method 

func TLSv1Method() *METHOD

TLSv1.0

func TLSv1ServerMethod 

func TLSv1ServerMethod() *METHOD

func TLSv1_1ClientMethod 

func TLSv1_1ClientMethod() *METHOD

func TLSv1_1Method 

func TLSv1_1Method() *METHOD

TLSv1.1

func TLSv1_1ServerMethod 

func TLSv1_1ServerMethod() *METHOD

func TLSv1_2ClientMethod 

func TLSv1_2ClientMethod() *METHOD

func TLSv1_2Method 

func TLSv1_2Method() *METHOD

TLSv1.2

func TLSv1_2ServerMethod 

func TLSv1_2ServerMethod() *METHOD

type Option 

type Option int64
const (
	OpNoCompression Option = C.SSL_OP_NO_COMPRESSION
)

type SSL 

type SSL struct {
	SSL *C.SSL
}

func NewSSL 

func NewSSL(context *Context) *SSL

func (*SSL) Free 

func (self *SSL) Free()

func (*SSL) Handshake 

func (self *SSL) Handshake() error

func (*SSL) Read 

func (self *SSL) Read(b []byte) (int, error)

func (*SSL) SetAcceptState 

func (self *SSL) SetAcceptState()

func (*SSL) SetBIO 

func (self *SSL) SetBIO(readbio *BIO, writebio *BIO)

func (*SSL) SetConnectState 

func (self *SSL) SetConnectState()

func (*SSL) Shutdown 

func (self *SSL) Shutdown() error

func (*SSL) Write 

func (self *SSL) Write(b []byte) (int, error)

type VerifyMode 

type VerifyMode int
const (
	VERIFY_NONE                 VerifyMode = C.SSL_VERIFY_NONE
	VERIFY_PEER                 VerifyMode = C.SSL_VERIFY_PEER
	VERIFY_FAIL_IF_NO_PEER_CERT VerifyMode = C.SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	VERIFY_CLIENT_ONCE          VerifyMode = C.SSL_VERIFY_CLIENT_ONCE
)

Source Files

View all Source files

Directories

Path Synopsis
Package compat contains helper methods to interoperate with crypto/tls in the case where you just want to use gossl for parsing exotic keys.
 Package compat contains helper methods to interoperate with crypto/tls in the case where you just want to use gossl for parsing exotic keys.
crypto
aes
Package aes implements AES128 ECB hashing
 Package aes implements AES128 ECB hashing
elliptic
Package elliptic implements several standard elliptic curves over prime fields.
 Package elliptic implements several standard elliptic curves over prime fields.
engine
Package engines provides an interface to the OpenSSL engines api.
 Package engines provides an interface to the OpenSSL engines api.
evp
package evp provides wrappers around OpenSSL's generic evp interfaces for symmetric/asymetric ciphers and digests
 package evp provides wrappers around OpenSSL's generic evp interfaces for symmetric/asymetric ciphers and digests
hmac
Package hmac provides an interface to the OpenSSL hmac api to be compatible with Go's stdlib api.
 Package hmac provides an interface to the OpenSSL hmac api to be compatible with Go's stdlib api.
md5
rand
Package rand implements a cryptographically secure pseudorandom number generator.
 Package rand implements a cryptographically secure pseudorandom number generator.
sha1
sha256
Package sha256 implements the SHA224 and SHA256 hash algorithms in FIPS 180-2.
 Package sha256 implements the SHA224 and SHA256 hash algorithms in FIPS 180-2.
sha512
x509
examples
bench_aes128
bench_sha256
decryptkey
hashfile
hashstring
testhttpserver

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.