1676124181

Committed 18 Feb 2025 09:25AM UTC coverage: 51.177% (-1.0%) from 52.175%

Build # 1676124181

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #39 from mendersoftware/QA-814-add-dependabot

QA-814: Add dependabot configuration

Run Details

1435 of 2804 relevant lines covered (51.18%)

2313.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

14.29

/init.go

// Copyright (C) 2017. See AUTHORS.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

/*
Package openssl is a light wrapper around OpenSSL for Go.

It strives to provide a near-drop-in replacement for the Go standard library
tls package, while allowing for:

# Performance

OpenSSL is battle-tested and optimized C. While Go's built-in library shows
great promise, it is still young and in some places, inefficient. This simple
OpenSSL wrapper can often do at least 2x with the same cipher and protocol.

On my lappytop, I get the following benchmarking speeds:

        BenchmarkSHA1Large_openssl      1000  2611282 ns/op  401.56 MB/s
        BenchmarkSHA1Large_stdlib        500  3963983 ns/op  264.53 MB/s
        BenchmarkSHA1Small_openssl   1000000     3476 ns/op    0.29 MB/s
        BenchmarkSHA1Small_stdlib    5000000      550 ns/op    1.82 MB/s
        BenchmarkSHA256Large_openssl     200  8085314 ns/op  129.69 MB/s
        BenchmarkSHA256Large_stdlib      100 18948189 ns/op   55.34 MB/s
        BenchmarkSHA256Small_openssl 1000000     4262 ns/op    0.23 MB/s
        BenchmarkSHA256Small_stdlib  1000000     1444 ns/op    0.69 MB/s
        BenchmarkOpenSSLThroughput    100000    21634 ns/op   47.33 MB/s
        BenchmarkStdlibThroughput      50000    58974 ns/op   17.36 MB/s

# Interoperability

Many systems support OpenSSL with a variety of plugins and modules for things,
such as hardware acceleration in embedded devices.

# Greater flexibility and configuration

OpenSSL allows for far greater configuration of corner cases and backwards
compatibility (such as support of SSLv2). You shouldn't be using SSLv2 if you
can help but, but sometimes you can't help it.

# Security

Yeah yeah, Heartbleed. But according to the author of the standard library's
TLS implementation, Go's TLS library is vulnerable to timing attacks. And
whether or not OpenSSL received the appropriate amount of scrutiny
pre-Heartbleed, it sure is receiving it now.

# Usage

Starting an HTTP server that uses OpenSSL is very easy. It's as simple as:

        log.Fatal(openssl.ListenAndServeTLS(
              ":8443", "my_server.crt", "my_server.key", myHandler))

Getting a net.Listener that uses OpenSSL is also easy:

        ctx, err := openssl.NewCtxFromFiles("my_server.crt", "my_server.key")
        if err != nil {
                log.Fatal(err)
        }
        l, err := openssl.Listen("tcp", ":7777", ctx)

Making a client connection is straightforward too:

        ctx, err := NewCtx()
        if err != nil {
                log.Fatal(err)
        }
        err = ctx.LoadVerifyLocations("/etc/ssl/certs/ca-certificates.crt", "")
        if err != nil {
                log.Fatal(err)
        }
        conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0)

Help wanted: To get this library to work with net/http's client, we
had to fork net/http. It would be nice if an alternate http client library
supported the generality needed to use OpenSSL instead of crypto/tls.
*/
package openssl

// #include "shim.h"
import "C"

import (
        "errors"
        "fmt"
        "strings"
)

func init() {
        if rc := C.X_shim_init(); rc != 0 {
                panic(fmt.Errorf("X_shim_init failed with %d", rc))
        }
}

// errorFromErrorQueue needs to run in the same OS thread as the operation
// that caused the possible error
func errorFromErrorQueue() error {
        var errs []string
        for {
                err := C.ERR_get_error()
                if err == 0 {
                        break
                }
                errs = append(errs, fmt.Sprintf("%s:%s:%s",
                        C.GoString(C.ERR_lib_error_string(err)),
                        C.GoString(C.ERR_func_error_string(err)),
                        C.GoString(C.ERR_reason_error_string(err))))
        }
        return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n")))
}

1	// Copyright (C) 2017. See AUTHORS.
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	/*
16	Package openssl is a light wrapper around OpenSSL for Go.
17
18	It strives to provide a near-drop-in replacement for the Go standard library
19	tls package, while allowing for:
20
21	# Performance
22
23	OpenSSL is battle-tested and optimized C. While Go's built-in library shows
24	great promise, it is still young and in some places, inefficient. This simple
25	OpenSSL wrapper can often do at least 2x with the same cipher and protocol.
26
27	On my lappytop, I get the following benchmarking speeds:
28
29	BenchmarkSHA1Large_openssl 1000 2611282 ns/op 401.56 MB/s
30	BenchmarkSHA1Large_stdlib 500 3963983 ns/op 264.53 MB/s
31	BenchmarkSHA1Small_openssl 1000000 3476 ns/op 0.29 MB/s
32	BenchmarkSHA1Small_stdlib 5000000 550 ns/op 1.82 MB/s
33	BenchmarkSHA256Large_openssl 200 8085314 ns/op 129.69 MB/s
34	BenchmarkSHA256Large_stdlib 100 18948189 ns/op 55.34 MB/s
35	BenchmarkSHA256Small_openssl 1000000 4262 ns/op 0.23 MB/s
36	BenchmarkSHA256Small_stdlib 1000000 1444 ns/op 0.69 MB/s
37	BenchmarkOpenSSLThroughput 100000 21634 ns/op 47.33 MB/s
38	BenchmarkStdlibThroughput 50000 58974 ns/op 17.36 MB/s
39
40	# Interoperability
41
42	Many systems support OpenSSL with a variety of plugins and modules for things,
43	such as hardware acceleration in embedded devices.
44
45	# Greater flexibility and configuration
46
47	OpenSSL allows for far greater configuration of corner cases and backwards
48	compatibility (such as support of SSLv2). You shouldn't be using SSLv2 if you
49	can help but, but sometimes you can't help it.
50
51	# Security
52
53	Yeah yeah, Heartbleed. But according to the author of the standard library's
54	TLS implementation, Go's TLS library is vulnerable to timing attacks. And
55	whether or not OpenSSL received the appropriate amount of scrutiny
56	pre-Heartbleed, it sure is receiving it now.
57
58	# Usage
59
60	Starting an HTTP server that uses OpenSSL is very easy. It's as simple as:
61
62	log.Fatal(openssl.ListenAndServeTLS(
63	":8443", "my_server.crt", "my_server.key", myHandler))
64
65	Getting a net.Listener that uses OpenSSL is also easy:
66
67	ctx, err := openssl.NewCtxFromFiles("my_server.crt", "my_server.key")
68	if err != nil {
69	log.Fatal(err)
70	}
71	l, err := openssl.Listen("tcp", ":7777", ctx)
72
73	Making a client connection is straightforward too:
74
75	ctx, err := NewCtx()
76	if err != nil {
77	log.Fatal(err)
78	}
79	err = ctx.LoadVerifyLocations("/etc/ssl/certs/ca-certificates.crt", "")
80	if err != nil {
81	log.Fatal(err)
82	}
83	conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0)
84
85	Help wanted: To get this library to work with net/http's client, we
86	had to fork net/http. It would be nice if an alternate http client library
87	supported the generality needed to use OpenSSL instead of crypto/tls.
88	*/
89	package openssl
90
91	// #include "shim.h"
92	import "C"
93
94	import (
95	"errors"
96	"fmt"
97	"strings"
98	)
99
100	func init() {	1✔
101	if rc := C.X_shim_init(); rc != 0 {	1✔
102	panic(fmt.Errorf("X_shim_init failed with %d", rc))	×
103	}
104	}
105
106	// errorFromErrorQueue needs to run in the same OS thread as the operation
107	// that caused the possible error
108	func errorFromErrorQueue() error {	×
109	var errs []string	×
110	for {	×
111	err := C.ERR_get_error()	×
112	if err == 0 {	×
113	break	×
114	}
115	errs = append(errs, fmt.Sprintf("%s:%s:%s",	×
116	C.GoString(C.ERR_lib_error_string(err)),	×
117	C.GoString(C.ERR_func_error_string(err)),	×
118	C.GoString(C.ERR_reason_error_string(err))))	×
119	}
120	return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n")))	×
121	}

mendersoftware / openssl / 1676124181

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous