openssl: support openssl v3

[NatoBoram]

Checklist

• This is a bug report, not a question. Ask questions on discuss.ipfs.io.
• I have searched on the issue tracker for my bug.
• I am running the latest go-ipfs version or have an issue updating.

Installation method

built from source

Version

go-ipfs version: 0.13.0-dev-63b002566
Repo version: 12
System version: arm64/android
Golang version: go1.18.1

Config

No response

Description

When trying to build it from source with GOTAGS=openssl...

GOTAGS=openssl make install

I'm getting the following error.

go version go1.18.1 android/arm64
bin/check_go_version 1.15.2
plugin/loader/preload.sh > plugin/loader/preload.go
go fmt plugin/loader/preload.go >/dev/null
go install "-asmflags=all='-trimpath='" "-gcflags=all='-trimpath='" -ldflags="-X "github.com/ipfs/go-ipfs".CurrentCommit=63b002566" -tags="openssl" ./cmd/ipfs
# github.com/libp2p/go-openssl
../../go/pkg/mod/github.com/libp2p/[email protected]/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set
make: *** [cmd/ipfs/Rules.mk:37: cmd/ipfs-install] Error 2

Without GOTAGS=openssl, it works.

go version go1.18.1 android/arm64
bin/check_go_version 1.15.2
plugin/loader/preload.sh > plugin/loader/preload.go
go fmt plugin/loader/preload.go >/dev/null
go install "-asmflags=all='-trimpath='" "-gcflags=all='-trimpath='" -ldflags="-X "github.com/ipfs/go-ipfs".CurrentCommit=63b002566" ./cmd/ipfs

On linux/amd64, it works.

go version go1.18.1 linux/amd64
bin/check_go_version 1.15.2
plugin/loader/preload.sh > plugin/loader/preload.go
go fmt plugin/loader/preload.go >/dev/null
go install "-asmflags=all='-trimpath='" "-gcflags=all='-trimpath='" -ldflags="-X "github.com/ipfs/go-ipfs".CurrentCommit=63b002566" -tags="openssl" ./cmd/ipfs

[Jorropo]

Testing it on my machine (cross compiling) I have different errors.
The only way I can reproduce this is if I try to build from termux.

We don't have time to allocate to fix building openssl with termux.
If you want to take a shot at it, the lib is at https://github.com/libp2p/go-openssl, if the fixes are really simple some might review them.

FYI I have managed to build inside termux without using openssl (and with quic support commented out because termux ships with go1.18.1 and my patience runned before trying to install go1.17).

So for now, openssl isn't supported and you need to use go std's crypto lib.

[Jorropo]

I'm closing the issue so it wont show up bright green "help wanted" fyi, I don't want random people that want to help waste time on this (because we will probably not even review it).

[NatoBoram]

This issue might've invaded linux/amd64 in a recent commit

go version go1.18.1 linux/amd64
bin/check_go_version 1.17
plugin/loader/preload.sh > plugin/loader/preload.go
go fmt plugin/loader/preload.go >/dev/null
go install "-asmflags=all='-trimpath='" "-gcflags=all='-trimpath='" -ldflags="-X "github.com/ipfs/go-ipfs".CurrentCommit=126ebc459" -tags="openssl" ./cmd/ipfs
# github.com/libp2p/go-openssl
../../go/pkg/mod/github.com/libp2p/[email protected]/fips.go:31:7: could not determine kind of name for C.FIPS_mode_set
make: *** [cmd/ipfs/Rules.mk:37: cmd/ipfs-install] Error 2

[Jorropo]

@NatoBoram current master on my machine:

$ GOTAGS=openssl make build
go version devel go1.19-5a103ca5e9 Tue May 3 18:33:02 2022 +0000 linux/amd64
bin/check_go_version 1.17
plugin/loader/preload.sh > plugin/loader/preload.go
go fmt plugin/loader/preload.go >/dev/null
go build  "-asmflags=all='-trimpath='" "-gcflags=all='-trimpath='" -ldflags="-X "github.com/ipfs/go-ipfs".CurrentCommit=126ebc459-dirty" -tags="openssl" -o "cmd/ipfs/ipfs" "github.com/ipfs/go-ipfs/cmd/ipfs"

Also there hasn't been any change to our openssl wrapper since august 2021.

Are you not running a rolling release by luck ? (what is your OS and version pls ?)
I think this issue is an API change in the newest openssl version, and we are expecting the old one.

[NatoBoram]

I'm not running a rolling release, but I did upgrade to the latest Pop OS release recently

This is what I'm running:

OS: Pop!_OS 22.04 LTS x86_64 
Kernel: 5.16.19-76051619-generic 

And I have this as my openssl version:

Package: openssl
Version: 3.0.2-0ubuntu1

[Jorropo]

I'm running 1.1.1.
I guess that explains it.

[Jorropo]

If anyone want to work on this, it's here: https://github.com/libp2p/go-openssl

Should be easy, if you know a bit of C and Go.

For now I'm leaving this for the community to fix, we will see with other maintainers but I don't think anyone of us is interested in that.

[Stebalien]

Does libp2p/go-openssl#25 work for you? Unfortunately, I have no easy way to test this.

[github-actions]

Oops, seems like we needed more information for this issue, please comment with more details or this issue will be closed in 7 days.

[github-actions]

This issue was closed because it is missing author input.

[garfield-su]

upgrade go-openssl from v0.0.7 to v0.1.0

•   github.com/libp2p/go-openssl v0.0.7 // indirect
  

•   github.com/libp2p/go-openssl v0.1.0 // indirect
  

[h-vetinari]

Could someone reopen this please? This issue is increasing in importance with every passing months, as more and more distros etc. switch to openssl 3.

[Jorropo]

@h-vetinari we merged some code that should have fixed it, does that not work ?

[h-vetinari]

@h-vetinari we merged some code that should have fixed it, does that not work ?

Turns out there was a "race condition" with the OpenSSL 3 PR & the release of v0.16; turns out things build fine with the newest version. Thanks a lot! :)