openssl移植到ARM Linux
openssl简介
OpenSSL 是一个安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL协议,并提供丰富的应用程序供测试或其它目的使用。
一、下载源码
1.从OpenSSL官网下载最新源码 openssl-1.0.2l.tar.gz
https://www.openssl.org/source/old/1.0.0/
2.执行下面命名解压缩
tar zxvf openssl-1.0.2l.tar.gz
github下载最新源码
git clone https://github.com/openssl/openssl.git
git checkout OpenSSL_1_0_1l
二、配置openssl
3.进入刚解压的目录cd openssl-1.0.2l/,执行下面指令,做相应的配置:
下面配置方式,二选一即可
方式一:
./Configure no-asm no-shared no-async linux-generic32 --prefix=/data1/mayue/work/myProject/project/opensource/openssl-1.0.0a --cross-compile-prefix=/opt/buildroot-mips-gcc492-uclibc/usr/bin/mipsel-linux-
方式二:
./config no-asm shared no-async --prefix=$(pwd)/install --cross-compile-prefix=arm-linux-
no-asm: 是在交叉编译过程中不使用汇编代码代码加速编译过程,原因是它的汇编代码是对arm格式不支持的。
shared :生成动态连接库。
–prefix :指定make install后生成目录的路径,不修改此项则默认为OPENSSLDIR目录(/usr/local/ssl)。
備註:
之后,打开Makefile,删除里面所有的-m64和-m32编译选项。
由于是新项目编译工具链发生变化需要重新交叉编译openssl,但是交叉编译后使用时发现总是出现公钥加密失败的情况,定位到RSA_size得到的位数都不对。
之前交叉编译openssl静态库/动态库都使用的方式二,但都不好使,百度发现方式一的配置方式,尝试后终于OK,关键的不同是是否带编译参数 linux-generic32
验证demo
//test_rsa.c
#include <stdio.h>
//#include <openssl/rsa.h>
//#include <openssl/x509.h>
#include "./openssl/rsa.h"
#include "./openssl/x509.h"
int main()
{
int i=0;
printf("hello world\n");
unsigned char pub_ras_str[140] = {0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xa5,0x31,0x06,0xc6,0xfc,0x89,0x5a,0x9c,0x73,0x21,0x9b,0xa2,0x0f,0x37,0x7f,0xb5,0xa1,0x73,0x0e,0xc2,0x05,0xa2,0x61,0x5e,0x9a,0x74,0x56,0x1a,0xcf,0xc4,0xe6,0x82,0x6b,0xfe,0x97,0xdc,0xb8,0x96,0x49,0x54,0x96,0xef,0x6c,0xbc,0x7a,0xbb,0x30,0xdc,0x73,0xfe,0x4f,0xde,0xa4,0x5c,0xc5,0x59,0x40,0xd0,0x66,0xee,0xfd,0x28,0x42,0x22,0xf6,0xa0,0xeb,0x45,0xe6,0x62,0x46,0x6a,0x71,0xaa,0x72,0x94,0xf7,0xdd,0xe2,0x6a,0x2e,0x8a,0x1b,0x61,0x00,0x09,0x2f,0x8b,0x9e,0x25,0x4e,0xcf,0x7f,0xce,0x59,0xdb,0xfb,0x52,0x3d,0x59,0x3e,0xd2,0x31,0x6c,0xf1,0xe8,0x31,0x7b,0xe7,0xa9,0x1f,0x19,0x1e,0xe3,0x27,0x86,0xad,0xcf,0x64,0xaf,0x60,0xd4,0x30,0x8f,0x30,0x2d,0x40,0x33,0x02,0x03,0x01,0x00,0x01};
for(i=0;i<sizeof(pub_ras_str);i++)
{
printf("pub_ras_str[%d] = %#x\n",i,pub_ras_str[i]);
}
unsigned char *pPubKeyBuff = pub_ras_str;
int pPubKeyLength = 140;
RSA *pPubRsa = NULL;
int iRsa_len = -1;
pPubRsa = d2i_RSAPublicKey(NULL, (const unsigned char **)&pPubKeyBuff, (long)pPubKeyLength);
if (NULL == pPubRsa)
{
printf("d2i_RSAPublicKey failed\n");
return -1;
}
iRsa_len = RSA_size(pPubRsa) - 11; //RSA_size(pPubRsa)应该为128
if (iRsa_len < 0)
{
printf("RSA_size failed, iRsa_len[%d]\n", iRsa_len);
RSA_free(pPubRsa);
return -1;
}
printf("RSA_size ok, iRsa_len[%d] RSA_size(pPubRsa)=%d\n", iRsa_len,RSA_size(pPubRsa));
return 0;
}
上面RSA_size(pPubRsa)应该为128,pub_ras_str公钥字符数组是抓包拷贝出来的。
配置参数说明:
no-asm: 在交叉编译过程中不使用汇编代码代码加速编译过程;
shared: 生成动态连接库,shared和no-shared二选一;
no-shared: 生成静态连接库,shared和no-shared二选一;
no-async: 交叉编译工具链没有提供GNU C的ucontext库;
--prefix: 安装路径;
--cross-compile-prefix: 交叉编译工具;
linux-generic32: 表示标准32位linux,平台类型选项;
三、编译
1.执行make编译工程;
2.执行make install,安装openssl到指定路径;
值得注意的是,在arm交叉编译环境中,引用库的顺序为:-lssl -lcrypto,如果为 -lcrypto -lssl就会编译错误。