目录
一:linux环境安装openssl库:
1.OpenSSL(Open Secure Sockets Layer):是一个开放源代码的软件库包,应用程序可以使用这个包来进行安全通信,
避免窃听,同时确认另一端连接者的身份。这个包广泛被应用在互联网的网页服务器上。
2.源码下载:
https://www.openssl.org/source/
3.解压:
sudo tar -zxvf openssl-1.1.1d.tar.gz -C .
4.配置:
sudo ./config --prefix=/usr/ssl shared zlib
注意:
–prefix=/usr/ssl的意思是将openssl库安装到/usr/ssl目录下;
5.编译及安装:
sudo make
sudo make install
此时openssl的库文件已经安装到了/usr/ssl路径下,可执行ls命令查看:
ls /usr/ssl
7.创建软连接:
sudo ln -s /usr/ssl/bin/openssl /usr/bin/openssl
sudo ln -s /usr/ssl/include/openssl /usr/include/openssl
注:如失败,可先删除原openssl
sudo rm -rf /usr/bin/openssl
sudo rm -rf /usr/include/openssl
8.检查openssl版本:
openssl version
报错:
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
解决:
sudo ln -s /usr/ssl/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
sudo ln -s /usr/ssl/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
再次执行上述命令:可以看到openssl已经可成功运行:
aston@ubuntu:/usr/include$ openssl version
OpenSSL 1.1.1d 10 Sep 2019
二:编译安装到/home/aston/huawei/openssl-1.1.1d/install_lib文件夹:
sudo tar -zxvf openssl-1.1.1d.tar.gz -C .
mkdir install_lib
sudo chown -R aston openssl-1.1.1d/
sudo ./config --prefix=/home/aston/huawei/openssl-1.1.1d/install_lib shared zlib
sudo make
sudo make install
三:测试openssl加密功能:
1.EVP加密,解密:
1.EVP加密,解密:
代码:
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <stdio.h>
#include <string.h>
int do_encrypt(unsigned char *iv, unsigned char *key, unsigned char *inBuffer, int inLen, unsigned char *outBuffer, int* pOutLen)
{
int tmplen;
EVP_CIPHER_CTX *ctx;
ctx = malloc(1024);
EVP_CIPHER_CTX_init(ctx);
EVP_EncryptInit_ex(ctx,EVP_aes_128_cbc(), NULL, key, iv);
if(!EVP_EncryptUpdate(ctx, outBuffer, pOutLen, inBuffer, inLen))
{
return 0;
}
if(!EVP_EncryptFinal_ex(ctx, outBuffer + *pOutLen, &tmplen))
{
return 0;
}
*pOutLen += tmplen;
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
return 1;
}
int do_decrypt(unsigned char *iv, unsigned char *key, unsigned char*inBuffer, int inLen, unsigned char *outBuffer, int* pOutLen)
{
int tmplen;
EVP_CIPHER_CTX *ctx;
ctx = malloc(1024);
EVP_CIPHER_CTX_init(ctx);
EVP_DecryptInit_ex(ctx,EVP_aes_128_cbc(), NULL, key, iv);
if(!EVP_DecryptUpdate(ctx, outBuffer, pOutLen, inBuffer, inLen))
{
return 0;
}
if(!EVP_DecryptFinal_ex(ctx, outBuffer + *pOutLen, &tmplen))
{
return 0;
}
*pOutLen += tmplen;
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
return 1;
}
void test_encrypt_decrypt()
{
char cmd[512] = {0};
unsigned char iv[128] = {0};
unsigned char key[128] = {0};
unsigned char inBuffer[] = "hello,world";
unsigned char outBuffer[128] = {0};
int outlen = 0;
int ret = 0;
int i = 0;
unsigned char inBuffer_new[128] = {0};
int inlen_new = 0;
printf("input the key:\n");
memset(cmd, 0, sizeof(cmd));
fgets(cmd, sizeof(cmd), stdin);
memcpy(key, cmd, strlen(cmd));
printf("[%s:%d]:[yang] key = %s",__FUNCTION__,__LINE__,key);
memset(cmd, 0, sizeof(cmd));
printf("input the iv:\n");
fgets(cmd, sizeof(cmd), stdin);
memcpy(iv, cmd, strlen(cmd));
printf("[%s:%d]:[yang] iv = %s",__FUNCTION__,__LINE__,iv);
//int len = strlen(inBuffer);
//int len = sizeof(inBuffer);
int len = 12;
ret = do_encrypt(iv,key,inBuffer,len,outBuffer,&outlen);
//printf("[%s:%d]:[yang] inBuffer = %s, strlen(inBuffer) = %d \n",__FUNCTION__,__LINE__,inBuffer, strlen(inBuffer));
printf("[%s:%d]:[yang] outBuffer = %s, outlen = %d \n",__FUNCTION__,__LINE__,outBuffer, outlen);
printf("[%s:%d]:[yang] ret = %d \n",__FUNCTION__,__LINE__,ret);
if(ret)
{
printf("the ciphertext is:");
for(i = 0; i < outlen; i++)
{
printf("%02x",outBuffer[i]);
}
printf("\n");
}
else
{
printf("do_encrypt err\n");
}
ret = do_decrypt(iv,key,outBuffer,outlen,inBuffer_new,&inlen_new);
printf("[%s:%d]:[yang] outBuffer = %s, outlen = %d \n",__FUNCTION__,__LINE__,outBuffer, outlen);
printf("[%s:%d]:[yang] inBuffer_new = %s, inlen_new = %d \n",__FUNCTION__,__LINE__,inBuffer_new, inlen_new);
printf("[%s:%d]:[yang] ret = %d \n",__FUNCTION__,__LINE__,ret);
if(ret)
{
printf("the plaintext is:");
for(i = 0; i < inlen_new; i++)
{
printf("%c",inBuffer_new[i]);
}
printf("\n");
}
else
{
printf("do_encrypt err\n");
}
}
打印:
/*
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out
input the key:
12345
[main:83]:[yang] key = 12345
input the iv:
12345
[main:89]:[yang] iv = 12345
[main:96]:[yang] outBuffer = :g;?GY>rQ?}
?, outlen = 16
[main:98]:[yang] ret = 1
the ciphertext is:3a673b1217189747593e7251e87d0bee
[main:117]:[yang] outBuffer = :g;?GY>rQ?}
?, outlen = 16
[main:118]:[yang] inBuffer_new = hello,world, inlen_new = 12
[main:120]:[yang] ret = 1
the plaintext is:hello,world
*/
2.MD5分步加密:
代码:
int test_md5_1()
{
MD5_CTX ctx;
unsigned char outmd[16];
int i=0;
memset(outmd,0,sizeof(outmd));
MD5_Init(&ctx);
MD5_Update(&ctx,"hel",3);
MD5_Update(&ctx,"lo\n",3);
MD5_Final(outmd,&ctx);
for(i=0;i<16;i<i++)
{
printf("%02X",outmd[i]);
}
printf("\n");
return 0;
}
打印:
/*结果:
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out
B1946AC92492D2347C6235B4D2611184
*/
3.MD5一次性加密:
代码:
int test_md5_2()
{
MD5_CTX ctx;
unsigned char outmd[16];
unsigned char test_buf[16];
int i = 0;
const unsigned char data[16] = "hello\n";
memset(outmd,0,sizeof(outmd));
size_t len = 6;
MD5(data, len, outmd);
for(i = 0;i < 16;i < i++)
{
printf("%02X",outmd[i]);
}
printf("\n");
return 0;
}
打印:
/*
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ make
g++ test_openssl.cpp -g -I./include -L./lib -lssl -lcrypto -ldl -lpthread -lz -std=c++11 -o app.out
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out
B1946AC92492D2347C6235B4D2611184
*/
4.可能遇到的问题:
void test_OpenSSL_init()
{
EVP_CIPHER_CTX *a = NULL;
//ctx = malloc(1024);
//EVP_CIPHER_CTX a;
OpenSSL_add_all_algorithms();
}
注:
不能直接定义EVP_CIPHER_CTX变量,
需要定制EVP_CIPHER_CTX的指针a,再去申请内存,
否则会报错。
四:移植openssl到到ARM:
1.编译:
sudo tar -zxvf openssl-1.1.1d.tar.gz -C .
mkdir install_lib
sudo chown -R aston openssl-1.1.1d/
sudo ./config no-async no-asm --prefix=/home/aston/huawei_linux/openssl-1.1.1d/install_lib shared zlib --cross-compile-prefix=/opt/hisi-linux/x86-arm/arm-hisiv300-linux/target/bin/arm-hisiv300-linux-
sudo make
sudo make install
注:config说明:
–cross-compile-prefix=: 交叉编译工具
no-asm: 在交叉编译过程中不使用汇编代码代码加速编译过程;
shared: 生成动态连接库。
no-async: 交叉编译工具链没有提供GNU C的ucontext库
–prefix=: 安装路径
–cross-compile-prefix=: 交叉编译工具
2.make时会报错,需要修改Makefile:
a:
#PLATFORM=linux-x86
PLATFORM=linux-armv4
b:
//删除掉两处 “-m32”
CNF_CPPFLAGS=-DZLIB -DNDEBUG
CNF_CFLAGS=-pthread //这里
CNF_CXXFLAGS=-std=c++11 -pthread
CNF_LDFLAGS= //这里
CNF_EX_LIBS=-lz -ldl -pthread
3.报错:汇编相关:
解决:./config添加:no-asm
在交叉编译过程中不使用汇编代码代码加速编译过程;
4.sudo make遇到的问题:
报错:
fatal error: zlib.h: No such file or directory
原因:找不到 zlib.h 头文件:
解决:
在Makefile修改:指定交叉编译的zlib库的头文件路径:
CFLAGS=-Wall -O3 -fomit-frame-pointer
改为:(指定正确的zlib头文件路径)
CFLAGS=-Wall -O3 -fomit-frame-pointer -I/home/aston/huawei_linux/zlib-1.2.11/install_lib/include
5.报错:链接不到zlib库;
rm-hisiv300-linux-uclibcgnueabi/bin/ld: cannot find -lz
collect2: error: ld returned 1 exit status
原因:
找不到zlib库;
解决:
在Makefile修改:指定交叉编译的zlib库的头文件路径:
LDFLAGS=
改为:
LDFLAGS=-L/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib
全局正确的参数说明:
CROSS_COMPILE=/opt/hisi-linux/x86-arm/arm-hisiv300-linux/target/bin/arm-hisiv300-linux-
CC=$(CROSS_COMPILE)gcc
CXX=$(CROSS_COMPILE)g++
CFLAGS=-Wall -O3 -fomit-frame-pointer -I/home/aston/huawei_linux/zlib-1.2.11/install_lib/include
LDFLAGS=-L/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib
6.报错:
./libcrypto.so: undefined reference to `getcontext'
./libcrypto.so: undefined reference to `setcontext'
./libcrypto.so: undefined reference to `makecontext'
原因:交叉编译工具链没有提供GNU C的ucontext库导致的:
解决:
在执行config时加上 no-async 参数即可。
五:修改linux系统的链接库路径环境变量: LD_LIBRARY_PATH
方法一:
//修改环境变量:
:/home/aston/huawei/zlib-1.2.11/install_lib/lib
改为:
:/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib
重新初始化环境变量:
source /etc/profile
1在最后添加:
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ sudo vi /etc/profile
2.查看:失败:
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ echo $LD_LIBRARY_PATH
/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei/zlib-1.2.11/install_lib/lib
3.重新初始化环境变量:
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ source /etc/profile
4.查看:成功:
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ echo $LD_LIBRARY_PATH
/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$
方法二:
aston@ubuntu:~/huawei_linux/pcre-8.39/install_lib/lib$ LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/aston/huawei_linux/pcre-8.39/install_lib/lib
//查看:
aston@ubuntu:~/huawei_linux/pcre-8.39/install_lib/lib$ echo $LD_LIBRARY_PATH
:/usr/local/gcc-8.3.0/lib:/usr/local/lib:/home/aston/workplace/ortp/ortp-0.24.2/install/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei_linux/pcre-8.39/install_lib/lib
六:查看openssl版本:
aston@ubuntu:~/huawei_linux/zlib-1.2.11$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
aston@ubuntu:~/huawei_linux/zlib-1.2.11$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Tue Dec 4 20:10:05 UTC 2018
platform: debian-i386
options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"