38.linux下安装openssl:测试evp、md5加密解密

一:linux环境安装openssl库:

1.OpenSSL(Open Secure Sockets Layer):是一个开放源代码的软件库包,应用程序可以使用这个包来进行安全通信,
避免窃听,同时确认另一端连接者的身份。这个包广泛被应用在互联网的网页服务器上。

2.源码下载:

https://www.openssl.org/source/

3.解压:

sudo tar -zxvf openssl-1.1.1d.tar.gz -C .

4.配置:

sudo ./config --prefix=/usr/ssl shared zlib

注意:
–prefix=/usr/ssl的意思是将openssl库安装到/usr/ssl目录下;

5.编译及安装:

sudo make
sudo make install

此时openssl的库文件已经安装到了/usr/ssl路径下,可执行ls命令查看:

ls /usr/ssl
	

7.创建软连接:

sudo ln -s /usr/ssl/bin/openssl /usr/bin/openssl
sudo ln -s /usr/ssl/include/openssl /usr/include/openssl

注:如失败,可先删除原openssl

sudo rm -rf /usr/bin/openssl
sudo rm -rf /usr/include/openssl

8.检查openssl版本:

openssl version 

报错:

openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

解决:

sudo ln -s /usr/ssl/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
sudo ln -s /usr/ssl/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1

再次执行上述命令:可以看到openssl已经可成功运行:

aston@ubuntu:/usr/include$ openssl version 
OpenSSL 1.1.1d  10 Sep 2019

二:编译安装到/home/aston/huawei/openssl-1.1.1d/install_lib文件夹:

sudo tar -zxvf openssl-1.1.1d.tar.gz -C .
mkdir install_lib
sudo chown -R aston openssl-1.1.1d/
sudo ./config --prefix=/home/aston/huawei/openssl-1.1.1d/install_lib shared zlib
sudo make
sudo make install

三:测试openssl加密功能:

1.EVP加密,解密:
1.EVP加密,解密:
代码:

#include <openssl/evp.h>
#include <openssl/md5.h>
#include <stdio.h>
#include <string.h>

int do_encrypt(unsigned char *iv, unsigned char *key, unsigned char *inBuffer, int inLen, unsigned char *outBuffer, int* pOutLen)
{
	int tmplen;
	EVP_CIPHER_CTX *ctx;
	ctx = malloc(1024);
	
	EVP_CIPHER_CTX_init(ctx);
	EVP_EncryptInit_ex(ctx,EVP_aes_128_cbc(), NULL, key, iv);
	
	if(!EVP_EncryptUpdate(ctx, outBuffer, pOutLen, inBuffer, inLen))
	{
		return 0;
	}
	
	if(!EVP_EncryptFinal_ex(ctx, outBuffer + *pOutLen, &tmplen))
	{
		return 0;
	}
	
	*pOutLen += tmplen;
	
	EVP_CIPHER_CTX_cleanup(ctx);

	free(ctx);
	return 1;
}


int do_decrypt(unsigned char *iv, unsigned char *key, unsigned char*inBuffer, int inLen, unsigned char *outBuffer, int* pOutLen)
{
	int tmplen;
	EVP_CIPHER_CTX *ctx;
	ctx = malloc(1024);
	
	EVP_CIPHER_CTX_init(ctx);
	EVP_DecryptInit_ex(ctx,EVP_aes_128_cbc(), NULL, key, iv);
	
	if(!EVP_DecryptUpdate(ctx, outBuffer, pOutLen, inBuffer, inLen))
	{
		return 0;
	}
	
	if(!EVP_DecryptFinal_ex(ctx, outBuffer + *pOutLen, &tmplen))
	{
		return 0;
	}
	
	*pOutLen += tmplen;
	EVP_CIPHER_CTX_cleanup(ctx);

	free(ctx);
	return 1;
}


void test_encrypt_decrypt()
{
	char cmd[512] = {0};
	unsigned char iv[128] = {0};
	unsigned char key[128] = {0};
	
	unsigned char inBuffer[] = "hello,world";
	unsigned char outBuffer[128] = {0};
	
	int outlen = 0;
	int ret = 0;
	int i = 0;
	
	unsigned char inBuffer_new[128] = {0};
	int inlen_new = 0;


	printf("input the key:\n");
	memset(cmd, 0, sizeof(cmd));
	fgets(cmd, sizeof(cmd), stdin);
	memcpy(key, cmd, strlen(cmd));
	printf("[%s:%d]:[yang] key = %s",__FUNCTION__,__LINE__,key);
	
	memset(cmd, 0, sizeof(cmd));
	printf("input the iv:\n");
	fgets(cmd, sizeof(cmd), stdin);
	memcpy(iv, cmd, strlen(cmd));
	printf("[%s:%d]:[yang] iv = %s",__FUNCTION__,__LINE__,iv);

	//int len = strlen(inBuffer);
	//int len = sizeof(inBuffer);
	int len = 12;
	ret = do_encrypt(iv,key,inBuffer,len,outBuffer,&outlen);
	//printf("[%s:%d]:[yang] inBuffer = %s, strlen(inBuffer) = %d \n",__FUNCTION__,__LINE__,inBuffer, strlen(inBuffer));
	printf("[%s:%d]:[yang] outBuffer = %s, outlen = %d \n",__FUNCTION__,__LINE__,outBuffer, outlen);

	printf("[%s:%d]:[yang] ret = %d \n",__FUNCTION__,__LINE__,ret);
	if(ret)
	{
		printf("the ciphertext is:");
		
		for(i = 0; i < outlen; i++)
		{
			printf("%02x",outBuffer[i]);
		}		
		printf("\n");
	}
	else
	{
		printf("do_encrypt err\n");
	}


	ret = do_decrypt(iv,key,outBuffer,outlen,inBuffer_new,&inlen_new);

	printf("[%s:%d]:[yang] outBuffer = %s, outlen = %d \n",__FUNCTION__,__LINE__,outBuffer, outlen);
	printf("[%s:%d]:[yang] inBuffer_new = %s, inlen_new = %d \n",__FUNCTION__,__LINE__,inBuffer_new, inlen_new);

	printf("[%s:%d]:[yang] ret = %d \n",__FUNCTION__,__LINE__,ret);

	if(ret)
	{
		printf("the plaintext is:");
		
		for(i = 0; i < inlen_new; i++)
		{
			printf("%c",inBuffer_new[i]);
		}		
		printf("\n");
	}
	else
	{
		printf("do_encrypt err\n");
	}

}

打印:

/*
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out 
input the key:
12345
[main:83]:[yang] key = 12345
input the iv:
12345
[main:89]:[yang] iv = 12345
[main:96]:[yang] outBuffer = :g;?GY>rQ?}
                                           ?, outlen = 16 
[main:98]:[yang] ret = 1 
the ciphertext is:3a673b1217189747593e7251e87d0bee
[main:117]:[yang] outBuffer = :g;?GY>rQ?}
                                            ?, outlen = 16 
[main:118]:[yang] inBuffer_new = hello,world, inlen_new = 12 
[main:120]:[yang] ret = 1 
the plaintext is:hello,world

*/

2.MD5分步加密:
代码:

int test_md5_1()
{
    MD5_CTX ctx;
    unsigned char outmd[16];
    int i=0;
 
    memset(outmd,0,sizeof(outmd));
	
    MD5_Init(&ctx);
	
    MD5_Update(&ctx,"hel",3);
    MD5_Update(&ctx,"lo\n",3);
	
    MD5_Final(outmd,&ctx);
    for(i=0;i<16;i<i++)
    {
        printf("%02X",outmd[i]);
    }
    printf("\n");
    return 0;
}

打印:

/*结果:
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out 
B1946AC92492D2347C6235B4D2611184

*/

3.MD5一次性加密:
代码:

int test_md5_2()
{
	MD5_CTX ctx;
	unsigned char outmd[16];
	unsigned char test_buf[16];
	int i = 0;

	const unsigned char data[16] = "hello\n";
	memset(outmd,0,sizeof(outmd));

	size_t len = 6;
	MD5(data, len, outmd);
	
	for(i = 0;i < 16;i < i++)
	{
		printf("%02X",outmd[i]);
	}
	printf("\n");
	return 0;
}

打印:

/*
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ make
g++ test_openssl.cpp -g -I./include -L./lib -lssl -lcrypto -ldl -lpthread -lz -std=c++11 -o app.out
aston@ubuntu:/mnt/hgfs/share/source_insight/main_135/test_openssl$ ./app.out 
B1946AC92492D2347C6235B4D2611184

*/

4.可能遇到的问题:

void test_OpenSSL_init()
{
	EVP_CIPHER_CTX *a = NULL;
	//ctx = malloc(1024);
	//EVP_CIPHER_CTX a;
	OpenSSL_add_all_algorithms();
}

注:
不能直接定义EVP_CIPHER_CTX变量,
需要定制EVP_CIPHER_CTX的指针a,再去申请内存,
否则会报错。

四:移植openssl到到ARM:

1.编译:

sudo tar -zxvf openssl-1.1.1d.tar.gz -C .
mkdir install_lib
sudo chown -R aston openssl-1.1.1d/

sudo ./config no-async no-asm --prefix=/home/aston/huawei_linux/openssl-1.1.1d/install_lib shared zlib --cross-compile-prefix=/opt/hisi-linux/x86-arm/arm-hisiv300-linux/target/bin/arm-hisiv300-linux-

sudo make
sudo make install

注:config说明:

–cross-compile-prefix=: 交叉编译工具
no-asm:  在交叉编译过程中不使用汇编代码代码加速编译过程;
shared: 生成动态连接库。
no-async: 交叉编译工具链没有提供GNU C的ucontext库
–prefix=: 安装路径
–cross-compile-prefix=: 交叉编译工具

2.make时会报错,需要修改Makefile:
a:

#PLATFORM=linux-x86
PLATFORM=linux-armv4

b:
//删除掉两处 “-m32”

CNF_CPPFLAGS=-DZLIB -DNDEBUG
CNF_CFLAGS=-pthread 	//这里
CNF_CXXFLAGS=-std=c++11 -pthread 
CNF_LDFLAGS=			//这里
CNF_EX_LIBS=-lz -ldl -pthread

3.报错:汇编相关:
解决:./config添加:no-asm
在交叉编译过程中不使用汇编代码代码加速编译过程;

4.sudo make遇到的问题:
报错:

fatal error: zlib.h: No such file or directory

原因:找不到 zlib.h 头文件:
解决:
在Makefile修改:指定交叉编译的zlib库的头文件路径:

CFLAGS=-Wall -O3 -fomit-frame-pointer
改为:(指定正确的zlib头文件路径)
CFLAGS=-Wall -O3 -fomit-frame-pointer -I/home/aston/huawei_linux/zlib-1.2.11/install_lib/include

5.报错:链接不到zlib库;

rm-hisiv300-linux-uclibcgnueabi/bin/ld: cannot find -lz
collect2: error: ld returned 1 exit status

原因:
找不到zlib库;

解决:
在Makefile修改:指定交叉编译的zlib库的头文件路径:

LDFLAGS=
改为:
LDFLAGS=-L/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib

全局正确的参数说明:

CROSS_COMPILE=/opt/hisi-linux/x86-arm/arm-hisiv300-linux/target/bin/arm-hisiv300-linux-
CC=$(CROSS_COMPILE)gcc
CXX=$(CROSS_COMPILE)g++
CFLAGS=-Wall -O3 -fomit-frame-pointer -I/home/aston/huawei_linux/zlib-1.2.11/install_lib/include	
LDFLAGS=-L/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib

6.报错:

./libcrypto.so: undefined reference to `getcontext'
./libcrypto.so: undefined reference to `setcontext'
./libcrypto.so: undefined reference to `makecontext'

原因:交叉编译工具链没有提供GNU C的ucontext库导致的:

解决:
在执行config时加上 no-async 参数即可。

五:修改linux系统的链接库路径环境变量: LD_LIBRARY_PATH

方法一:

//修改环境变量:

:/home/aston/huawei/zlib-1.2.11/install_lib/lib
改为:
:/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib

重新初始化环境变量:

source /etc/profile

1在最后添加:

aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ sudo vi /etc/profile

2.查看:失败:

aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ echo $LD_LIBRARY_PATH
/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei/zlib-1.2.11/install_lib/lib

3.重新初始化环境变量:

aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ source /etc/profile

4.查看:成功:

aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ echo $LD_LIBRARY_PATH
/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei_linux/zlib-1.2.11/install_lib/lib
aston@ubuntu:~/huawei_linux/openssl-1.1.1d$ 

方法二:

aston@ubuntu:~/huawei_linux/pcre-8.39/install_lib/lib$ LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/aston/huawei_linux/pcre-8.39/install_lib/lib

//查看:

aston@ubuntu:~/huawei_linux/pcre-8.39/install_lib/lib$ echo $LD_LIBRARY_PATH
:/usr/local/gcc-8.3.0/lib:/usr/local/lib:/home/aston/workplace/ortp/ortp-0.24.2/install/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/local/ffmpeg/lib:/home/aston/workplace/ffmpeg/install_so_lib/lib:/usr/lib/i386-linux-gnu:/home/aston/huawei_linux/pcre-8.39/install_lib/lib

六:查看openssl版本:

aston@ubuntu:~/huawei_linux/zlib-1.2.11$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

aston@ubuntu:~/huawei_linux/zlib-1.2.11$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Tue Dec  4 20:10:05 UTC 2018
platform: debian-i386
options:  bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值