我正在使用FIPS Capable OpenSSL。源代码是隔离的,无法更改。
要链接到OpenSSL库的静态版本,我们需要做的就是:
export FIPS_SIG=`find /usr/local/ssl -iname incore`
export CC=`find /usr/local/ssl -iname fipsld`
export FIPSLS_CC=`find /usr/bin -iname gcc`
然后,只需执行:
$CC $CFLAGS <sources> -o myprogram <openssl libs>
回转的原因是OpenSSL将插入一个额外的源文件 - fips_premain.c - 并用程序源编译它。 (会发生一些额外的步骤,但fips_premain.c的编译是相关的步骤。)
然而,当使用g++时,一些符号是未定义的,因为它们是在安装OpenSSL时使用C编译器编译的,并且g ++在调用时无法找到它们:
/tmp/fips_premain-20db15.o: In function `FINGERPRINT_premain()':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `FIPS_text_start()'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `FIPS_incore_fingerprint(unsigned char*, unsigned int)'
如果我添加--no-demangle链接器选项,这是输出的内容:
/tmp/fips_premain-be4611.o: In function `_Z19FINGERPRINT_premainv':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `_Z15FIPS_text_startv'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `_Z23FIPS_incore_fingerprintPhj'
以下是fips_premain.c(第85行)的兴趣点:
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
extern unsigned char FIPS_signature[20];
extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
有没有办法从命令行将符号标记为extern "C"?
答案 0 :(得分:4)
在编译命令行上的文件之前向-x c开关提供g++将强制将其编译为C文件而不是默认的C ++。
打开fipsld ++并查找编译fips_premain.c的事件。它是通过变量{PREMAIN_C} ...
编译的
更改行,以便-x c在“$ {PREMAIN_C}”之前,并且-x none在其后面。
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
-x c "${PREMAIN_C}" -x none \
${_WL_PREMAIN} "$@"
在fips_premain.c上强制进行C编译适用于所有配置(库,共享对象和可执行文件),因此可以安全地将其应用于fipsld ++的所有部分。