添加新的对称密码后,openssl 1.0.2g build会导致链接器错误

时间:2016-07-11 02:36:49

标签: c linker openssl

我已将自定义256位对称密码集成到OpenSSL 1.0.2g(ubuntu版本)的源代码中;现在我正面临构建openssl应用程序的链接器错误。我的新密码叫做MYCIPH或myciph。修改的格式如下:

<Filename>

x*  <Code> 

*x indicates the Line No. for the modification/insertion

修改如下:

openssl/Makefile.org:
97  MYCIPH_ENC= myciph_enc.o
...

144 # dirs in crypto to build
145 SDIRS= \
...
148 des aes rc2 rc4 rc5 idea bf myciph cast camellia seed
...
231 MYCIPH_ENC= ‘$(MYCIPH_ENC)’


crypto/evp/Makefile:
22  e_des.c e_bf.c e_myciph.c e_idea.c …
...
35  e_des.o e_bf.o e_myciph.o e_idea.o …

obj_mac.num:*
958 myciph 958

objects.txt:
421 1 3 3 7 : MYCIPH  : myciph

evp.h:
87  # define EVP_MAX_IV_LENGTH  32

782 #endif
783 #ifndef OPENSSL_NO_MYCIPH
784 const EVP_CIPHER *EVP_myciph(void);
785 #endif
786 # ifndef OPENSSL_NO_RC4

c_allc.c:
145 #ifndef OPENSSL_NO_MYCIPH
146 EVP_add_cipher(EVP_myciph());
147 EVP_add_cipher_alias(SN_drgn_bd,"myciph");
148 EVP_add_cipher_alias(SN_drgn_bd,"MYCIPH");

149 #endif

以下是e_myciph.cOPENSSL_ROOT/crypto/evp/文件的内容:

#include <stdio.h>
#include "cryptlib.h"

#ifndef OPENSSL_NO_MYCIPH

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/mycipher.h>

static int myciph_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
            const unsigned char *iv,int enc);
static int myciph_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
              const unsigned char *in, size_t inl);
static const EVP_CIPHER mycipher_cipher=
    {
    NID_myciph,
    1, 32, 32,  
    EVP_CIPH_VARIABLE_LENGTH,
    myciph_init_key,
    myciph_cipher,
    NULL,
    32,
    NULL,
    EVP_CIPHER_set_asn1_iv,
    EVP_CIPHER_get_asn1_iv,
    NULL
    };
const EVP_CIPHER *EVP_myciph(void)
    {
    return(&myciph_cipher);
    }

static int myciph_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
            const unsigned char *iv, int enc)
    {
......
    }

static int myciph_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
              const unsigned char *in, size_t inl)
    {
......
    }
#endif

其他更改的文件包括:

ssl_algs.c:
 81 #ifndef OPENSSL_NO_MYCIPH
82 EVP_add_cipher(EVP_myciph());
83 #endif


ssl_locl.h:
357 # define SSL_MYCIPH   0x00004000L

ssl_ciph.c:
167 # define SSL_ENC_MYCIPH_IDX 14
168 # define SSL_ENC_NUM_IDX 15

172 static const EVP_CIPHER*ssl_cipher_methods[SSL_ENC_NUM_IDX]={
173 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL, NULL
174 };

305 {0, SSL_TXT_MYCIPH, 0, 0, 0, SSL_MYCIPH, 0, 0, 0, 0, 0, 0},

//void ssl_load_ciphers(void){
407 ssl_cipher_methods[SSL_ENC_MYCIPH_IDX]= EVP_get_cipherbyname(SN_myciph);

//int ssl_cipher_get_evp(...){
//switch (c->algorithm_enc){
585 case SSL_MYCIPH:
586 i = SSL_ENC_MYCIPH_IDX;
587 break;

675 else if (c->algorithm_enc == SSL_MYCIPH &&
676 (evp=EVP_get_cipherbyname("MYCIPH")))
677 *enc = evp, *md = NULL;


796 *enc |= (ssl_cipher_methods[SSL_ENC_MYCIPH_IDX ] ==
NULL) ? SSL_MYCIPH :0;

1784 case SSL_MYCIPH:
1785 enc="MYCIPH(256)"; 
1786 break;

s3_lib.c:
604 {
605 1,
606 SSL3_TXT_RSA_MYCIPH,
607 SSL3_CK_RSA_MYCIPH,
608 SSL_kRSA,
609 SSL_aRSA,
610 SSL_MYCIPH,
611 SSL_MD5,
612 SSL_SSLV3,
613 SSL_NOT_EXP|SSL_MEDIUM,
614 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
615 256, //Key-Size (bits)
616 256, //IV-Size (bits)
617 },

ssl.h:
              300 # define SSL_TXT_MYCIPH "MYCIPH”

ssl3.h:
179 # define SSL3_CK_RSA_MYCIPH 0x0300001C
...
254 # define SSL3_TXT_RSA_MYCIPH "MYCIPH"

apps/prog.pl:
85  "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
86  "myciph", )

我更改了这些文件后。使用./config fips; make depend; make进行编译是成功的,应用程序可以很好地链接。我甚至设法通过EVP界面测试我的密码:openssl speed -evp myciph

但是,当我通过配置./config fips shared; make depend; make;来为libcryptolibssl生成共享对象来构建时,我收到以下链接器错误:

making all in apps...
make[1]: Entering directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
rm -f openssl
shlib_target=; if [ -n "libcrypto.so.1.0.2 libssl.so.1.0.2" ]; then \
    shlib_target="linux-shared"; \
elif [ -n "" ]; then \
  FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC; \
fi; \
LIBRARIES="-L.. -lssl  -L.. -lcrypto" ; \
make -f ../Makefile.shared -e \
    APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \
    LIBDEPS=" $LIBRARIES -ldl" \
    link_app.${shlib_target}
make[2]: Entering directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
../libssl.so: undefined reference to `EVP_myciph'
collect2: error: ld returned 1 exit status
../Makefile.shared:171: recipe for target 'link_app.gnu' failed
make[2]: *** [link_app.gnu] Error 1
make[2]: Leaving directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
Makefile:156: recipe for target 'openssl' failed
make[1]: *** [openssl] Error 2
make[1]: Leaving directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
Makefile:297: recipe for target 'build_apps' failed
make: *** [build_apps] Error 1

我是否错过了必须改变的一切?我的更改是否正确?请告知谢谢。

编辑: 在OpenSSL-dev邮件列表上询问某人(Ben)之后,看来Debian打包添加了一个层,该层使用和导出符号列表来限制共享库中可以使用的符号;似乎Ubuntu也拿起了那段代码。通过将EVP_myciph添加到符号列表中来编辑源树中的openssl.ld,编译完成后没有问题。

0 个答案:

没有答案