我已将自定义256位对称密码集成到OpenSSL 1.0.2g(ubuntu版本)的源代码中;现在我正面临构建openssl应用程序的链接器错误。我的新密码叫做MYCIPH或myciph。修改的格式如下:
<Filename>
x* <Code>
*x indicates the Line No. for the modification/insertion
修改如下:
openssl/Makefile.org:
97 MYCIPH_ENC= myciph_enc.o
...
144 # dirs in crypto to build
145 SDIRS= \
...
148 des aes rc2 rc4 rc5 idea bf myciph cast camellia seed
...
231 MYCIPH_ENC= ‘$(MYCIPH_ENC)’
crypto/evp/Makefile:
22 e_des.c e_bf.c e_myciph.c e_idea.c …
...
35 e_des.o e_bf.o e_myciph.o e_idea.o …
obj_mac.num:*
958 myciph 958
objects.txt:
421 1 3 3 7 : MYCIPH : myciph
evp.h:
87 # define EVP_MAX_IV_LENGTH 32
782 #endif
783 #ifndef OPENSSL_NO_MYCIPH
784 const EVP_CIPHER *EVP_myciph(void);
785 #endif
786 # ifndef OPENSSL_NO_RC4
c_allc.c:
145 #ifndef OPENSSL_NO_MYCIPH
146 EVP_add_cipher(EVP_myciph());
147 EVP_add_cipher_alias(SN_drgn_bd,"myciph");
148 EVP_add_cipher_alias(SN_drgn_bd,"MYCIPH");
149 #endif
以下是e_myciph.c
中OPENSSL_ROOT/crypto/evp/
文件的内容:
#include <stdio.h>
#include "cryptlib.h"
#ifndef OPENSSL_NO_MYCIPH
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/mycipher.h>
static int myciph_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv,int enc);
static int myciph_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static const EVP_CIPHER mycipher_cipher=
{
NID_myciph,
1, 32, 32,
EVP_CIPH_VARIABLE_LENGTH,
myciph_init_key,
myciph_cipher,
NULL,
32,
NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
NULL
};
const EVP_CIPHER *EVP_myciph(void)
{
return(&myciph_cipher);
}
static int myciph_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
......
}
static int myciph_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
......
}
#endif
其他更改的文件包括:
ssl_algs.c:
81 #ifndef OPENSSL_NO_MYCIPH
82 EVP_add_cipher(EVP_myciph());
83 #endif
ssl_locl.h:
357 # define SSL_MYCIPH 0x00004000L
ssl_ciph.c:
167 # define SSL_ENC_MYCIPH_IDX 14
168 # define SSL_ENC_NUM_IDX 15
172 static const EVP_CIPHER*ssl_cipher_methods[SSL_ENC_NUM_IDX]={
173 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL, NULL
174 };
305 {0, SSL_TXT_MYCIPH, 0, 0, 0, SSL_MYCIPH, 0, 0, 0, 0, 0, 0},
//void ssl_load_ciphers(void){
407 ssl_cipher_methods[SSL_ENC_MYCIPH_IDX]= EVP_get_cipherbyname(SN_myciph);
//int ssl_cipher_get_evp(...){
//switch (c->algorithm_enc){
585 case SSL_MYCIPH:
586 i = SSL_ENC_MYCIPH_IDX;
587 break;
675 else if (c->algorithm_enc == SSL_MYCIPH &&
676 (evp=EVP_get_cipherbyname("MYCIPH")))
677 *enc = evp, *md = NULL;
796 *enc |= (ssl_cipher_methods[SSL_ENC_MYCIPH_IDX ] ==
NULL) ? SSL_MYCIPH :0;
1784 case SSL_MYCIPH:
1785 enc="MYCIPH(256)";
1786 break;
s3_lib.c:
604 {
605 1,
606 SSL3_TXT_RSA_MYCIPH,
607 SSL3_CK_RSA_MYCIPH,
608 SSL_kRSA,
609 SSL_aRSA,
610 SSL_MYCIPH,
611 SSL_MD5,
612 SSL_SSLV3,
613 SSL_NOT_EXP|SSL_MEDIUM,
614 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
615 256, //Key-Size (bits)
616 256, //IV-Size (bits)
617 },
ssl.h:
300 # define SSL_TXT_MYCIPH "MYCIPH”
ssl3.h:
179 # define SSL3_CK_RSA_MYCIPH 0x0300001C
...
254 # define SSL3_TXT_RSA_MYCIPH "MYCIPH"
apps/prog.pl:
85 "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
86 "myciph", )
我更改了这些文件后。使用./config fips; make depend; make
进行编译是成功的,应用程序可以很好地链接。我甚至设法通过EVP界面测试我的密码:openssl speed -evp myciph
。
但是,当我通过配置./config fips shared; make depend; make;
来为libcrypto
和libssl
生成共享对象来构建时,我收到以下链接器错误:
making all in apps...
make[1]: Entering directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
rm -f openssl
shlib_target=; if [ -n "libcrypto.so.1.0.2 libssl.so.1.0.2" ]; then \
shlib_target="linux-shared"; \
elif [ -n "" ]; then \
FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC; \
fi; \
LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \
make -f ../Makefile.shared -e \
APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \
LIBDEPS=" $LIBRARIES -ldl" \
link_app.${shlib_target}
make[2]: Entering directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
../libssl.so: undefined reference to `EVP_myciph'
collect2: error: ld returned 1 exit status
../Makefile.shared:171: recipe for target 'link_app.gnu' failed
make[2]: *** [link_app.gnu] Error 1
make[2]: Leaving directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
Makefile:156: recipe for target 'openssl' failed
make[1]: *** [openssl] Error 2
make[1]: Leaving directory '/home/wanghao/Documents/iVPN/openssl_new/openssl-1.0.2g/apps'
Makefile:297: recipe for target 'build_apps' failed
make: *** [build_apps] Error 1
我是否错过了必须改变的一切?我的更改是否正确?请告知谢谢。
编辑: 在OpenSSL-dev邮件列表上询问某人(Ben)之后,看来Debian打包添加了一个层,该层使用和导出符号列表来限制共享库中可以使用的符号;似乎Ubuntu也拿起了那段代码。通过将EVP_myciph添加到符号列表中来编辑源树中的openssl.ld,编译完成后没有问题。