带有no-cms选项的OpenSSL抱怨没有使用make依赖的CMS

时间:2017-07-05 18:25:29

标签: gcc openssl msys

使用以下命令在Windows上的MSys 1.0中配置相当简单的OpenSSL 1.0.2l。

./Configure no-zlib no-shared no-dso no-krb5 no-camellia no-capieng no-cast no-cms no-dtls1 no-gost no-gmp no-heartbe
ats no-idea no-jpake no-md2 no-mdc2 no-rc5 no-rdrand no-rfc3779 no-rsax no-sctp no-seed no-sha0 no-static_engine no-whi
rlpool no-rc2 no-rc4 no-ssl2 no-ssl3 mingw

运行configure后,运行make depend会出现以下错误。

In file included from dh_kdf.c:58:0:
../../include/openssl/cms.h:61:4: error: #error CMS is disabled.
 #  error CMS is disabled.

这似乎很愚蠢,当然我告诉它没有cms。任何想法除了删除no-cms之外还要做什么?

make -v
GNU Make 3.81
Copyright (C) 2006  Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.

This program built for i686-pc-msys

gcc -v
Using built-in specs.
COLLECT_GCC=c:\mingw32\bin\gcc.exe
COLLECT_LTO_WRAPPER=c:/mingw32/bin/../libexec/gcc/i686-w64-mingw32/4.9.2/lto-wrapper.exe
Target: i686-w64-mingw32
Configured with: ../../../src/gcc-4.9.2/configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --target=i686-w64-mingw32 --prefix=/mingw32 --with-sysroot=/c/mingw492/i686-492-posix-dwarf-rt_v3-rev1/mingw32 --with-gxx-include-dir=/mingw32/i686-w64-mingw32/include/c++ --enable-shared --enable-static --disable-multilib --enable-languages=ada,c,c++,fortran,objc,obj-c++,lto --enable-libstdcxx-time=yes --enable-threads=posix --enable-libgomp --enable-libatomic --enable-lto --enable-graphite --enable-checking=release --enable-fully-dynamic-string --enable-version-specific-runtime-libs --disable-sjlj-exceptions --with-dwarf2 --disable-isl-version-check --disable-cloog-version-check --disable-libstdcxx-pch --disable-libstdcxx-debug --enable-bootstrap --disable-rpath --disable-win32-registry --disable-nls --disable-werror --disable-symvers --with-gnu-as --with-gnu-ld --with-arch=i686 --with-tune=generic --with-libiconv --with-system-zlib --with-gmp=/c/mingw492/prerequisites/i686-w64-mingw32-static --with-mpfr=/c/mingw492/prerequisites/i686-w64-mingw32-static --with-mpc=/c/mingw492/prerequisites/i686-w64-mingw32-static --with-isl=/c/mingw492/prerequisites/i686-w64-mingw32-static --with-cloog=/c/mingw492/prerequisites/i686-w64-mingw32-static --enable-cloog-backend=isl --with-pkgversion='i686-posix-dwarf-rev1, Built by MinGW-W64 project' --with-bugurl=http://sourceforge.net/projects/mingw-w64 CFLAGS='-O2 -pipe -I/c/mingw492/i686-492-posix-dwarf-rt_v3-rev1/mingw32/opt/include -I/c/mingw492/prerequisites/i686-zlib-static/include -I/c/mingw492/prerequisites/i686-w64-mingw32-static/include' CXXFLAGS='-O2 -pipe -I/c/mingw492/i686-492-posix-dwarf-rt_v3-rev1/mingw32/opt/include -I/c/mingw492/prerequisites/i686-zlib-static/include -I/c/mingw492/prerequisites/i686-w64-mingw32-static/include' CPPFLAGS= LDFLAGS='-pipe -L/c/mingw492/i686-492-posix-dwarf-rt_v3-rev1/mingw32/opt/lib -L/c/mingw492/prerequisites/i686-zlib-static/lib -L/c/mingw492/prerequisites/i686-w64-mingw32-static/lib -Wl,--large-address-aware'
Thread model: posix
gcc version 4.9.2 (i686-posix-dwarf-rev1, Built by MinGW-W64 project)

1 个答案:

答案 0 :(得分:0)

看来OPENSSL_NO_CMS是一个有效的预处理器宏。它用于大多数地方,但不是所有地方。使用OPENSSL_NO_CMS表示no-cms是有效选项。 (我似乎记得它一直是,但最好确保)。

现在打开OpenSSL问题跟踪器:Issue 3867, Configuring with no-cms and "undefined reference to CMS_SharedInfo_encode"

与此同时:

$ git diff crypto/dh/dh_kdf.c
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index a882cb286e..93381f02b8 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -55,7 +55,11 @@
 #include <openssl/dh.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
-#include <openssl/cms.h>
+#include <openssl/x509.h>
+
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif

 /* Key derivation from X9.42/RFC2631 */

但是,由于使用了dh_sharedinfo_encode(见crypto/dh/dh_kdf.c),CMS_SharedInfo_encode中出现了更大的问题:

gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -DOPENSSL_THREADS -D_REENTRANT -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o dh_kdf.o dh_kdf.c
dh_kdf.c: In function 'dh_sharedinfo_encode':
dh_kdf.c:122:14: warning: implicit declaration of function 'CMS_SharedInfo_encode' [-Wimplicit-function-declaration]
     derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
              ^~~~~~~~~~~~~~~~~~~~~

导致:

../libcrypto.a(dh_kdf.o): In function `DH_KDF_X9_42':
dh_kdf.c:(.text+0x180): undefined reference to `CMS_SharedInfo_encode'
collect2: error: ld returned 1 exit status
../Makefile.shared:164: recipe for target 'link_app.' failed
make[2]: *** [link_app.] Error 1
make[2]: Leaving directory '/home/openssl/apps'
Makefile:156: recipe for target 'openssl' failed
make[1]: *** [openssl] Error 2
make[1]: Leaving directory '/home/openssl/apps'
Makefile:293: recipe for target 'build_apps' failed
make: *** [build_apps] Error 1

看起来OpenSSL团队需要关注这个问题。