官网openssl-3.0.2.tar.gz版本源码:链接:https://pan.baidu.com/s/1iEv2X_99X3p3jyQnOx1C8g?
提取码:61x9
使用过的源码:链接:https://pan.baidu.com/s/1l5WcdyeeTypxLDapuXV2Mg?
提取码:xth1
生成的openssl:链接:https://pan.baidu.com/s/1rIUIT1o8y_h1L0O7hsCKrA?
提取码:8ct2
编译的脚本文件:
./Configure linux-generic32 \
no-asm \
shared \
no-async \
--with-rand-seed=devrandom \
--prefix=/opt/TestOpenSSL/openssl-build/openssl-generic32 \
CROSS_COMPILE=/opt/arm-2014/bin/arm-none-linux-gnueabi- \
CC=gcc
make -j8
make install -j8其中:
linux-generic32:32位的版本运行
no-asm:不使用汇编代码
shared:生成动态连接库
no-async:非异步,交叉工具链没有提供GNU C的ucontext库时使用此选项
--with-rand-seed=devrandom:使用随机数生成的设备"/dev/urandom","/dev/random","/dev/srandom"
--prefix=/opt/TestOpenSSL/openssl-build/openssl-generic32:生成目录
CROSS_COMPILE=/opt/arm-2014/bin/arm-none-linux-gnueabi-:交叉编译器路径
CC=gcc:指定gcc编译
make -j8
make install -j8注意,由于我是使用RSA加密,所以会用到随机数生成,一开始我没有指定这一句话,我进行openssl移植测试命令./openssl speed rsa1024,程序迟迟不见返回,也未结束,使用strace跟踪后发现是打开/dev/random,之后select后阻塞了,然后我打开源码调试后发现,程序阻塞在路径:
rsa_ossl.c开始:
rsa_ossl_public_encrypt
->ossl_rsa_padding_add_PKCS1_type_2_ex
->RAND_bytes_ex
->RAND_get0_public
->RAND_get0_primary
->rand_new_drbg
->EVP_RAND_instantiate
->evp_rand_instantiate_locked所以我去看了一下install.md,其中写道
Seeding the Random Generator
----------------------------
--with-rand-seed=seed1[,seed2,...]
A comma separated list of seeding methods which will be tried by OpenSSL
in order to obtain random input (a.k.a "entropy") for seeding its
cryptographically secure random number generator (CSPRNG).
The current seeding methods are:
### os
Use a trusted operating system entropy source.
This is the default method if such an entropy source exists.
### getrandom
Use the [getrandom(2)][man-getrandom] or equivalent system call.
[man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html
### devrandom
Use the first device from the `DEVRANDOM` list which can be opened to read
random bytes. The `DEVRANDOM` preprocessor constant expands to
"/dev/urandom","/dev/random","/dev/srandom"
on most unix-ish operating systems.
### egd
Check for an entropy generating daemon.
This source is ignored by the FIPS provider.
### rdcpu
Use the `RDSEED` or `RDRAND` command if provided by the CPU.
### librandom
Use librandom (not implemented yet).
This source is ignored by the FIPS provider.
### none
Disable automatic seeding. This is the default on some operating systems where
no suitable entropy source exists, or no support for it is implemented yet.
This option is ignored by the FIPS provider.
For more information, see the section [Notes on random number generation][rng]
at the end of this document.
这个默认不配置,所以默认情况应该是--with-rand-seed=os,由操作系统分配,使用的是/dev/random,按理说是最好的选择,
- /dev/random 是真随机数生成器,它会消耗熵值来产生随机数,同时在熵耗尽的情况下会阻塞,直到有新的熵生成.
- /dev/urandom 是伪随机数生成器,它根据一个初始的随机种子(这个种子来源就是熵池中的熵)来产生一系列的伪随机数,而并不会在熵耗尽的情况下阻塞。
熵池就是系统当前的环境噪音,环境噪音的来源很多,键盘的输入、鼠标的移动、内存的使用、文件的使用量、进程数量等等。当系统的熵不够大的时候,则系统产生的随机数随机效果就不是很好,也就是说更容易被人猜测出来。
由于我们使用的是random,又没有输入、鼠标、内存的使用,所以在一开始的时候就会阻塞,但是如果此时你开始点击屏幕,开始进行U盘的导入导出,扩大熵池,那么程序将没有问题,为了避免程序异常,所以只能切换成--with-rand-seed=devrandom,然后再去运行一切正常
Qt代码调用:
与windows一致,只需要重新修改一下lcrypto和lssl的路径
