仅使用RSA和AES构建openssl [英] Build openssl with just RSA and AES

问题描述

我正在将libcrypto.a(OpenSSL)用于一个项目.默认情况下，所有算法都在libcrypto.a下可用.对于该项目，我只需要RSA，AES和SHA.

I'm using libcrypto.a (OpenSSL) with a project. By default all the algorithms are available under libcrypto.a. For the project i just need RSA, AES and SHA.

我如何仅使用这些算法来构建libcrypto.a?

How I can build libcrypto.a with just those algorithms?

推荐答案

如果通过运行config或Configure脚本来构建OpenSSL，则需要提供no-<cipher>作为排除密码的参数.运行不带任何选项的Configure来查看可用的构建选项.

If you build OpenSSL by running the config or Configure script, you provide no-<cipher> as an argument to exclude the cipher. Run Configure with no options to see the available build options.

配置脚本将这些参数转换为预处理器的选项.以下是您在编译时可以禁用的几乎所有内容的列表.首先是配置脚本参数，然后是将其转换为编译器参数.

The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.

Ciphers:

no-idea       -DOPENSSL_NO_IDEA
no-aes        -DOPENSSL_NO_AES
no-camellia   -DOPENSSL_NO_CAMELLIA
no-seed       -DOPENSSL_NO_SEED
no-bf         -DOPENSSL_NO_BF
no-cast       -DOPENSSL_NO_CAST
no-des        -DOPENSSL_NO_DES
no-rc2        -DOPENSSL_NO_RC2
no-rc4        -DOPENSSL_NO_RC4
no-rc5        -DOPENSSL_NO_RC5

no-md2        -DOPENSSL_NO_MD2
no-md4        -DOPENSSL_NO_MD4
no-md5        -DOPENSSL_NO_MD5
no-sha        -DOPENSSL_NO_SHA
no-ripemd     -DOPENSSL_NO_RIPEMD
no-mdc2       -DOPENSSL_NO_MDC2

no-rsa        -DOPENSSL_NO_RSA
no-dsa        -DOPENSSL_NO_DSA
no-dh         -DOPENSSL_NO_DH

no-ec         -DOPENSSL_NO_EC
no-ecdsa      -DOPENSSL_NO_ECDSA
no-ecdh       -DOPENSSL_NO_ECDH

Non-cipher functionality:

no-sock       -DOPENSSL_NO_SOCK         No socket code.
no-ssl2       -DOPENSSL_NO_SSL2         No SSLv2.
no-ssl3       -DOPENSSL_NO_SSL3         No SSLv3.
no-err        -DOPENSSL_NO_ERR          No error strings.
no-krb5       -DOPENSSL_NO_KRB5         No Kerberos v5.
no-engine     -DOPENSSL_NO_ENGINE       No dynamic engines.
no-hw         -DOPENSSL_NO_HW           No support for external hardware.

Not documented:

no-tlsext     -DOPENSSL_NO_TLSEXT
no-cms        -DOPENSSL_NO_CMS
no-jpake      -DOPENSSL_NO_JPAKE
no-capieng    -DOPENSSL_NO_CAPIENG

请注意，有些东西具有依赖性.例如，您无法在没有密码和摘要算法的情况下构建SSL库，因为SSL和TLS协议要求它们.因此，您不想执行make all，而是想执行make build_crypto，以便仅构建libcrypto.a.

Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doing make all, you want to do make build_crypto so that it only builds libcrypto.a.

通过实验，我发现(在OpenSSL 0.9.8r中)libcrypto具有2种算法依赖性:MD5用于随机数生成器的算法(在crypto/rand_lib.c中)和SHA-1用于打印证书哈希(在crypto/asn1/t_x509.c).我会说这些依赖关系是开发人员的疏忽.

Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies are oversights by the developers.

这就是我仅使用MD5和SHA构建libcrypto.a的方式:

This is how I build libcrypto.a with only MD5 and SHA:

./config no-idea no-aes no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \
no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \
no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw
make depend
make build_crypto

我也成功地使用了AES，RSA，SHA和MD5以外的所有内容来构建它.

I also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.

这篇关于仅使用RSA和AES构建openssl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！