Build openssl with just RSA and AES
2013-07-01 21:32
295 查看
I'm using libcrypto.a (OpenSSL) with a project. By default all the algorithms are available under libcrypto.a. For the project i just need RSA, AES and SHA.
How I can build libcrypto.a with just those algorithms?
If you build OpenSSL by running the
you provide
an argument to exclude the cipher. Run
no options to see the available build options.
The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.
Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doing
Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies
are oversights by the developers.
This is how I build libcrypto.a with only MD5 and SHA:
I also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.
If I try to disable anything except RSA, AES and SHA I can not build the library it's generate
some errors because some functions are missing. I'm obliged to reactivate md5, dsa. N
a7ab
ow have some errors with BIO about some SSL functions missing. It's like openssl doesn't manage properly those no-* flags
I
was able to build it without anything except RSA, AES, SHA, and MD5. The RNG has a message digest dependency so I just picked MD5. I edited my answer with the details.
How I can build libcrypto.a with just those algorithms?
If you build OpenSSL by running the
configor
Configurescript,
you provide
no-<cipher>as
an argument to exclude the cipher. Run
Configurewith
no options to see the available build options.
The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.
Ciphers: no-idea -DOPENSSL_NO_IDEA no-aes -DOPENSSL_NO_AES no-camellia -DOPENSSL_NO_CAMELLIA no-seed -DOPENSSL_NO_SEED no-bf -DOPENSSL_NO_BF no-cast -DOPENSSL_NO_CAST no-des -DOPENSSL_NO_DES no-rc2 -DOPENSSL_NO_RC2 no-rc4 -DOPENSSL_NO_RC4 no-rc5 -DOPENSSL_NO_RC5 no-md2 -DOPENSSL_NO_MD2 no-md4 -DOPENSSL_NO_MD4 no-md5 -DOPENSSL_NO_MD5 no-sha -DOPENSSL_NO_SHA no-ripemd -DOPENSSL_NO_RIPEMD no-mdc2 -DOPENSSL_NO_MDC2 no-rsa -DOPENSSL_NO_RSA no-dsa -DOPENSSL_NO_DSA no-dh -DOPENSSL_NO_DH no-ec -DOPENSSL_NO_EC no-ecdsa -DOPENSSL_NO_ECDSA no-ecdh -DOPENSSL_NO_ECDH Non-cipher functionality: no-sock -DOPENSSL_NO_SOCK No socket code. no-ssl2 -DOPENSSL_NO_SSL2 No SSLv2. no-ssl3 -DOPENSSL_NO_SSL3 No SSLv3. no-err -DOPENSSL_NO_ERR No error strings. no-krb5 -DOPENSSL_NO_KRB5 No Kerberos v5. no-engine -DOPENSSL_NO_ENGINE No dynamic engines. no-hw -DOPENSSL_NO_HW No support for external hardware. Not documented: no-tlsext -DOPENSSL_NO_TLSEXT no-cms -DOPENSSL_NO_CMS no-jpake -DOPENSSL_NO_JPAKE no-capieng -DOPENSSL_NO_CAPIENG
Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doing
make all, you want to do
make build_cryptoso that it only builds libcrypto.a.
Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies
are oversights by the developers.
This is how I build libcrypto.a with only MD5 and SHA:
./config no-idea no-aes no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \ no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \ no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw make depend make build_crypto
I also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.
If I try to disable anything except RSA, AES and SHA I can not build the library it's generate
some errors because some functions are missing. I'm obliged to reactivate md5, dsa. N
a7ab
ow have some errors with BIO about some SSL functions missing. It's like openssl doesn't manage properly those no-* flags
I
was able to build it without anything except RSA, AES, SHA, and MD5. The RNG has a message digest dependency so I just picked MD5. I edited my answer with the details.
相关文章推荐
- build and install openssl with vc++
- Verify certificate with OPENSSL and CryptoAPI
- Understanding the Flex 4 Spark Component Architecture and how to Build Custom Components with the Flex 4 SDK
- Gradle学习之书籍《Build and Test with Gradle》之chapter2:Gradle task任务
- Build Your Own Video Community With Lighttpd And FlowPlayer (Debian Etch)
- Go Google: 20 Ways to Reach More Customers and Build Revenue with Google Business Tools
- 利用OpenSSL库对Socket传输进行安全加密(RSA+AES)
- tpcc-mysql: Simple usage steps and how to build graphs with gnuplot
- 利用OpenSSL库对Socket传输进行安全加密(RSA+AES)
- Use AES Encrypt And Decrypt With Custom Key( Expand AesCryptoServiceProvider Class)
- 使用openssl中的加密函数AES、RC4、RSA对文件加密的一个例子
- [Computer and Network Security] Programming with OpenSSL
- 使 JDK 支持 TLS_RSA_WITH_AES_256_CBC_SHA256 加密套件
- The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.
- 项目管理实践【五】自动编译和发布网站【Using Visual Studio with Source Control System to build and publish website autom
- static build openssl and openssh
- Build Web Server with Apache and Passenger
- Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0
- openssl RSA、AES、DES、MD5、SHA1,CA
- OpenSSL AES, RSA 算法加密本地文件