• Windows下编译OpenSSL


    推荐两篇都可以编译完成:

    openssl-1.0.2m.tar.gz

    http://blog.csdn.net/liang19890820/article/details/51658574

    openssl-1.0.2n.tar.gz

    http://blog.csdn.net/haolovekun/article/details/78781557

    备份一下:

    系统:windows 7 x64

    openssl版本:openssl-1.0.2n.tar.gz

    编译器:vs2015

    1、下载安装perl

       1)下载路径:

       http://www.activestate.com/activeperl/downloads/

    2)测试:

    进入perl安装目录的eg文件夹,执行“perl example.pl”若显示“Hello from ActivePerl!”,则说明Perl安装成功。如下图所示:

     

    2、下载openssl源码

    1)下载路径:

    http://www.openssl.org/source/

    下载好文件,压缩包解压到c盘openssl文件夹

    2)运行“VS2015 开发人员命令提示“进入C盘下openssl目录运行perl Configure VC-WIN32 no-asm

     

    3)运行命令 msdo_ms.bat

     

    4)运行命令 nmake -f ms tdll.mak

    编译时报错:

     

    解决方法:

    用VS2015打开C:opensslssl目录下的bad_dtls_test.c文件

    然后选择文件->高级保存选项 把编码改成    Unicode -代码页 1200

     

    点击确定,然后保存文件,在重新输入  nmake -f ms tdll.mak 编译成功

     

    5)在运行命令 nmake -f ms t.mak

    编译成功:

     

    以上openssl已经编译成功了,可以用一下命令进行测试以及清除:

        测试动态库:
        nmake -f ms tdll.mak test

        测试静态库:
        nmake -f ms t.mak test

        安装动态库:
        nmake -f ms tdll.mak install

        安装静态库:
        nmake -f ms t.mak install

        清除上次动态库的编译,以便重新编译:
        nmake -f ms tdll.mak clean

        清除上次静态库的编译,以便重新编译:
        nmake -f ms t.mak clean

     ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

     注意:项目中使用OpenSSL的静态链接库则需要生成no-asm的静态链接库,否则可能一运行就崩溃

    #pragma comment(lib, "libeay32.lib")
    #pragma comment(lib, "ssleay32.lib")

    如果编译过程中还有其他的问题,多百度一下

    其中n是最新的,是m的修复几个漏洞的版本具体可以查看CHANGES文件

    Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
    
      *) Read/write after SSL object in error state
    
         OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
         mechanism. The intent was that if a fatal error occurred during a handshake
         then OpenSSL would move into the error state and would immediately fail if
         you attempted to continue the handshake. This works as designed for the
         explicit handshake functions (SSL_do_handshake(), SSL_accept() and
         SSL_connect()), however due to a bug it does not work correctly if
         SSL_read() or SSL_write() is called directly. In that scenario, if the
         handshake fails then a fatal error will be returned in the initial function
         call. If SSL_read()/SSL_write() is subsequently called by the application
         for the same SSL object then it will succeed and the data is passed without
         being decrypted/encrypted directly from the SSL/TLS record layer.
    
         In order to exploit this issue an application bug would have to be present
         that resulted in a call to SSL_read()/SSL_write() being issued after having
         already received a fatal error.
    
         This issue was reported to OpenSSL by David Benjamin (Google).
         (CVE-2017-3737)
         [Matt Caswell]
    
      *) rsaz_1024_mul_avx2 overflow bug on x86_64
    
         There is an overflow bug in the AVX2 Montgomery multiplication procedure
         used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
         Analysis suggests that attacks against RSA and DSA as a result of this
         defect would be very difficult to perform and are not believed likely.
         Attacks against DH1024 are considered just feasible, because most of the
         work necessary to deduce information about a private key may be performed
         offline. The amount of resources required for such an attack would be
         significant. However, for an attack on TLS to be meaningful, the server
         would have to share the DH1024 private key among multiple clients, which is
         no longer an option since CVE-2016-0701.
    
         This only affects processors that support the AVX2 but not ADX extensions
         like Intel Haswell (4th generation).
    
         This issue was reported to OpenSSL by David Benjamin (Google). The issue
         was originally found via the OSS-Fuzz project.
         (CVE-2017-3738)
         [Andy Polyakov]
  • 相关阅读:
    何为受控组件(controlled component)
    (组件的)状态(state)和属性(props)之间有何不同
    类组件(Class component)和函数式组件(Functional component)之间有何不同
    [翻译] FSLineChart
    [翻译] DXPopover
    [翻译] LTInfiniteScrollView
    设计模式
    [翻译] LLSimpleCamera
    [翻译] VLDContextSheet
    将Model对象转换成json文本或者json二进制文件
  • 原文地址:https://www.cnblogs.com/aliflycoris/p/8435135.html
Copyright © 2020-2023  润新知