Qt development notes: Introduction to OpenSSL library, mingw32 version of OpenSSL compilation and modularization on windows

If the article is an original article, please indicate the original source for reprinting.
The blog address of this article: https://blog.csdn.net/qq21497936/article/details/117503951

Red Fatty (Red Imitation)'s blog post: development technology collection (including Qt practical technology, Raspberry Pi, 3D, OpenCV, OpenGL, ffmpeg, OSG, single-chip microcomputer, software and hardware combination, etc.) is being continuously updated... (click on the portal)

Qt Development Column: Tripartite Library Development Technology


Preface

The compilation of the mingw32 version of openssl on Windows is tricky, and OpenSSL itself does not provide support.


OpenSSL

Introduction

OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. This package is widely used in web servers on the Internet.
SSL is the abbreviation of Secure Sockets Layer (secure sockets layer protocol), which can provide confidential transmission on the Internet. When Netscape launched the first Web browser, it also proposed the SSL protocol standard. The goal is to ensure the confidentiality and reliability of the communication between the two applications, which can be supported on both the server side and the user side. It has become an industry standard for confidential communication on the Internet.
SSL can prevent the communication between the user/server application from being eavesdropped by attackers, and always authenticate the server, and optionally authenticate the user. The SSL protocol requires the establishment of a reliable transport layer protocol (TCP). The advantage of the SSL protocol is that it is independent of the application layer protocol, and high-level application layer protocols (such as HTTP, FTP, TELNET, etc.) can be transparently established on top of the SSL protocol. The SSL protocol has completed the encryption algorithm, communication key negotiation and server authentication before the application layer protocol communication. After that, the data transmitted by the application layer protocol will be encrypted to ensure the privacy of communication.

Features

Secure channel characteristics

  • Data Confidentiality
    Information encryption is to convert a clear-coded input file into an encrypted file with an encryption algorithm to achieve data confidentiality. The encryption process requires a key to encrypt the data and then decrypt it. Without the key, the encrypted data cannot be unlocked. After the data is encrypted, only the key must be transmitted in a secure way. Encrypted data can be transmitted publicly.
  • Data integrity
    encryption can also ensure data consistency. For example, the message authentication code (MAC) can verify the encrypted information provided by the user, and the receiver can use the MAC to verify the encrypted data to ensure that the data has not been tampered with during transmission.

  • Another use of security verification encryption is to be used as a personal identification, and the user's key can be used as his security verification identification. SSL is the use of public key encryption technology (RSA) as an encryption communication protocol between the client and the server when transmitting confidential information.
    OpenSSL includes a command line tool to complete all the functions in the OpenSSL library. Better yet, it may already be installed on your system.
    OpenSSL is a powerful secure socket layer cryptographic library. Apache uses it to encrypt HTTPS, and OpenSSH uses it to encrypt SSH. However, you should not only use it as a library, it is also a multi-purpose, cross-platform password. tool.

Open source features

Eric A. Young and Tim J. Hudson started writing the OpenSSL software package that had a huge impact since 1995. This is an open source software package without too many restrictions. Eric A. Young and Tim J. Hudson are Canadians. Later, after they became famous for writing OpenSSL, they went to big companies to make a lot of money. In 1998, the OpenSSL project team took over the development of OpenSSL and launched version 0.9.1 of OpenSSL. So far, the OpenSSL algorithm has been very complete and supports SSL2.0, SSL3.0 and TLS1.0.
OpenSSL uses the C language as the development language, which makes OpenSSL have excellent cross-platform performance, which is a very wonderful thing for the majority of technical personnel, and they can use the same familiar things on different platforms. OpenSSL supports Linux, Windows, BSD, Mac, VMS and other platforms, which makes OpenSSL has a wide range of applicability. But getting used to the C language is easier than rewriting a software package with the same functions as OpenSSL in C++.

Features

basic skills

The whole package of OpenSSL can be roughly divided into three main functional parts: SSL protocol library, application program and cryptographic algorithm library. The directory structure of OpenSSL is naturally planned around these three functional parts.
As a security development kit based on cryptography, OpenSSL provides quite powerful and comprehensive functions, including main cryptographic algorithms, commonly used key and certificate packaging management functions, and SSL protocol, and provides a wealth of applications for testing or other Purpose of use.

Accessibility

The BIO mechanism is a high-level IO interface provided by OpenSSL, which encapsulates almost all types of IO interfaces, such as memory access, file access, and Socket. This greatly improves the reusability of the code and reduces the complexity of the API provided by OpenSSL.
OpenSSL also provides a complete set of solutions and supporting API functions for the generation and management of random numbers. The quality of the random number is an important prerequisite for determining whether a key is safe.
OpenSSL also provides some other auxiliary functions, such as the API for generating keys from passwords, the configuration file mechanism in certificate issuance and management, and so on. If you have enough patience, you will slowly discover many such small features in the process of using OpenSSL in-depth, allowing you to constantly have new surprises.

algorithm

Key certificate management

Key and certificate management is an important part of PKI. OpenSSL provides rich functions for it and supports multiple standards.
First of all, OpenSSL implements ASN.1 certificate and key related standards, and provides DER, PEM, and BASE64 encoding and decoding functions for certificates, public keys, private keys, certificate requests, and CRLs. OpenSSL provides methods, functions, and applications for generating various public key pairs and symmetric keys, as well as DER encoding and decoding functions for public and private keys. And realized the private key PKCS#12 and PKCS#8 encoding and decoding functions. OpenSSL provides the encryption protection function for private keys in the standard, so that the keys can be stored and distributed safely.
On this basis, OpenSSL implements the X.509 standard encoding and decoding of certificates, the encoding and decoding of PKCS#12 format, and the encoding and decoding functions of PKCS#7. It also provides a text database that supports certificate management functions, including certificate key generation, request generation, certificate issuance, revocation, and verification functions.
In fact, the CA application provided by OpenSSL is a small certificate management center (CA), which implements the entire process of certificate issuance and most of the mechanisms of certificate management.
OpenSSL implements SSLv2 and SSLv3 of the SSL protocol, and supports most of the algorithm protocols. OpenSSL also implements TLSv1.0. TLS is a standardized version of SSLv3. Although the difference is not big, there are many details that are different after all.
Although there are already many softwares that implement the functions of OpenSSL, the SSL protocol implemented in OpenSSL allows us to have a clearer understanding of the SSL protocol, because there are at least two points: First, the SSL protocol implemented by OpenSSL is open source. , We can investigate every detail of the implementation of the SSL protocol; the second is that the SSL protocol implemented by OpenSSL is a pure SSL protocol, not combined with other protocols (such as HTTP), which clarifies the true face of the SSL protocol.

Symmetric encryption

OpenSSL provides a total of 8 symmetric encryption algorithms, 7 of which are block encryption algorithms, and the only stream encryption algorithm is RC4. The 7 block encryption algorithms are AES, DES, Blowfish, CAST, IDEA, RC2, RC5, all of which support electronic codebook mode (ECB), encrypted block link mode (CBC), encrypted feedback mode (CFB) and output feedback mode (OFB) Four commonly used block cipher encryption modes. Among them, the encryption feedback mode (CFB) and output feedback mode (OFB) used by AES have a packet length of 128 bits, while other algorithms use 64 bits. In fact, the DES algorithm is not only the commonly used DES algorithm, but also supports three keys and two key 3DES algorithms.

Asymmetric encryption

OpenSSL implements a total of 4 asymmetric encryption algorithms, including DH algorithm, RSA algorithm, DSA algorithm and elliptic curve algorithm (EC). The DH algorithm is generally used for key exchange. The RSA algorithm can be used for both key exchange and digital signature. Of course, if you can tolerate its slow speed, it can also be used for data encryption. The DSA algorithm is generally only used for digital signatures.
Information Digest
OpenSSL implements five information digest algorithms, namely MD2, MD5, MDC2, SHA (SHA1) and RIPEMD. The SHA algorithm actually includes two information digest algorithms, SHA and SHA1. In addition, OpenSSL also implements two information digest algorithms DSS and DSS1 specified in the DSS standard.


Download OpenSSL

Official website: http://distfiles.macports.org/openssl/

Insert picture description here


  CSDN: https://download.csdn.net/download/qq21497936/11537079
  QQ group: 1047134658 (click "File" and search for " openssl ", and the group will be synchronized with the blog post Update)

Compile OpenSSL

Install the Linux compilation environment msys under windows

Insert picture description here


Copy the mingw of qt and perl of the machine to the msys folder, and then add the path

Insert picture description here

Configure OpenSSL

The configuration installation path has been

Insert picture description here


Insert picture description here


stuck here for more than an hour, various reasons are found, it turns out that you need to use msys instead of msys2

Insert picture description here


Insert picture description here

Modify Makefile

Find the variable PERL in the top Makefile and
modify it directly as shown in the figure below:

Insert picture description here


Continue

Insert picture description here


to report errors after a long wait for mingw32-make.exe .

Insert picture description here


Look carefully at the application problem. The link library failure may be, but we need to
check the compiled library

Insert picture description here

Add configuration parameters

In fact, the lack of libraries in the test program compilation is a path inclusion problem. After many attempts, you still need to specify the path when config is required.

./config --prefix=/usr/local --openssldir=/usr/local/openssl

Compile

mingw32-make.exe install -j4

Successful compilation, compilation and installation process is very long, it is estimated twenty to thirty minutes

Insert picture description here


successfully compiled, this time in order to facilitate the extraction modify the library configuration is as follows

./config --prefix=/home/yang/complie/install  \
 --openssldir=/home/yang/complie/install/openssl

Try several times, there may be errors, multi-threading leads to some dependent errors

mingw32-make.exe install -j4

The final implementation of the proposal:

mingw32-make.exe install

After success is as follows:

Insert picture description here


you can test the following:

Mingw32-make.exe test
Insert picture description here


The time is also very long.

Install file structure packaging

The compiled library is a static library (note: I repeat it again, it is still a static library if the shared parameter is added during configuration).

Insert picture description here


Into the pit

Into the pit one: Perl call failed

Insert picture description here

Solution

Modify the Perl of the top-level Makefile.

Insert picture description here

Into the pit 2: The operating system type is wrong during configuration

Insert picture description here

Solution

由msys2更换为msys1.0。

Into the pit 3: Can not find the library definition when compiling

Insert picture description here

Solution

When configuring, you need to add 2 parameters.

Insert picture description here


If the article is an original article, please indicate the original source for reprinting.
The blog address of this article: https://blog.csdn.net/qq21497936/article/details/117503951