文章目录
-
- [openssl3.2 - 编译 - 编译时的动态库zlib.dll不要使用绝对路径](#openssl3.2 - 编译 - 编译时的动态库zlib.dll不要使用绝对路径)
- 概述
- 测试zlib特性在安装好的目录中是否正常
- 笔记
- 70-test_tls13certcomp.t
- 80-test_cms.t
- 对测试环境的猜测
- 从头再编译测试安装一次
- 测试一下随便改变位置的openssl用到zlib时是否好使
- 测试一下随便改变位置的openssl未找到zlib.dll时是否报错
- 总结
- END
openssl3.2 - 编译 - 编译时的动态库zlib.dll不要使用绝对路径
概述
前面编译了openssl3.2(openssl3.2 - 编译), 编译命令行中使用加ZLIB特性时, 使用了绝对路径, 如下:
bash
打开vs2019x64本地命令行, 选择管理员身份运行
set path=c:\nasm;%path%
cd /d D:\3rd_prj\crypt\openssl-3.2.0
perl Configure VC-WIN64A --debug zlib-dynamic --with-zlib-include=c:\zlib_1d3 --with-zlib-lib=c:\zlib_1d3\my_zlib_1d3.dll --prefix=c:\openssl_3d2 --openssldir=c:\openssl_3d2\common
nmake
nmake test
nmake install如果在本机做实验没问题.
前几天, 为了归档方便, 将openssl安装好的路径移动到归档目录中.
再运行openssl和zlib相关的功能, 就有报错提示, 说找不到 c:\zlib_1d3\my_zlib_1d3.dll
这样就没法在其他计算机上用啊.
尝试将在openssl编译时用的zlib.dll指定为相对路径 e.g. .\my_zlib_1d3.dll
将my_zlib_1d3.dll拷贝到openssl源码目录.\下
再编译(config , nmake), 然后在nmake test时, 报错如下:
bash
07-test_bio_comp.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
70-test_tls13certcomp.t (Wstat: 5632 Tests: 1 Failed: 0)
Non-zero exit status: 22
Parse errors: Bad plan. You planned 8 tests but ran 1.
75-test_quicapi.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
80-test_cms.t (Wstat: 256 Tests: 22 Failed: 1)
Failed test: 5
Non-zero exit status: 1
80-test_ssl_new.t (Wstat: 1280 Tests: 31 Failed: 5)
Failed tests: 4, 20, 22, 26, 31
Non-zero exit status: 5
80-test_ssl_old.t (Wstat: 512 Tests: 7 Failed: 2)
Failed tests: 2-3
Non-zero exit status: 2
90-test_cert_comp.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
90-test_rpk.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4)
Failed tests: 1-4
Non-zero exit status: 4
90-test_sslapi.t (Wstat: 256 Tests: 4 Failed: 1)
Failed test: 1
Non-zero exit status: 1
Files=294, Tests=3411, 1091 wallclock secs ( 5.14 usr + 1.11 sys = 6.25 CPU)
Result: FAIL
NMAKE : fatal error U1077: "cmd": 返回代码"0x1"
Stop.
NMAKE : fatal error U1077: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\HostX64\x64\nmake.exe"": 返回代码"0x2"
Stop.看了bio_comp_test.c, 有和zlib相关的函数调用.
再将my_zlib_1d3.dll拷贝到bio_comp_test.exe所在的.\test目录下, 再运行nmake test, 还是有报错, 如下:
bash
70-test_tls13certcomp.t (Wstat: 5632 Tests: 1 Failed: 0)
Non-zero exit status: 22
Parse errors: Bad plan. You planned 8 tests but ran 1.
80-test_cms.t (Wstat: 256 Tests: 22 Failed: 1)
Failed test: 5
Non-zero exit status: 1
Files=294, Tests=3411, 1069 wallclock secs ( 5.56 usr + 1.08 sys = 6.64 CPU)
Result: FAIL
NMAKE : fatal error U1077: "cmd": 返回代码"0x1"
Stop.
NMAKE : fatal error U1077: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\HostX64\x64\nmake.exe"": 返回代码"0x2"
Stop.这2个.t看不太懂. 估计也是和zlib库位置相关.
准备安装后(nmake install)后, 再手工测试一下, zlib特性是否正常.
安装后的目录c:\openssl_3d2拷贝到 D:\my_dev\lib\openssl_3d2, 看到.bin目录中没有my_zlib_1d3.dll, 自己补了一个.
怪不得网上资料, 大部分openssl编译都是用的zlib静态库, 原来openssl用动态库这么麻烦.
测试zlib特性在安装好的目录中是否正常
在安装后, 拷贝的目录(D:\my_dev\lib\openssl_3d2)中来测试.
先在源码编译目录(D:\3rd_prj\crypt\openssl-3.2.0)记录一下测试的日志
bash
nmake test > my_log_nmake_test.txt 2>&1然后根据日志, 在安装拷贝完的目录(D:\my_dev\lib\openssl_3d2)中模拟报错的测试日志做测试.
笔记
只能在openssl源码目录中测试.
从日志中看到了测试的命令行, 整理了一个脚本
bash
rem my_nmake_test.bat
cmd /C "set "SRCTOP=." & set "BLDTOP=." & set "PERL=C:\Perl\bin\perl.exe" & set "FIPSKEY=f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" & "C:\Perl\bin\perl.exe" ".\test\run_tests.pl" "这个脚本依赖环境和配置, 在安装后的目录, 测试失败. 必须在源码编译目录运行.
将test目录压缩备份, 然后将test目录中, 只有70-test_tls13certcomp.t/80-test_cms.t, 来单独测试
因为安装前的openssl.exe在 D:\3rd_prj\crypt\openssl-3.2.0\apps
将my_zlib_1d3.dll拷贝到D:\3rd_prj\crypt\openssl-3.2.0\apps
将test目录压缩备份.
将 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes 目录改名为 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes_
然后新建一个目录 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes作为测试目录
70-test_tls13certcomp.t
将recipes_中的70-test_tls13certcomp.t拷贝到 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes
现在 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes目录中只有70-test_tls13certcomp.t
将 my_nmake_test.bat 拷贝到D:\3rd_prj\crypt\openssl-3.2.0, 运行 my_nmake_test.bat
bash
D:\3rd_prj\crypt\openssl-3.2.0>my_nmake_test.bat
D:\3rd_prj\crypt\openssl-3.2.0>rem my_nmake_test.bat
D:\3rd_prj\crypt\openssl-3.2.0>cmd /C "set "SRCTOP=." & set "BLDTOP=." & set "PERL=C:\Perl\bin\perl.exe" & set "FIPSKEY=f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" & "C:\Perl\bin\perl.exe" ".\test\run_tests.pl" "
Files=0, Tests=0, 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU)
Result: NOTESTS
70-test_tls13certcomp.t .. ok
All tests successful.
Files=1, Tests=8, 19 wallclock secs ( 0.09 usr + 0.00 sys = 0.09 CPU)
Result: PASS
D:\3rd_prj\crypt\openssl-3.2.0>可以看到, 在安装完后, 单独测试70-test_tls13certcomp.t是通过的.
80-test_cms.t
将 D:\3rd_prj\crypt\openssl-3.2.0\test\recipes中的70-test_tls13certcomp.t删掉.
将备份目录D:\3rd_prj\crypt\openssl-3.2.0\test\recipes_中关于80-test_cms.t相关的东西拷贝过来, 如下
然后在源码编译的根目录运行 my_nmake_test.bat
bash
D:\3rd_prj\crypt\openssl-3.2.0>my_nmake_test.bat
D:\3rd_prj\crypt\openssl-3.2.0>rem my_nmake_test.bat
D:\3rd_prj\crypt\openssl-3.2.0>cmd /C "set "SRCTOP=." & set "BLDTOP=." & set "PERL=C:\Perl\bin\perl.exe" & set "FIPSKEY=f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" & "C:\Perl\bin\perl.exe" ".\test\run_tests.pl" "
Files=0, Tests=0, 0 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU)
Result: NOTESTS
80-test_cms.t .. ok
All tests successful.
Files=1, Tests=22, 19 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU)
Result: PASS
D:\3rd_prj\crypt\openssl-3.2.0>可以看到, 单独测试也是成功的.
对测试环境的猜测
单独测试成功
在编译环境中nmake test失败.
比对一下, 可以发现, 区别是我现在手工拷贝了my_zlib_1d3.dll拷贝到D:\3rd_prj\crypt\openssl-3.2.0\apps
因为未安装前的openssl相关的exe和dll都在my_zlib_1d3.dll拷贝到D:\3rd_prj\crypt\openssl-3.2.0\apps
apps目录中的openssl相关的exe, dll因为依赖my_zlib_1d3.dll, 所以必须要手工拷贝过去, 才能让openssl相关接口运行正常.
那现在直接在源码编译目录运行nmake test, 试试, 应该也是能全部测试通过的.
试试
将备份的D:\3rd_prj\crypt\openssl-3.2.0\test\recipes复原, 里面包含原始的所有测试用例.
bash
D:\3rd_prj\crypt\openssl-3.2.0>nmake test
// ...
99-test_fuzz_server.t ................... ok
99-test_fuzz_smime.t .................... ok
99-test_fuzz_v3name.t ................... ok
99-test_fuzz_x509.t ..................... ok
All tests successful.
Files=294, Tests=3418, 1009 wallclock secs ( 5.88 usr + 1.17 sys = 7.05 CPU)
Result: PASS
D:\3rd_prj\crypt\openssl-3.2.0>全部测试通过.
果真和自己想的一样, 就是\app目录中, 没有my_zlib_1d3.dll引起的测试失败.
从头再编译测试安装一次
bash
解开官方源码包
打开vs2019x64本地命令行, 选择管理员身份运行
cd /d D:\3rd_prj\crypt\openssl-3.2.0
set path=c:\nasm;%path%
perl Configure VC-WIN64A --debug zlib-dynamic --with-zlib-include=D:\my_dev\lib\zlib_1d3 --with-zlib-lib=.\my_zlib_1d3.dll --prefix=c:\openssl_3d2 --openssldir=c:\openssl_3d2\common
nmake此时, nmake已经完成.
查一下*.dll的位置, 主要是看libcrypto-3-x64.dll在哪些目录中
可以看出, 主要是4个目录
bash
.\
.\apps
.\fuzz
.\test将自己的zlib.dll拷贝到这4个目录
对于我自己的环境, 拷贝情况如下:
bash
D:\my_dev\lib\zlib_1d3\my_zlib_1d3.dll => D:\3rd_prj\crypt\openssl-3.2.0\my_zlib_1d3.dll
D:\my_dev\lib\zlib_1d3\my_zlib_1d3.dll => D:\3rd_prj\crypt\openssl-3.2.0\apps\my_zlib_1d3.dll
D:\my_dev\lib\zlib_1d3\my_zlib_1d3.dll => D:\3rd_prj\crypt\openssl-3.2.0\fuzz\my_zlib_1d3.dll
D:\my_dev\lib\zlib_1d3\my_zlib_1d3.dll => D:\3rd_prj\crypt\openssl-3.2.0\test\my_zlib_1d3.dll然后继续openssl的测试和安装
bash
nmake test
// ...
99-test_fuzz_x509.t ..................... ok
All tests successful.
Files=294, Tests=3418, 990 wallclock secs ( 6.36 usr + 0.97 sys = 7.33 CPU)
Result: PASSopenssl测试全部通过, 猜测是正确的.
在使用openssl之前, 必须将依赖的dll(e.g. zlib.dll)摆对位置.
开始安装
bash
nmake install安装完成后, 搜索*.dll, 可以看到依赖的dll(e.g. zlib.dll)没有被拷贝过来.
手工拷贝zlib.dll到安装后的bin目录.
bash
D:\my_dev\lib\zlib_1d3\my_zlib_1d3.dll => C:\openssl_3d2\bin\my_zlib_1d3.dll
现在可以将安装好的openssl发布目录C:\openssl_3d2剪切到自己的库目录了 => D:\my_dev\lib\openssl_3d2
测试一下随便改变位置的openssl用到zlib时是否好使
就用普通的cmd窗口.
bash
cd /d D:\my_dev\lib\openssl_3d2\bin
openssl zlib -list
// 下面是输出
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes128-wrap-pad
-aes192 -aes192-wrap -aes192-wrap-pad
-aes256 -aes256-wrap -aes256-wrap-pad
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -idea -idea-cbc
-idea-cfb -idea-ecb -idea-ofb
-rc2 -rc2-128 -rc2-40
-rc2-40-cbc -rc2-64 -rc2-64-cbc
-rc2-cbc -rc2-cfb -rc2-ecb
-rc2-ofb -rc4 -rc4-40
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb -sm4
-sm4-cbc -sm4-cfb -sm4-ctr
-sm4-ecb -sm4-ofb可以看到没有报错, 说明openssl依赖的zlib.dll是正常的.
测试一下随便改变位置的openssl未找到zlib.dll时是否报错
将my_zlib_1d3.dll改个名字, 将后缀加个'_'
用 openssl zlib -list 命令行再测试一下.
bash
D:\my_dev\lib\openssl_3d2\bin>openssl zlib -list
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes128-wrap-pad
-aes192 -aes192-wrap -aes192-wrap-pad
-aes256 -aes256-wrap -aes256-wrap-pad
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -idea -idea-cbc
-idea-cfb -idea-ecb -idea-ofb
-rc2 -rc2-128 -rc2-40
-rc2-40-cbc -rc2-64 -rc2-64-cbc
-rc2-cbc -rc2-cfb -rc2-ecb
-rc2-ofb -rc4 -rc4-40
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb -sm4
-sm4-cbc -sm4-cfb -sm4-ctr
-sm4-ecb -sm4-ofb
D4B80400:error:12800067:DSO support routines:win32_load:could not load the shared library:crypto\dso\dso_win32.c:108:filename(.\\my_zlib_1d3.dll)
D4B80400:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto\dso\dso_lib.c:147:
D:\my_dev\lib\openssl_3d2\bin>可以看到有报错, 说没有找到'.\my_zlib_1d3.dll'
总结
这说明让openssl编译选项中的动态依赖的dll为.\x.dll, 是比较好的方法.
只要openssl的组件和依赖的dll同目录时, 就可以让编译完的openssl输出的组件随意变动位置, 都可以正常运行.