我正在使用支持 FIPS 的 OpenSSL。源代码被隔离,无法更改。
要链接到 OpenSSL 库的静态版本,我们需要做的就是:
export FIPS_SIG=`find /usr/local/ssl -iname incore`
export CC=`find /usr/local/ssl -iname fipsld`
export FIPSLS_CC=`find /usr/bin -iname gcc`
然后,简单地执行:
$CC $CFLAGS <sources> -o myprogram <openssl libs>
旋转的原因是 OpenSSL 将插入一个额外的源文件 - fips_premain.c
- 并使用程序源编译它。 (发生了一些额外的步骤,但 fips_premain.c
的编译是相关步骤)。
但是,当使用g++
时,有几个符号是未定义的,因为它们是在安装OpenSSL时用C编译器编译的,而g++在调用时找不到它们:
/tmp/fips_premain-20db15.o: In function `FINGERPRINT_premain()':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `FIPS_text_start()'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `FIPS_incore_fingerprint(unsigned char*, unsigned int)'
如果我添加 --no-demangle
链接器选项,输出如下:
/tmp/fips_premain-be4611.o: In function `_Z19FINGERPRINT_premainv':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `_Z15FIPS_text_startv'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `_Z23FIPS_incore_fingerprintPhj'
以下是 fips_premain.c
中感兴趣的行(第 85 行左右):
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
extern unsigned char FIPS_signature[20];
extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
有没有办法从命令行将符号标记为 extern "C"
?
最佳答案
在编译命令行上的文件之前使用 g++
提供 -x c
开关将强制将其编译为 C 文件而不是默认的 C++。
来自Fipsld and C++页面:
Open fipsld++ and find occurrences where fips_premain.c is compiled. It is compiled through the variable {PREMAIN_C} ...
Change the lines so that -x c preceeds "${PREMAIN_C}", and -x none follows it.
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
-x c "${PREMAIN_C}" -x none \
${_WL_PREMAIN} "$@"
Forcing C compilation on fips_premain.c applies to all configurations (libraries, shared objects, and executables), so you are safe to apply it to all sections of fipsld++.
关于c++ - 添加 "extern C"作为符号的编译器选项?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22248074/