调用OpenSSL的PEM_write_PUBKEY || PEM_write_PrivateKey API 使程序突然退出并显示消息 "no OPENSSL_Applink"

Question

我正在尝试使用 OpenSSL 中的 EVP_* API，但在尝试从 EVP_PKEY 结构中转储公钥/私钥时遇到了奇怪的行为。

问题::填充 EVP_PKEY 结构后，在调用 PEM_write_PUBKEY API(请参阅 TRIAL1)时，程序退出。调用 PEM_write_PrivateKey API 时也会发生同样的情况(请参阅 TRIAL2)。

输出:我留下一个 temp.pem 0 字节文件，并在 cmd 提示符上显示一条消息，内容为 OPENSSL_Uplink(5D8C7000,08): no OPENSSL_Applink

#define TRIAL1

void InitOpenSSLLib(void)
{
    SSL_library_init();
    SSL_load_error_strings();
    OpenSSL_add_all_algorithms();
}

int main(int argc, char** argv)
{
    EVP_PKEY_CTX* ctx = NULL;
    EVP_PKEY* pKeyPair = EVP_PKEY_new();

    BIO *mem = BIO_new(BIO_s_mem());
    FILE* fp = fopen("temp.pem", "wb");

    InitOpenSSLLib();

    ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, 0);
    EVP_PKEY_keygen_init(ctx);
    EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
    EVP_PKEY_keygen(ctx, &pKeyPair);

    // Succeeds till here... all of the above called APIs return value greater than 0

#ifdef TRIAL1
    // Program exits even before printing any error
    if (PEM_write_PUBKEY(fp, pKeyPair) <= 0)
        printf("PEM_write_PUBKEY failed\n");
#elif TRIAL2
    // same behavior with this API too
    PEM_write_PrivateKey(fp, pKeyPair, NULL, NULL, 0, 0, NULL);
#endif
    // Tried this too.... but the control never reaches here
    fflush(fp);

    // Tried this too... most of the mem struct members are NULL.
    EVP_PKEY_print_private(mem, pKeyPair, 0, 0);

    //.... Cleanup codes
    fclose(fp);
    BIO_free_all(mem);

    return 0;
}

有什么指点吗？我在这里做错了什么吗？是否有其他方法将私钥/公钥或 PEM 格式对转储到文件中？

我使用的是 VC++ 2015。此外，按 Ctrl+F5 时，提示符会显示以下消息::OPENSSL_Uplink(5D8C7000,08): no OPENSSL_Applink

_{为 future 的开发者回答我自己的问题}

Answer 1

这里的关键问题是 OpenSSL 抛出的错误(读取、消息)，即没有 OPENSSL_Applink。

据记录here ,

As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL .DLLs compiled with some specific run-time option [we insist on the default /MD] can be deployed with application compiled with different option or even different compiler. But there is a catch! Instead of re-compiling OpenSSL toolkit, as you would have to with prior versions, you have to compile small C snippet with compiler and/or options of your choice. The snippet gets installed as /include/openssl/applink.c and should be either added to your application project or simply #include-d in one [and only one] of your application source files. Failure to link this shim module into your application manifests itself as fatal "no OPENSSL_Applink" run-time error. An explicit reminder is due that in this situation [mixing compiler options] it is as important to add CRYPTO_malloc_init prior first call to OpenSSL.

您应该检查 /MD 的编译选项(假设您知道 Code Generation 下的 VC++ Project Properties 选项)。

我也做了同样的事情，但我的问题仍然没有得到解决。答案是给出的链接的第二段[ https://www.openssl.org/docs/faq.html#PROG2] ，它指示我们包含 <install-root>/include/openssl/applink.c

Where to get this applink.c file if not found in openssl's dir?

就我而言，我使用 exe 二进制文件安装了 OpenSSL，但找不到这个特定的 applink.c文件在我的 <install-root> 中的任何位置，所以我开始寻找并找到了它 here on GitHub .

您所要做的就是将此文件作为源文件包含在您的项目中，或者最好将其保存在 openssl install-root 目录中，以便您也可以从同一位置将其包含在其他项目中。

// applink.c from https://github.com/openssl/openssl/blob/master/ms/applink.c
/*
 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#define APPLINK_STDIN   1
#define APPLINK_STDOUT  2
#define APPLINK_STDERR  3
#define APPLINK_FPRINTF 4
#define APPLINK_FGETS   5
#define APPLINK_FREAD   6
#define APPLINK_FWRITE  7
#define APPLINK_FSETMOD 8
#define APPLINK_FEOF    9
#define APPLINK_FCLOSE  10      /* should not be used */

#define APPLINK_FOPEN   11      /* solely for completeness */
#define APPLINK_FSEEK   12
#define APPLINK_FTELL   13
#define APPLINK_FFLUSH  14
#define APPLINK_FERROR  15
#define APPLINK_CLEARERR 16
#define APPLINK_FILENO  17      /* to be used with below */

#define APPLINK_OPEN    18      /* formally can't be used, as flags can vary */
#define APPLINK_READ    19
#define APPLINK_WRITE   20
#define APPLINK_LSEEK   21
#define APPLINK_CLOSE   22
#define APPLINK_MAX     22      /* always same as last macro */

#ifndef APPMACROS_ONLY
# include <stdio.h>
# include <io.h>
# include <fcntl.h>

static void *app_stdin(void)
{
    return stdin;
}

static void *app_stdout(void)
{
    return stdout;
}

static void *app_stderr(void)
{
    return stderr;
}

static int app_feof(FILE *fp)
{
    return feof(fp);
}

static int app_ferror(FILE *fp)
{
    return ferror(fp);
}

static void app_clearerr(FILE *fp)
{
    clearerr(fp);
}

static int app_fileno(FILE *fp)
{
    return _fileno(fp);
}

static int app_fsetmod(FILE *fp, char mod)
{
    return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
}

#ifdef __cplusplus
extern "C" {
#endif

__declspec(dllexport)
void **
# if defined(__BORLANDC__)
/*
 * __stdcall appears to be the only way to get the name
 * decoration right with Borland C. Otherwise it works
 * purely incidentally, as we pass no parameters.
 */
__stdcall
# else
__cdecl
# endif
OPENSSL_Applink(void)
{
    static int once = 1;
    static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
        { (void *)APPLINK_MAX };

    if (once) {
        OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
        OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
        OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
        OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
        OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
        OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
        OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
        OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
        OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
        OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;

        OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
        OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
        OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
        OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
        OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
        OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
        OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;

        OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
        OPENSSL_ApplinkTable[APPLINK_READ] = _read;
        OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
        OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
        OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;

        once = 0;
    }

    return OPENSSL_ApplinkTable;
}

#ifdef __cplusplus
}
#endif
#endif

就是这样，这将消除程序退出的奇怪行为。