linux已通過原始碼安裝openssl(假設安裝目錄為:/usr/local/openssl),目前php安裝時所指定的openssl未能支援國密演算法,若希望php也能實現國密演算法,則編譯安裝php時,需指定gmssl(而非openssl)。
gmssl-master.zip
),解壓縮至當前工作目錄
# unzip gmssl-master.zip# ./config --prefix=/usr/local/gmssl --openssldir=/usr/local/gmssl/ssl
# make
# make test
# make install
若在安裝過程**現:pod2man: command not found 錯誤資訊,請使用whereis pod2man命令檢視是否安裝了pod2man,否則執行yum-yinstall perl-podlators進行安裝(建議重灌,即先執行yum remove perl-podlators)。
# /usr/local/gmssl/bin/gmssl version
gmssl 2.0 - openssl 1.1.0d
執行gmssl命令後,出現:/usr/local/gmssl/bin/gmssl: relocation error: /usr/local/gmssl/bin/gmssl: symbol pbeparam_it, version openssl_1_1_0d not defined in file libcrypto.so.1.1 with link time reference 錯誤!gmssl的php擴充套件**位於源**中的的暫時解決方法如下:
(1)檢視gmssl依賴庫路徑:ldd /usr/local/gmssl/bin/gmssl
libssl.so.1.1 => /usr/local/openssl/lib/libssl.so.1.1 (0x00007fc91a5d0000)
libcrypto.so.1.1 => /usr/local/openssl/lib/libcrypto.so.1.1 (0x00007fc91a0ed000)
(2)把make後的兩個依賴庫拷貝到相應路徑(覆蓋原依賴檔案,即安裝openssl時所生成的libssl.so.1.1 及libcrypto.so.1.1 檔案,注意:這種方法會影響到用openssl的應用,以下操作請三思而後行!)
cd /usr/local/src/gmssl-master
cp libcrypto.so.1.1 /usr/local/openssl/lib/
cp libssl.so.1.1 /usr/local/openssl/lib/
php/ext/openssl目錄,php擴充套件需要和php源**目錄樹一起編譯,過程如下:
3、用gmssl的php/ext/openssl目錄替代php源**中的ext/openssl目錄;
4、編譯和安裝php(
centos7 php7.3安裝
);
!!!請注意!!!5、修改php配置檔案php的預設配置不編譯openssl擴充套件,需要顯式指--with-openssl才會編譯openssl擴充套件,而且,我們此處需要顯示指定gmssl,因此,在安裝php過程中,執行configure操作時,需這樣指定:./configure --with-openssl=/usr/local/gmssl --with-libdir=lib。
在編譯php過程中(執行make 或 make zend_extra_libs='-liconv'命令),若出現:"make: *** [ext/openssl/xp_ssl.lo] error 1"錯誤資訊,可嘗試安裝php7.1(親測php7.1.11安裝成功)而非php7.3。
php.ini啟用openssl擴充套件,即取消php.ini中extension=openssl前面的注釋。
可以通過php的phpinfo()函式確認openssl擴充套件已經啟用,通過ldd命令檢查php的二進位制程式呼叫了gmssl的動態庫而不是系統預設的openssl動態庫。
<?php
printf("versoin : %s\n", openssl_version_text);
$digests = openssl_get_md_methods(false);
echo "digests : ";
foreach ($digests as $digest)
echo "\n";
$ciphers = openssl_get_cipher_methods(false);
echo "ciphers : ";
foreach ($ciphers as $cipher)
echo "\n";
$curves = openssl_get_curve_names();
echo "curves : ";
foreach ($curves as $curve)
echo "\n";
echo "\n";
$msg = "abc";
printf("sm3(\"%s\") = %s\n", $msg, openssl_digest($msg, "sm3"));
$key = openssl_random_pseudo_bytes(16);
$ivlen = openssl_cipher_iv_length("sms4");
$iv = openssl_random_pseudo_bytes($ivlen);
$plaintext = "message to be encrypted";
$ciphertext = openssl_encrypt($plaintext, "sms4", $key, $options=0, $iv);
$original_plaintext = openssl_decrypt($ciphertext, "sms4", $key, $options=0, $iv);
printf("sms4enc(\"%s\") = %s\n", $plaintext, bin2hex($ciphertext));
printf("sms4dec(%s) = \"%s\"\n", bin2hex($ciphertext), $original_plaintext);
#$pubkey = openssl_pkey_get_public("file:");
#$prikey = openssl_pkey_get_private("file:");
$prikey = openssl_pkey_new(array("private_key_type" => openssl_keytype_ec, "curve_name" => "sm2p256v1"));
openssl_pkey_export($prikey, $prikeypem);
echo $prikeypem;
$pubkeypem = openssl_pkey_get_details($prikey)["key"];
echo $pubkeypem;
$pubkey = openssl_pkey_get_public($pubkeypem);
$point = openssl_pkey_get_details($pubkey)["ec"];
printf("sm2 public key: (%s, %s)\n", bin2hex($point["x"]), bin2hex($point["y"]));
$ec = openssl_pkey_get_details($prikey)["ec"];
printf("sm2 private key: %s\n", bin2hex($ec["d"]));
openssl_sign($msg, $signature, $prikey, "sm3");
$ok = openssl_verify($msg, $signature, $pubkey, openssl_algo_sm3);
printf("sm2sign(\"%s\") = %s\n", $msg, bin2hex($signature));
printf("sm2verify(\"%s\", %s) = %s\n", $msg, bin2hex($signature), $ok ? "ok" : "failure");
openssl_seal($plaintext, $sealed, $ekeys, array($pubkey), "sms4", $iv);
openssl_open($sealed, $opened, $ekeys[0], $prikey, "sms4", $iv);
printf("sm2seal(\"%s\") = %s\n", $plaintext, bin2hex($sealed));
printf("sm2open(%s) = \"%s\"\n", bin2hex($sealed), $opened);
?>
CentOS 7 編譯安裝 PHP 7
使用編譯的方式來安裝 php 7。輸入yum y install libxml2 libxml2 devel openssl openssl devel curl devel libjpeg devel libpng devel freetype devel libmcrypt devel mhas...
CentOS 7 編譯安裝 PHP 7
使用編譯的方式來安裝 php 7。輸入yum y install libxml2 libxml2 devel openssl openssl devel curl devel libjpeg devel libpng devel freetype devel libmcrypt devel mhas...
Centos7 編譯安裝PHP7
centos7 編譯安裝php7 yum groupinstall development tools 2 安裝依賴包 yum install libxml2 libxml2 devel openssl openssl devel bzip2 bzip2 devel libcurl libcurl ...