[openssl-users] Problem compiling EVP_aes_128_gcm()

Wed May 3 15:16:03 UTC 2017

In the same way. This is the first time I'm checking the code on my CentOS
machine.

On 3 May 2017 at 18:13, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 03/05/17 16:10, Lior Koskas wrote:
> > I checked the evp.h file in the path /usr/local/include and indeed it's
> > not contain any gcm functions.
> > I installed openssl via yum install openssl-devel in the past.
>
> So, how did you install OpenSSL this time?
>
> Matt
>
>
> >
> > On 3 May 2017 at 17:32, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> >     On 03/05/17 15:19, Lior Koskas wrote:
> >     > Thank you for your answer.
> >     >
> >     > I made all the changes and the code isn't compiling.
> >     >
> >     > I'm using cmake in order to build the code.
> >     >
> >     > my CMakeLists.txt contains this line in order to include openssl
> headers:
> >     >
> >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
> /usr/local/include/openssl/)
> >
> >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will install
> to
> >     /usr/local, and the headers will be in /usr/local/include. The final
> >     "openssl" directory name in the path to the individual header files
> >     should not be included in the include directory path.
> >
> >     My guess is that you are picking up the system openssl headers rather
> >     than the ones from your 1.1.0 installation.
> >
> >     Most likely this needs to be:
> >
> >     INCLUDE_DIRECTORIES(/usr/local/include)
> >
> >     But it does depend on options that you gave to config when you
> compiled
> >     OpenSSL (also I don't use cmake so I could be wrong).
> >
> >
> >     >
> >     > The constructor of my code is :
> >     >
> >     > HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned
> char
> >     > *iv, size_t ivSizeBytes)
> >     > {
> >     >     // copy the 128-bit key
> >     >     memcpy(_key, key, 16);
> >     >
> >     >     //copy the iv:
> >     >     EVP_CIPHER_CTX *_ctx;
> >     >     _iv = new unsigned char[ivSizeBytes];
> >     >     memcpy(_iv, iv, ivSizeBytes);
> >     >
> >     >     //EVP_CIPHER_CTX_init(&_ctx);
> >     >     _ctx = EVP_CIPHER_CTX_new();
> >     >
> >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> >     >
> >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes,
> NULL);
> >     >
> >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
> >
> >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus
> check
> >     the return values from these function calls for errors.
> >
> >     Matt
> >
> >     >
> >     > }
> >     >
> >     > What I'm missing?
> >     >
> >     >
> >     >
> >     >
> >     > On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org <mailto:
> matt at openssl.org>
> >     > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> >     >
> >     >
> >     >
> >     >     On 03/05/17 10:33, Lior Koskas wrote:
> >     >     >  I viewed the file and the definition exists.
> >     >     > I also checked that I'm picking the correct version.
> >     >     >
> >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
> >     EVP_aes_128_gcm(),
> >     >     > NULL, NULL, NULL);
> >     >     >
> >     >     > I also tried to change the code to this two lines :
> >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
> >     >
> >     >     You have one too many "EVP"'s in there. It should be:
> >     >
> >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
> >     >
> >     >     Although, that really shouldn't be necessary and your original
> >     version
> >     >     looks ok. What doesn't look quite right is the "&_ctx" bit. In
> >     1.1.0 an
> >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete
> >     instances
> >     >     of it directly.
> >     >
> >     >     Where previously you might have had:
> >     >
> >     >     EVP_CIPHER_CTX _ctx;
> >     >
> >     >     EVP_CIPHER_CTX_init(&_ctx);
> >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> >     >
> >     >
> >     >     You now need to do:
> >     >
> >     >     EVP_CIPHER_CTX *_ctx;
> >     >
> >     >     _ctx = EVP_CIPHER_CTX_new();
> >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> >     >
> >     >     ...
> >     >     EVP_CIPHER_CTX_free(_ctx);
> >     >
> >     >
> >     >     I have omitted error checking code for brevity.
> >     >
> >     >     Matt
> >     >
> >     >
> >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
> >     >     >
> >     >     > After the change I got this error : expected initializer
> >     before ‘evp_gcm’
> >     >     >
> >     >     > What am I doing wrong?
> >     >     >
> >     >     > On 3 May 2017 at 12:07, Matt Caswell <matt at openssl.org
> >     <mailto:matt at openssl.org> <mailto:matt at openssl.org
> >     <mailto:matt at openssl.org>>
> >     >     > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> >     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
> >     >     >
> >     >     >
> >     >     >
> >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
> >     >     >     > Hi,
> >     >     >     >
> >     >     >     > I'm using EVP_aes_128_gcm and have problem with
> >     compiling it
> >     >     with
> >     >     >     > OpenSSL 1.1.0 (earlier versions are compiling).
> >     >     >     > Although I included <openssl/evp.h> I got this error :
> >     error:
> >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
> >     >     >     >
> >     >     >     > I'm using CentOS 7.3.
> >     >     >     >
> >     >     >     > Which file I need to include in order to compile
> >     >     EVP_aes_128_gcm ?
> >     >     >
> >     >     >     It's still declared in evp.h:
> >     >     >
> >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
> >     >     >
> >     >     >     Perhaps you are not picking up the version of evp.h that
> >     you think
> >     >     >     you are?
> >     >     >
> >     >     >     Matt
> >     >     >
> >     >     >     --
> >     >     >     openssl-users mailing list
> >     >     >     To unsubscribe:
> >     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> >     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> >     >     >
> >     >     >
> >     >     >
> >     >     >
> >     >     > --
> >     >     > Lior           Koskas
> >     >     > Software Engineer
> >     >     >
> >     >     >
> >     >     --
> >     >     openssl-users mailing list
> >     >     To unsubscribe:
> >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> >     >
> >     >
> >     >
> >     >
> >     > --
> >     > Lior           Koskas
> >     > Software Engineer
> >     >
> >     >
> >     --
> >     openssl-users mailing list
> >     To unsubscribe:
> >     https://mta.openssl.org/mailman/listinfo/openssl-users
> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> > --
> > Lior           Koskas
> > Software Engineer
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>

-- 
Lior           Koskas
Software Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170503/3b3f1235/attachment-0001.html>