[openssl-users] Problem compiling EVP_aes_128_gcm()

Matt Caswell matt at openssl.org
Wed May 3 14:32:51 UTC 2017 


On 03/05/17 15:19, Lior Koskas wrote:
> Thank you for your answer.
> 
> I made all the changes and the code isn't compiling.
> 
> I'm using cmake in order to build the code.
> 
> my CMakeLists.txt contains this line in order to include openssl headers:
> 
> INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)

Where did you install OpenSSL? By default OpenSSL 1.1.0 will install to
/usr/local, and the headers will be in /usr/local/include. The final
"openssl" directory name in the path to the individual header files
should not be included in the include directory path.

My guess is that you are picking up the system openssl headers rather
than the ones from your 1.1.0 installation.

Most likely this needs to be:

INCLUDE_DIRECTORIES(/usr/local/include)

But it does depend on options that you gave to config when you compiled
OpenSSL (also I don't use cmake so I could be wrong).


> 
> The constructor of my code is :
> 
> HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char
> *iv, size_t ivSizeBytes)
> {
>     // copy the 128-bit key
>     memcpy(_key, key, 16);
> 
>     //copy the iv:
>     EVP_CIPHER_CTX *_ctx;
>     _iv = new unsigned char[ivSizeBytes];
>     memcpy(_iv, iv, ivSizeBytes);
> 
>     //EVP_CIPHER_CTX_init(&_ctx);
>     _ctx = EVP_CIPHER_CTX_new();
> 
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> 
>     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);
> 
>     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);

You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus check
the return values from these function calls for errors.

Matt

> 
> }
> 
> What I'm missing?
> 
> 
> 
> 
> On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 03/05/17 10:33, Lior Koskas wrote:
>     >  I viewed the file and the definition exists.
>     > I also checked that I'm picking the correct version.
>     >
>     > My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(),
>     > NULL, NULL, NULL);
>     >
>     > I also tried to change the code to this two lines :
>     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
> 
>     You have one too many "EVP"'s in there. It should be:
> 
>     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
> 
>     Although, that really shouldn't be necessary and your original version
>     looks ok. What doesn't look quite right is the "&_ctx" bit. In 1.1.0 an
>     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete instances
>     of it directly.
> 
>     Where previously you might have had:
> 
>     EVP_CIPHER_CTX _ctx;
> 
>     EVP_CIPHER_CTX_init(&_ctx);
>     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> 
> 
>     You now need to do:
> 
>     EVP_CIPHER_CTX *_ctx;
> 
>     _ctx = EVP_CIPHER_CTX_new();
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
> 
>     ...
>     EVP_CIPHER_CTX_free(_ctx);
> 
> 
>     I have omitted error checking code for brevity.
> 
>     Matt
> 
> 
>     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >
>     > After the change I got this error : expected initializer before ‘evp_gcm’
>     >
>     > What am I doing wrong?
>     >
>     > On 3 May 2017 at 12:07, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
>     > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     > Hi,
>     >     >
>     >     > I'm using EVP_aes_128_gcm and have problem with compiling it
>     with
>     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     > Although I included <openssl/evp.h> I got this error : error:
>     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >
>     >     > I'm using CentOS 7.3.
>     >     >
>     >     > Which file I need to include in order to compile
>     EVP_aes_128_gcm ?
>     >
>     >     It's still declared in evp.h:
>     >
>     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >
>     >     Perhaps you are not picking up the version of evp.h that you think
>     >     you are?
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 
> -- 
> Lior           Koskas
> Software Engineer
> 
>

More information about the openssl-users mailing list