[openssl-users] Problem compiling EVP_aes_128_gcm()
Matt Caswell
matt at openssl.org
Wed May 3 15:20:52 UTC 2017
On 03/05/17 16:16, Lior Koskas wrote:
> In the same way. This is the first time I'm checking the code on my
> CentOS machine.
So right at the beginning of this thread you said you were using OpenSSL
1.1.0. How do you know you have that version installed?
What does the command "openssl version" report?
Matt
>
> On 3 May 2017 at 18:13, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
> On 03/05/17 16:10, Lior Koskas wrote:
> > I checked the evp.h file in the path /usr/local/include and indeed it's
> > not contain any gcm functions.
> > I installed openssl via yum install openssl-devel in the past.
>
> So, how did you install OpenSSL this time?
>
> Matt
>
>
> >
> > On 3 May 2017 at 17:32, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> >
> >
> >
> > On 03/05/17 15:19, Lior Koskas wrote:
> > > Thank you for your answer.
> > >
> > > I made all the changes and the code isn't compiling.
> > >
> > > I'm using cmake in order to build the code.
> > >
> > > my CMakeLists.txt contains this line in order to include
> openssl headers:
> > >
> > > INCLUDE_DIRECTORIES(/usr/include/openssl/
> /usr/local/include/openssl/)
> >
> > Where did you install OpenSSL? By default OpenSSL 1.1.0 will
> install to
> > /usr/local, and the headers will be in /usr/local/include. The
> final
> > "openssl" directory name in the path to the individual header
> files
> > should not be included in the include directory path.
> >
> > My guess is that you are picking up the system openssl headers
> rather
> > than the ones from your 1.1.0 installation.
> >
> > Most likely this needs to be:
> >
> > INCLUDE_DIRECTORIES(/usr/local/include)
> >
> > But it does depend on options that you gave to config when you
> compiled
> > OpenSSL (also I don't use cmake so I could be wrong).
> >
> >
> > >
> > > The constructor of my code is :
> > >
> > > HashEncrypt::HashEncrypt(const unsigned char *key, const
> unsigned char
> > > *iv, size_t ivSizeBytes)
> > > {
> > > // copy the 128-bit key
> > > memcpy(_key, key, 16);
> > >
> > > //copy the iv:
> > > EVP_CIPHER_CTX *_ctx;
> > > _iv = new unsigned char[ivSizeBytes];
> > > memcpy(_iv, iv, ivSizeBytes);
> > >
> > > //EVP_CIPHER_CTX_init(&_ctx);
> > > _ctx = EVP_CIPHER_CTX_new();
> > >
> > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
> NULL);
> > >
> > > EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
> ivSizeBytes, NULL);
> > >
> > > EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
> >
> > You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
> too...plus check
> > the return values from these function calls for errors.
> >
> > Matt
> >
> > >
> > > }
> > >
> > > What I'm missing?
> > >
> > >
> > >
> > >
> > > On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org> <mailto:matt at openssl.org
> <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
> > >
> > >
> > >
> > > On 03/05/17 10:33, Lior Koskas wrote:
> > > > I viewed the file and the definition exists.
> > > > I also checked that I'm picking the correct version.
> > > >
> > > > My problem is this line : EVP_EncryptInit_ex(&_ctx,
> > EVP_aes_128_gcm(),
> > > > NULL, NULL, NULL);
> > > >
> > > > I also tried to change the code to this two lines :
> > > > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
> > >
> > > You have one too many "EVP"'s in there. It should be:
> > >
> > > const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
> > >
> > > Although, that really shouldn't be necessary and your
> original
> > version
> > > looks ok. What doesn't look quite right is the "&_ctx"
> bit. In
> > 1.1.0 an
> > > EVP_CIPHER_CTX is an opaque type. You cannot allocate
> concrete
> > instances
> > > of it directly.
> > >
> > > Where previously you might have had:
> > >
> > > EVP_CIPHER_CTX _ctx;
> > >
> > > EVP_CIPHER_CTX_init(&_ctx);
> > > EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL,
> NULL);
> > >
> > >
> > > You now need to do:
> > >
> > > EVP_CIPHER_CTX *_ctx;
> > >
> > > _ctx = EVP_CIPHER_CTX_new();
> > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
> NULL);
> > >
> > > ...
> > > EVP_CIPHER_CTX_free(_ctx);
> > >
> > >
> > > I have omitted error checking code for brevity.
> > >
> > > Matt
> > >
> > >
> > > > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
> > > >
> > > > After the change I got this error : expected initializer
> > before ‘evp_gcm’
> > > >
> > > > What am I doing wrong?
> > > >
> > > > On 3 May 2017 at 12:07, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>> wrote:
> > > >
> > > >
> > > >
> > > > On 03/05/17 09:43, Lior Koskas wrote:
> > > > > Hi,
> > > > >
> > > > > I'm using EVP_aes_128_gcm and have problem with
> > compiling it
> > > with
> > > > > OpenSSL 1.1.0 (earlier versions are compiling).
> > > > > Although I included <openssl/evp.h> I got this
> error :
> > error:
> > > > > ‘EVP_aes_128_gcm’ was not declared in this scope.
> > > > >
> > > > > I'm using CentOS 7.3.
> > > > >
> > > > > Which file I need to include in order to compile
> > > EVP_aes_128_gcm ?
> > > >
> > > > It's still declared in evp.h:
> > > >
> > > > const EVP_CIPHER *EVP_aes_128_gcm(void);
> > > >
> > > > Perhaps you are not picking up the version of
> evp.h that
> > you think
> > > > you are?
> > > >
> > > > Matt
> > > >
> > > > --
> > > > openssl-users mailing list
> > > > To unsubscribe:
> > > >
> https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > >
> <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Lior Koskas
> > > > Software Engineer
> > > >
> > > >
> > > --
> > > openssl-users mailing list
> > > To unsubscribe:
> > > https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > >
> > >
> > >
> > >
> > > --
> > > Lior Koskas
> > > Software Engineer
> > >
> > >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> >
> >
> >
> >
> > --
> > Lior Koskas
> > Software Engineer
> >
> >
> --
> openssl-users mailing list
> To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior Koskas
> Software Engineer
>
>
More information about the openssl-users
mailing list