[openssl-users] Problem compiling EVP_aes_128_gcm()
Lior Koskas
liork.cryptobiu at gmail.com
Wed May 3 15:48:57 UTC 2017
This is a little bit weird.
The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
When I'm running the command `yum install -y openssl-devel` it returns
`openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest
version. Nothing to do`
On 3 May 2017 at 18:20, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 03/05/17 16:16, Lior Koskas wrote:
> > In the same way. This is the first time I'm checking the code on my
> > CentOS machine.
>
> So right at the beginning of this thread you said you were using OpenSSL
> 1.1.0. How do you know you have that version installed?
>
> What does the command "openssl version" report?
>
> Matt
>
> >
> > On 3 May 2017 at 18:13, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 03/05/17 16:10, Lior Koskas wrote:
> > > I checked the evp.h file in the path /usr/local/include and indeed
> it's
> > > not contain any gcm functions.
> > > I installed openssl via yum install openssl-devel in the past.
> >
> > So, how did you install OpenSSL this time?
> >
> > Matt
> >
> >
> > >
> > > On 3 May 2017 at 17:32, Matt Caswell <matt at openssl.org <mailto:
> matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> > >
> > >
> > >
> > > On 03/05/17 15:19, Lior Koskas wrote:
> > > > Thank you for your answer.
> > > >
> > > > I made all the changes and the code isn't compiling.
> > > >
> > > > I'm using cmake in order to build the code.
> > > >
> > > > my CMakeLists.txt contains this line in order to include
> > openssl headers:
> > > >
> > > > INCLUDE_DIRECTORIES(/usr/include/openssl/
> > /usr/local/include/openssl/)
> > >
> > > Where did you install OpenSSL? By default OpenSSL 1.1.0 will
> > install to
> > > /usr/local, and the headers will be in /usr/local/include. The
> > final
> > > "openssl" directory name in the path to the individual header
> > files
> > > should not be included in the include directory path.
> > >
> > > My guess is that you are picking up the system openssl headers
> > rather
> > > than the ones from your 1.1.0 installation.
> > >
> > > Most likely this needs to be:
> > >
> > > INCLUDE_DIRECTORIES(/usr/local/include)
> > >
> > > But it does depend on options that you gave to config when you
> > compiled
> > > OpenSSL (also I don't use cmake so I could be wrong).
> > >
> > >
> > > >
> > > > The constructor of my code is :
> > > >
> > > > HashEncrypt::HashEncrypt(const unsigned char *key, const
> > unsigned char
> > > > *iv, size_t ivSizeBytes)
> > > > {
> > > > // copy the 128-bit key
> > > > memcpy(_key, key, 16);
> > > >
> > > > //copy the iv:
> > > > EVP_CIPHER_CTX *_ctx;
> > > > _iv = new unsigned char[ivSizeBytes];
> > > > memcpy(_iv, iv, ivSizeBytes);
> > > >
> > > > //EVP_CIPHER_CTX_init(&_ctx);
> > > > _ctx = EVP_CIPHER_CTX_new();
> > > >
> > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
> > NULL);
> > > >
> > > > EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
> > ivSizeBytes, NULL);
> > > >
> > > > EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
> > >
> > > You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
> > too...plus check
> > > the return values from these function calls for errors.
> > >
> > > Matt
> > >
> > > >
> > > > }
> > > >
> > > > What I'm missing?
> > > >
> > > >
> > > >
> > > >
> > > > On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org> <mailto:matt at openssl.org
> > <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
> > > >
> > > >
> > > >
> > > > On 03/05/17 10:33, Lior Koskas wrote:
> > > > > I viewed the file and the definition exists.
> > > > > I also checked that I'm picking the correct version.
> > > > >
> > > > > My problem is this line : EVP_EncryptInit_ex(&_ctx,
> > > EVP_aes_128_gcm(),
> > > > > NULL, NULL, NULL);
> > > > >
> > > > > I also tried to change the code to this two lines :
> > > > > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
> > > >
> > > > You have one too many "EVP"'s in there. It should be:
> > > >
> > > > const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
> > > >
> > > > Although, that really shouldn't be necessary and your
> > original
> > > version
> > > > looks ok. What doesn't look quite right is the "&_ctx"
> > bit. In
> > > 1.1.0 an
> > > > EVP_CIPHER_CTX is an opaque type. You cannot allocate
> > concrete
> > > instances
> > > > of it directly.
> > > >
> > > > Where previously you might have had:
> > > >
> > > > EVP_CIPHER_CTX _ctx;
> > > >
> > > > EVP_CIPHER_CTX_init(&_ctx);
> > > > EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL,
> > NULL);
> > > >
> > > >
> > > > You now need to do:
> > > >
> > > > EVP_CIPHER_CTX *_ctx;
> > > >
> > > > _ctx = EVP_CIPHER_CTX_new();
> > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
> > NULL);
> > > >
> > > > ...
> > > > EVP_CIPHER_CTX_free(_ctx);
> > > >
> > > >
> > > > I have omitted error checking code for brevity.
> > > >
> > > > Matt
> > > >
> > > >
> > > > > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
> > > > >
> > > > > After the change I got this error : expected
> initializer
> > > before ‘evp_gcm’
> > > > >
> > > > > What am I doing wrong?
> > > > >
> > > > > On 3 May 2017 at 12:07, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>> wrote:
> > > > >
> > > > >
> > > > >
> > > > > On 03/05/17 09:43, Lior Koskas wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I'm using EVP_aes_128_gcm and have problem with
> > > compiling it
> > > > with
> > > > > > OpenSSL 1.1.0 (earlier versions are compiling).
> > > > > > Although I included <openssl/evp.h> I got this
> > error :
> > > error:
> > > > > > ‘EVP_aes_128_gcm’ was not declared in this scope.
> > > > > >
> > > > > > I'm using CentOS 7.3.
> > > > > >
> > > > > > Which file I need to include in order to compile
> > > > EVP_aes_128_gcm ?
> > > > >
> > > > > It's still declared in evp.h:
> > > > >
> > > > > const EVP_CIPHER *EVP_aes_128_gcm(void);
> > > > >
> > > > > Perhaps you are not picking up the version of
> > evp.h that
> > > you think
> > > > > you are?
> > > > >
> > > > > Matt
> > > > >
> > > > > --
> > > > > openssl-users mailing list
> > > > > To unsubscribe:
> > > > >
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > > >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Lior Koskas
> > > > > Software Engineer
> > > > >
> > > > >
> > > > --
> > > > openssl-users mailing list
> > > > To unsubscribe:
> > > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Lior Koskas
> > > > Software Engineer
> > > >
> > > >
> > > --
> > > openssl-users mailing list
> > > To unsubscribe:
> > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > >
> > >
> > >
> > >
> > > --
> > > Lior Koskas
> > > Software Engineer
> > >
> > >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> > --
> > Lior Koskas
> > Software Engineer
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Lior Koskas
Software Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170503/386019b6/attachment-0001.html>
More information about the openssl-users
mailing list