[openssl-users] Problem compiling EVP_aes_128_gcm()

Matt Caswell matt at openssl.org
Wed May 3 15:56:13 UTC 2017



On 03/05/17 16:48, Lior Koskas wrote:
> This is a little bit weird.
> The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
> When I'm running the command `yum install -y openssl-devel` it returns
> `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest
> version. Nothing to do`

And neither version is OpenSSL 1.1.0!!

Most likely you are picking up 0.9.8 headers (version 0.9.8 is ancient
and does not support GCM). Version 1.0.1 does support GCM so that would
probably work for you if you can figure out where the headers and
libraries are installed - although it too is very old. Both versions are
out of support from an OpenSSL Project perspective - although your OS
vendor may still be supporting them.

Matt

> 
> On 3 May 2017 at 18:20, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 03/05/17 16:16, Lior Koskas wrote:
>     > In the same way. This is the first time I'm checking the code on my
>     > CentOS machine.
> 
>     So right at the beginning of this thread you said you were using OpenSSL
>     1.1.0. How do you know you have that version installed?
> 
>     What does the command "openssl version" report?
> 
>     Matt
> 
>     >
>     > On 3 May 2017 at 18:13, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
>     > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 16:10, Lior Koskas wrote:
>     >     > I checked the evp.h file in the path /usr/local/include and indeed it's
>     >     > not contain any gcm functions.
>     >     > I installed openssl via yum install openssl-devel in the past.
>     >
>     >     So, how did you install OpenSSL this time?
>     >
>     >     Matt
>     >
>     >
>     >     >
>     >     > On 3 May 2017 at 17:32, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org> <mailto:matt at openssl.org
>     <mailto:matt at openssl.org>>
>     >     > <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 15:19, Lior Koskas wrote:
>     >     >     > Thank you for your answer.
>     >     >     >
>     >     >     > I made all the changes and the code isn't compiling.
>     >     >     >
>     >     >     > I'm using cmake in order to build the code.
>     >     >     >
>     >     >     > my CMakeLists.txt contains this line in order to include
>     >     openssl headers:
>     >     >     >
>     >     >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
>     >     /usr/local/include/openssl/)
>     >     >
>     >     >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will
>     >     install to
>     >     >     /usr/local, and the headers will be in
>     /usr/local/include. The
>     >     final
>     >     >     "openssl" directory name in the path to the individual
>     header
>     >     files
>     >     >     should not be included in the include directory path.
>     >     >
>     >     >     My guess is that you are picking up the system openssl
>     headers
>     >     rather
>     >     >     than the ones from your 1.1.0 installation.
>     >     >
>     >     >     Most likely this needs to be:
>     >     >
>     >     >     INCLUDE_DIRECTORIES(/usr/local/include)
>     >     >
>     >     >     But it does depend on options that you gave to config
>     when you
>     >     compiled
>     >     >     OpenSSL (also I don't use cmake so I could be wrong).
>     >     >
>     >     >
>     >     >     >
>     >     >     > The constructor of my code is :
>     >     >     >
>     >     >     > HashEncrypt::HashEncrypt(const unsigned char *key, const
>     >     unsigned char
>     >     >     > *iv, size_t ivSizeBytes)
>     >     >     > {
>     >     >     >     // copy the 128-bit key
>     >     >     >     memcpy(_key, key, 16);
>     >     >     >
>     >     >     >     //copy the iv:
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >     _iv = new unsigned char[ivSizeBytes];
>     >     >     >     memcpy(_iv, iv, ivSizeBytes);
>     >     >     >
>     >     >     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
>     >     ivSizeBytes, NULL);
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>     >     >
>     >     >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
>     >     too...plus check
>     >     >     the return values from these function calls for errors.
>     >     >
>     >     >     Matt
>     >     >
>     >     >     >
>     >     >     > }
>     >     >     >
>     >     >     > What I'm missing?
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org
>     <mailto:matt at openssl.org>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
>     >     >     > <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>> wrote:
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >     >     >  I viewed the file and the definition exists.
>     >     >     >     > I also checked that I'm picking the correct version.
>     >     >     >     >
>     >     >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     >     >     EVP_aes_128_gcm(),
>     >     >     >     > NULL, NULL, NULL);
>     >     >     >     >
>     >     >     >     > I also tried to change the code to this two lines :
>     >     >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     You have one too many "EVP"'s in there. It should be:
>     >     >     >
>     >     >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     Although, that really shouldn't be necessary and your
>     >     original
>     >     >     version
>     >     >     >     looks ok. What doesn't look quite right is the "&_ctx"
>     >     bit. In
>     >     >     1.1.0 an
>     >     >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate
>     >     concrete
>     >     >     instances
>     >     >     >     of it directly.
>     >     >     >
>     >     >     >     Where previously you might have had:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX _ctx;
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >
>     >     >     >     You now need to do:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     ...
>     >     >     >     EVP_CIPHER_CTX_free(_ctx);
>     >     >     >
>     >     >     >
>     >     >     >     I have omitted error checking code for brevity.
>     >     >     >
>     >     >     >     Matt
>     >     >     >
>     >     >     >
>     >     >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL,
>     NULL);
>     >     >     >     >
>     >     >     >     > After the change I got this error : expected
>     initializer
>     >     >     before ‘evp_gcm’
>     >     >     >     >
>     >     >     >     > What am I doing wrong?
>     >     >     >     >
>     >     >     >     > On 3 May 2017 at 12:07, Matt Caswell
>     <matt at openssl.org <mailto:matt at openssl.org>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>>
>     >     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>
>     >     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>
>     >     >     >     > <mailto:matt at openssl.org
>     <mailto:matt at openssl.org> <mailto:matt at openssl.org
>     <mailto:matt at openssl.org>>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
>     >     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>
>     >     <mailto:matt at openssl.org <mailto:matt at openssl.org>
>     <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>>> wrote:
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     >     >     > Hi,
>     >     >     >     >     >
>     >     >     >     >     > I'm using EVP_aes_128_gcm and have problem
>     with
>     >     >     compiling it
>     >     >     >     with
>     >     >     >     >     > OpenSSL 1.1.0 (earlier versions are
>     compiling).
>     >     >     >     >     > Although I included <openssl/evp.h> I got this
>     >     error :
>     >     >     error:
>     >     >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this
>     scope.
>     >     >     >     >     >
>     >     >     >     >     > I'm using CentOS 7.3.
>     >     >     >     >     >
>     >     >     >     >     > Which file I need to include in order to
>     compile
>     >     >     >     EVP_aes_128_gcm ?
>     >     >     >     >
>     >     >     >     >     It's still declared in evp.h:
>     >     >     >     >
>     >     >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >     >     >
>     >     >     >     >     Perhaps you are not picking up the version of
>     >     evp.h that
>     >     >     you think
>     >     >     >     >     you are?
>     >     >     >     >
>     >     >     >     >     Matt
>     >     >     >     >
>     >     >     >     >     --
>     >     >     >     >     openssl-users mailing list
>     >     >     >     >     To unsubscribe:
>     >     >     >     >
>     >      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >     >
>     >      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>>
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     > --
>     >     >     >     > Lior           Koskas
>     >     >     >     > Software Engineer
>     >     >     >     >
>     >     >     >     >
>     >     >     >     --
>     >     >     >     openssl-users mailing list
>     >     >     >     To unsubscribe:
>     >     >     >   
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > --
>     >     >     > Lior           Koskas
>     >     >     > Software Engineer
>     >     >     >
>     >     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 
> -- 
> Lior           Koskas
> Software Engineer
> 
> 


More information about the openssl-users mailing list