[openssl-users] Problem compiling EVP_aes_128_gcm()
Lior Koskas
liork.cryptobiu at gmail.com
Wed May 3 15:58:42 UTC 2017
Thank you very much for your help!
I will raised this bug to my vendor support.
On 3 May 2017 at 18:56, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 03/05/17 16:48, Lior Koskas wrote:
> > This is a little bit weird.
> > The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
> > When I'm running the command `yum install -y openssl-devel` it returns
> > `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest
> > version. Nothing to do`
>
> And neither version is OpenSSL 1.1.0!!
>
> Most likely you are picking up 0.9.8 headers (version 0.9.8 is ancient
> and does not support GCM). Version 1.0.1 does support GCM so that would
> probably work for you if you can figure out where the headers and
> libraries are installed - although it too is very old. Both versions are
> out of support from an OpenSSL Project perspective - although your OS
> vendor may still be supporting them.
>
> Matt
>
> >
> > On 3 May 2017 at 18:20, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 03/05/17 16:16, Lior Koskas wrote:
> > > In the same way. This is the first time I'm checking the code on my
> > > CentOS machine.
> >
> > So right at the beginning of this thread you said you were using
> OpenSSL
> > 1.1.0. How do you know you have that version installed?
> >
> > What does the command "openssl version" report?
> >
> > Matt
> >
> > >
> > > On 3 May 2017 at 18:13, Matt Caswell <matt at openssl.org <mailto:
> matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> > >
> > >
> > >
> > > On 03/05/17 16:10, Lior Koskas wrote:
> > > > I checked the evp.h file in the path /usr/local/include and
> indeed it's
> > > > not contain any gcm functions.
> > > > I installed openssl via yum install openssl-devel in the
> past.
> > >
> > > So, how did you install OpenSSL this time?
> > >
> > > Matt
> > >
> > >
> > > >
> > > > On 3 May 2017 at 17:32, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org> <mailto:matt at openssl.org
> > <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
> > > >
> > > >
> > > >
> > > > On 03/05/17 15:19, Lior Koskas wrote:
> > > > > Thank you for your answer.
> > > > >
> > > > > I made all the changes and the code isn't compiling.
> > > > >
> > > > > I'm using cmake in order to build the code.
> > > > >
> > > > > my CMakeLists.txt contains this line in order to
> include
> > > openssl headers:
> > > > >
> > > > > INCLUDE_DIRECTORIES(/usr/include/openssl/
> > > /usr/local/include/openssl/)
> > > >
> > > > Where did you install OpenSSL? By default OpenSSL 1.1.0
> will
> > > install to
> > > > /usr/local, and the headers will be in
> > /usr/local/include. The
> > > final
> > > > "openssl" directory name in the path to the individual
> > header
> > > files
> > > > should not be included in the include directory path.
> > > >
> > > > My guess is that you are picking up the system openssl
> > headers
> > > rather
> > > > than the ones from your 1.1.0 installation.
> > > >
> > > > Most likely this needs to be:
> > > >
> > > > INCLUDE_DIRECTORIES(/usr/local/include)
> > > >
> > > > But it does depend on options that you gave to config
> > when you
> > > compiled
> > > > OpenSSL (also I don't use cmake so I could be wrong).
> > > >
> > > >
> > > > >
> > > > > The constructor of my code is :
> > > > >
> > > > > HashEncrypt::HashEncrypt(const unsigned char *key,
> const
> > > unsigned char
> > > > > *iv, size_t ivSizeBytes)
> > > > > {
> > > > > // copy the 128-bit key
> > > > > memcpy(_key, key, 16);
> > > > >
> > > > > //copy the iv:
> > > > > EVP_CIPHER_CTX *_ctx;
> > > > > _iv = new unsigned char[ivSizeBytes];
> > > > > memcpy(_iv, iv, ivSizeBytes);
> > > > >
> > > > > //EVP_CIPHER_CTX_init(&_ctx);
> > > > > _ctx = EVP_CIPHER_CTX_new();
> > > > >
> > > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
> > NULL,
> > > NULL);
> > > > >
> > > > > EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
> > > ivSizeBytes, NULL);
> > > > >
> > > > > EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
> > > >
> > > > You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
> > > too...plus check
> > > > the return values from these function calls for errors.
> > > >
> > > > Matt
> > > >
> > > > >
> > > > > }
> > > > >
> > > > > What I'm missing?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 3 May 2017 at 12:57, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>> wrote:
> > > > >
> > > > >
> > > > >
> > > > > On 03/05/17 10:33, Lior Koskas wrote:
> > > > > > I viewed the file and the definition exists.
> > > > > > I also checked that I'm picking the correct
> version.
> > > > > >
> > > > > > My problem is this line :
> EVP_EncryptInit_ex(&_ctx,
> > > > EVP_aes_128_gcm(),
> > > > > > NULL, NULL, NULL);
> > > > > >
> > > > > > I also tried to change the code to this two
> lines :
> > > > > > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
> > > > >
> > > > > You have one too many "EVP"'s in there. It should
> be:
> > > > >
> > > > > const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
> > > > >
> > > > > Although, that really shouldn't be necessary and
> your
> > > original
> > > > version
> > > > > looks ok. What doesn't look quite right is the
> "&_ctx"
> > > bit. In
> > > > 1.1.0 an
> > > > > EVP_CIPHER_CTX is an opaque type. You cannot
> allocate
> > > concrete
> > > > instances
> > > > > of it directly.
> > > > >
> > > > > Where previously you might have had:
> > > > >
> > > > > EVP_CIPHER_CTX _ctx;
> > > > >
> > > > > EVP_CIPHER_CTX_init(&_ctx);
> > > > > EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL,
> > NULL,
> > > NULL);
> > > > >
> > > > >
> > > > > You now need to do:
> > > > >
> > > > > EVP_CIPHER_CTX *_ctx;
> > > > >
> > > > > _ctx = EVP_CIPHER_CTX_new();
> > > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
> > NULL,
> > > NULL);
> > > > >
> > > > > ...
> > > > > EVP_CIPHER_CTX_free(_ctx);
> > > > >
> > > > >
> > > > > I have omitted error checking code for brevity.
> > > > >
> > > > > Matt
> > > > >
> > > > >
> > > > > > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL,
> > NULL);
> > > > > >
> > > > > > After the change I got this error : expected
> > initializer
> > > > before ‘evp_gcm’
> > > > > >
> > > > > > What am I doing wrong?
> > > > > >
> > > > > > On 3 May 2017 at 12:07, Matt Caswell
> > <matt at openssl.org <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>
> > > > > > <mailto:matt at openssl.org
> > <mailto:matt at openssl.org> <mailto:matt at openssl.org
> > <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>>> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 03/05/17 09:43, Lior Koskas wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > I'm using EVP_aes_128_gcm and have problem
> > with
> > > > compiling it
> > > > > with
> > > > > > > OpenSSL 1.1.0 (earlier versions are
> > compiling).
> > > > > > > Although I included <openssl/evp.h> I got
> this
> > > error :
> > > > error:
> > > > > > > ‘EVP_aes_128_gcm’ was not declared in this
> > scope.
> > > > > > >
> > > > > > > I'm using CentOS 7.3.
> > > > > > >
> > > > > > > Which file I need to include in order to
> > compile
> > > > > EVP_aes_128_gcm ?
> > > > > >
> > > > > > It's still declared in evp.h:
> > > > > >
> > > > > > const EVP_CIPHER *EVP_aes_128_gcm(void);
> > > > > >
> > > > > > Perhaps you are not picking up the version of
> > > evp.h that
> > > > you think
> > > > > > you are?
> > > > > >
> > > > > > Matt
> > > > > >
> > > > > > --
> > > > > > openssl-users mailing list
> > > > > > To unsubscribe:
> > > > > >
> > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > > >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
> > > > > >
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > > >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>>
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Lior Koskas
> > > > > > Software Engineer
> > > > > >
> > > > > >
> > > > > --
> > > > > openssl-users mailing list
> > > > > To unsubscribe:
> > > > >
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > > >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Lior Koskas
> > > > > Software Engineer
> > > > >
> > > > >
> > > > --
> > > > openssl-users mailing list
> > > > To unsubscribe:
> > > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Lior Koskas
> > > > Software Engineer
> > > >
> > > >
> > > --
> > > openssl-users mailing list
> > > To unsubscribe:
> > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > >
> > >
> > >
> > >
> > > --
> > > Lior Koskas
> > > Software Engineer
> > >
> > >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> > --
> > Lior Koskas
> > Software Engineer
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Lior Koskas
Software Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170503/c7aa4fbf/attachment-0001.html>
More information about the openssl-users
mailing list