Problem compiling EVP_aes_128_gcm()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem compiling EVP_aes_128_gcm()

Lior Koskas
Hi,

I'm using EVP_aes_128_gcm and have problem with compiling it with OpenSSL 1.1.0 (earlier versions are compiling).
Although I included <openssl/evp.h> I got this error : error: ‘EVP_aes_128_gcm’ was not declared in this scope.

I'm using CentOS 7.3.

Which file I need to include in order to compile EVP_aes_128_gcm ?

​Best Regards,​

--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 09:43, Lior Koskas wrote:

> Hi,
>
> I'm using EVP_aes_128_gcm and have problem with compiling it with
> OpenSSL 1.1.0 (earlier versions are compiling).
> Although I included <openssl/evp.h> I got this error : error:
> ‘EVP_aes_128_gcm’ was not declared in this scope.
>
> I'm using CentOS 7.3.
>
> Which file I need to include in order to compile EVP_aes_128_gcm ?

It's still declared in evp.h:

const EVP_CIPHER *EVP_aes_128_gcm(void);

Perhaps you are not picking up the version of evp.h that you think you are?

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
 I viewed the file and the definition exists.
I also checked that I'm picking the correct version.

My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

I also tried to change the code to this two lines : 
EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);

After the change I got this error : expected initializer before ‘evp_gcm’

What am I doing wrong?

On 3 May 2017 at 12:07, Matt Caswell <[hidden email]> wrote:


On 03/05/17 09:43, Lior Koskas wrote:
> Hi,
>
> I'm using EVP_aes_128_gcm and have problem with compiling it with
> OpenSSL 1.1.0 (earlier versions are compiling).
> Although I included <openssl/evp.h> I got this error : error:
> ‘EVP_aes_128_gcm’ was not declared in this scope.
>
> I'm using CentOS 7.3.
>
> Which file I need to include in order to compile EVP_aes_128_gcm ?

It's still declared in evp.h:

const EVP_CIPHER *EVP_aes_128_gcm(void);

Perhaps you are not picking up the version of evp.h that you think you are?

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 10:33, Lior Koskas wrote:
>  I viewed the file and the definition exists.
> I also checked that I'm picking the correct version.
>
> My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(),
> NULL, NULL, NULL);
>
> I also tried to change the code to this two lines :
> EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();

You have one too many "EVP"'s in there. It should be:

const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();

Although, that really shouldn't be necessary and your original version
looks ok. What doesn't look quite right is the "&_ctx" bit. In 1.1.0 an
EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete instances
of it directly.

Where previously you might have had:

EVP_CIPHER_CTX _ctx;

EVP_CIPHER_CTX_init(&_ctx);
EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);


You now need to do:

EVP_CIPHER_CTX *_ctx;

_ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

...
EVP_CIPHER_CTX_free(_ctx);


I have omitted error checking code for brevity.

Matt


> EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>
> After the change I got this error : expected initializer before ‘evp_gcm’
>
> What am I doing wrong?
>
> On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 09:43, Lior Koskas wrote:
>     > Hi,
>     >
>     > I'm using EVP_aes_128_gcm and have problem with compiling it with
>     > OpenSSL 1.1.0 (earlier versions are compiling).
>     > Although I included <openssl/evp.h> I got this error : error:
>     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >
>     > I'm using CentOS 7.3.
>     >
>     > Which file I need to include in order to compile EVP_aes_128_gcm ?
>
>     It's still declared in evp.h:
>
>     const EVP_CIPHER *EVP_aes_128_gcm(void);
>
>     Perhaps you are not picking up the version of evp.h that you think
>     you are?
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
Thank you for your answer.

I made all the changes and the code isn't compiling.

I'm using cmake in order to build the code.

my CMakeLists.txt contains this line in order to include openssl headers:

INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)

The constructor of my code is :

HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char *iv, size_t ivSizeBytes)
{
    // copy the 128-bit key
    memcpy(_key, key, 16);

    //copy the iv:
    EVP_CIPHER_CTX *_ctx;
    _iv = new unsigned char[ivSizeBytes];
    memcpy(_iv, iv, ivSizeBytes);

    //EVP_CIPHER_CTX_init(&_ctx);
    _ctx = EVP_CIPHER_CTX_new();

    EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

    EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);

    EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);

}

What I'm missing?




On 3 May 2017 at 12:57, Matt Caswell <[hidden email]> wrote:


On 03/05/17 10:33, Lior Koskas wrote:
>  I viewed the file and the definition exists.
> I also checked that I'm picking the correct version.
>
> My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(),
> NULL, NULL, NULL);
>
> I also tried to change the code to this two lines :
> EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();

You have one too many "EVP"'s in there. It should be:

const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();

Although, that really shouldn't be necessary and your original version
looks ok. What doesn't look quite right is the "&_ctx" bit. In 1.1.0 an
EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete instances
of it directly.

Where previously you might have had:

EVP_CIPHER_CTX _ctx;

EVP_CIPHER_CTX_init(&_ctx);
EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);


You now need to do:

EVP_CIPHER_CTX *_ctx;

_ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

...
EVP_CIPHER_CTX_free(_ctx);


I have omitted error checking code for brevity.

Matt


> EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>
> After the change I got this error : expected initializer before ‘evp_gcm’
>
> What am I doing wrong?
>
> On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 09:43, Lior Koskas wrote:
>     > Hi,
>     >
>     > I'm using EVP_aes_128_gcm and have problem with compiling it with
>     > OpenSSL 1.1.0 (earlier versions are compiling).
>     > Although I included <openssl/evp.h> I got this error : error:
>     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >
>     > I'm using CentOS 7.3.
>     >
>     > Which file I need to include in order to compile EVP_aes_128_gcm ?
>
>     It's still declared in evp.h:
>
>     const EVP_CIPHER *EVP_aes_128_gcm(void);
>
>     Perhaps you are not picking up the version of evp.h that you think
>     you are?
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 15:19, Lior Koskas wrote:
> Thank you for your answer.
>
> I made all the changes and the code isn't compiling.
>
> I'm using cmake in order to build the code.
>
> my CMakeLists.txt contains this line in order to include openssl headers:
>
> INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)

Where did you install OpenSSL? By default OpenSSL 1.1.0 will install to
/usr/local, and the headers will be in /usr/local/include. The final
"openssl" directory name in the path to the individual header files
should not be included in the include directory path.

My guess is that you are picking up the system openssl headers rather
than the ones from your 1.1.0 installation.

Most likely this needs to be:

INCLUDE_DIRECTORIES(/usr/local/include)

But it does depend on options that you gave to config when you compiled
OpenSSL (also I don't use cmake so I could be wrong).


>
> The constructor of my code is :
>
> HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char
> *iv, size_t ivSizeBytes)
> {
>     // copy the 128-bit key
>     memcpy(_key, key, 16);
>
>     //copy the iv:
>     EVP_CIPHER_CTX *_ctx;
>     _iv = new unsigned char[ivSizeBytes];
>     memcpy(_iv, iv, ivSizeBytes);
>
>     //EVP_CIPHER_CTX_init(&_ctx);
>     _ctx = EVP_CIPHER_CTX_new();
>
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);
>
>     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);

You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus check
the return values from these function calls for errors.

Matt

>
> }
>
> What I'm missing?
>
>
>
>
> On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 10:33, Lior Koskas wrote:
>     >  I viewed the file and the definition exists.
>     > I also checked that I'm picking the correct version.
>     >
>     > My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(),
>     > NULL, NULL, NULL);
>     >
>     > I also tried to change the code to this two lines :
>     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>
>     You have one too many "EVP"'s in there. It should be:
>
>     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>
>     Although, that really shouldn't be necessary and your original version
>     looks ok. What doesn't look quite right is the "&_ctx" bit. In 1.1.0 an
>     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete instances
>     of it directly.
>
>     Where previously you might have had:
>
>     EVP_CIPHER_CTX _ctx;
>
>     EVP_CIPHER_CTX_init(&_ctx);
>     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>
>     You now need to do:
>
>     EVP_CIPHER_CTX *_ctx;
>
>     _ctx = EVP_CIPHER_CTX_new();
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>     ...
>     EVP_CIPHER_CTX_free(_ctx);
>
>
>     I have omitted error checking code for brevity.
>
>     Matt
>
>
>     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >
>     > After the change I got this error : expected initializer before ‘evp_gcm’
>     >
>     > What am I doing wrong?
>     >
>     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     > Hi,
>     >     >
>     >     > I'm using EVP_aes_128_gcm and have problem with compiling it
>     with
>     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     > Although I included <openssl/evp.h> I got this error : error:
>     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >
>     >     > I'm using CentOS 7.3.
>     >     >
>     >     > Which file I need to include in order to compile
>     EVP_aes_128_gcm ?
>     >
>     >     It's still declared in evp.h:
>     >
>     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >
>     >     Perhaps you are not picking up the version of evp.h that you think
>     >     you are?
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
I checked the evp.h file in the path /usr/local/include and indeed it's not contain any gcm functions.
I installed openssl via yum install openssl-devel in the past.

On 3 May 2017 at 17:32, Matt Caswell <[hidden email]> wrote:


On 03/05/17 15:19, Lior Koskas wrote:
> Thank you for your answer.
>
> I made all the changes and the code isn't compiling.
>
> I'm using cmake in order to build the code.
>
> my CMakeLists.txt contains this line in order to include openssl headers:
>
> INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)

Where did you install OpenSSL? By default OpenSSL 1.1.0 will install to
/usr/local, and the headers will be in /usr/local/include. The final
"openssl" directory name in the path to the individual header files
should not be included in the include directory path.

My guess is that you are picking up the system openssl headers rather
than the ones from your 1.1.0 installation.

Most likely this needs to be:

INCLUDE_DIRECTORIES(/usr/local/include)

But it does depend on options that you gave to config when you compiled
OpenSSL (also I don't use cmake so I could be wrong).


>
> The constructor of my code is :
>
> HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char
> *iv, size_t ivSizeBytes)
> {
>     // copy the 128-bit key
>     memcpy(_key, key, 16);
>
>     //copy the iv:
>     EVP_CIPHER_CTX *_ctx;
>     _iv = new unsigned char[ivSizeBytes];
>     memcpy(_iv, iv, ivSizeBytes);
>
>     //EVP_CIPHER_CTX_init(&_ctx);
>     _ctx = EVP_CIPHER_CTX_new();
>
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);
>
>     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);

You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus check
the return values from these function calls for errors.

Matt

>
> }
>
> What I'm missing?
>
>
>
>
> On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 10:33, Lior Koskas wrote:
>     >  I viewed the file and the definition exists.
>     > I also checked that I'm picking the correct version.
>     >
>     > My problem is this line : EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(),
>     > NULL, NULL, NULL);
>     >
>     > I also tried to change the code to this two lines :
>     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>
>     You have one too many "EVP"'s in there. It should be:
>
>     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>
>     Although, that really shouldn't be necessary and your original version
>     looks ok. What doesn't look quite right is the "&_ctx" bit. In 1.1.0 an
>     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete instances
>     of it directly.
>
>     Where previously you might have had:
>
>     EVP_CIPHER_CTX _ctx;
>
>     EVP_CIPHER_CTX_init(&_ctx);
>     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>
>     You now need to do:
>
>     EVP_CIPHER_CTX *_ctx;
>
>     _ctx = EVP_CIPHER_CTX_new();
>     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>
>     ...
>     EVP_CIPHER_CTX_free(_ctx);
>
>
>     I have omitted error checking code for brevity.
>
>     Matt
>
>
>     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >
>     > After the change I got this error : expected initializer before ‘evp_gcm’
>     >
>     > What am I doing wrong?
>     >
>     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     > Hi,
>     >     >
>     >     > I'm using EVP_aes_128_gcm and have problem with compiling it
>     with
>     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     > Although I included <openssl/evp.h> I got this error : error:
>     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >
>     >     > I'm using CentOS 7.3.
>     >     >
>     >     > Which file I need to include in order to compile
>     EVP_aes_128_gcm ?
>     >
>     >     It's still declared in evp.h:
>     >
>     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >
>     >     Perhaps you are not picking up the version of evp.h that you think
>     >     you are?
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 16:10, Lior Koskas wrote:
> I checked the evp.h file in the path /usr/local/include and indeed it's
> not contain any gcm functions.
> I installed openssl via yum install openssl-devel in the past.

So, how did you install OpenSSL this time?

Matt


>
> On 3 May 2017 at 17:32, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 15:19, Lior Koskas wrote:
>     > Thank you for your answer.
>     >
>     > I made all the changes and the code isn't compiling.
>     >
>     > I'm using cmake in order to build the code.
>     >
>     > my CMakeLists.txt contains this line in order to include openssl headers:
>     >
>     > INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)
>
>     Where did you install OpenSSL? By default OpenSSL 1.1.0 will install to
>     /usr/local, and the headers will be in /usr/local/include. The final
>     "openssl" directory name in the path to the individual header files
>     should not be included in the include directory path.
>
>     My guess is that you are picking up the system openssl headers rather
>     than the ones from your 1.1.0 installation.
>
>     Most likely this needs to be:
>
>     INCLUDE_DIRECTORIES(/usr/local/include)
>
>     But it does depend on options that you gave to config when you compiled
>     OpenSSL (also I don't use cmake so I could be wrong).
>
>
>     >
>     > The constructor of my code is :
>     >
>     > HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char
>     > *iv, size_t ivSizeBytes)
>     > {
>     >     // copy the 128-bit key
>     >     memcpy(_key, key, 16);
>     >
>     >     //copy the iv:
>     >     EVP_CIPHER_CTX *_ctx;
>     >     _iv = new unsigned char[ivSizeBytes];
>     >     memcpy(_iv, iv, ivSizeBytes);
>     >
>     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     _ctx = EVP_CIPHER_CTX_new();
>     >
>     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);
>     >
>     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>
>     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus check
>     the return values from these function calls for errors.
>
>     Matt
>
>     >
>     > }
>     >
>     > What I'm missing?
>     >
>     >
>     >
>     >
>     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >  I viewed the file and the definition exists.
>     >     > I also checked that I'm picking the correct version.
>     >     >
>     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     EVP_aes_128_gcm(),
>     >     > NULL, NULL, NULL);
>     >     >
>     >     > I also tried to change the code to this two lines :
>     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >
>     >     You have one too many "EVP"'s in there. It should be:
>     >
>     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >
>     >     Although, that really shouldn't be necessary and your original
>     version
>     >     looks ok. What doesn't look quite right is the "&_ctx" bit. In
>     1.1.0 an
>     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete
>     instances
>     >     of it directly.
>     >
>     >     Where previously you might have had:
>     >
>     >     EVP_CIPHER_CTX _ctx;
>     >
>     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >
>     >     You now need to do:
>     >
>     >     EVP_CIPHER_CTX *_ctx;
>     >
>     >     _ctx = EVP_CIPHER_CTX_new();
>     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >     ...
>     >     EVP_CIPHER_CTX_free(_ctx);
>     >
>     >
>     >     I have omitted error checking code for brevity.
>     >
>     >     Matt
>     >
>     >
>     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >     >
>     >     > After the change I got this error : expected initializer
>     before ‘evp_gcm’
>     >     >
>     >     > What am I doing wrong?
>     >     >
>     >     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     > Hi,
>     >     >     >
>     >     >     > I'm using EVP_aes_128_gcm and have problem with
>     compiling it
>     >     with
>     >     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     >     > Although I included <openssl/evp.h> I got this error :
>     error:
>     >     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >     >
>     >     >     > I'm using CentOS 7.3.
>     >     >     >
>     >     >     > Which file I need to include in order to compile
>     >     EVP_aes_128_gcm ?
>     >     >
>     >     >     It's still declared in evp.h:
>     >     >
>     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >
>     >     >     Perhaps you are not picking up the version of evp.h that
>     you think
>     >     >     you are?
>     >     >
>     >     >     Matt
>     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
In the same way. This is the first time I'm checking the code on my CentOS machine.

On 3 May 2017 at 18:13, Matt Caswell <[hidden email]> wrote:


On 03/05/17 16:10, Lior Koskas wrote:
> I checked the evp.h file in the path /usr/local/include and indeed it's
> not contain any gcm functions.
> I installed openssl via yum install openssl-devel in the past.

So, how did you install OpenSSL this time?

Matt


>
> On 3 May 2017 at 17:32, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 15:19, Lior Koskas wrote:
>     > Thank you for your answer.
>     >
>     > I made all the changes and the code isn't compiling.
>     >
>     > I'm using cmake in order to build the code.
>     >
>     > my CMakeLists.txt contains this line in order to include openssl headers:
>     >
>     > INCLUDE_DIRECTORIES(/usr/include/openssl/ /usr/local/include/openssl/)
>
>     Where did you install OpenSSL? By default OpenSSL 1.1.0 will install to
>     /usr/local, and the headers will be in /usr/local/include. The final
>     "openssl" directory name in the path to the individual header files
>     should not be included in the include directory path.
>
>     My guess is that you are picking up the system openssl headers rather
>     than the ones from your 1.1.0 installation.
>
>     Most likely this needs to be:
>
>     INCLUDE_DIRECTORIES(/usr/local/include)
>
>     But it does depend on options that you gave to config when you compiled
>     OpenSSL (also I don't use cmake so I could be wrong).
>
>
>     >
>     > The constructor of my code is :
>     >
>     > HashEncrypt::HashEncrypt(const unsigned char *key, const unsigned char
>     > *iv, size_t ivSizeBytes)
>     > {
>     >     // copy the 128-bit key
>     >     memcpy(_key, key, 16);
>     >
>     >     //copy the iv:
>     >     EVP_CIPHER_CTX *_ctx;
>     >     _iv = new unsigned char[ivSizeBytes];
>     >     memcpy(_iv, iv, ivSizeBytes);
>     >
>     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     _ctx = EVP_CIPHER_CTX_new();
>     >
>     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, ivSizeBytes, NULL);
>     >
>     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>
>     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end too...plus check
>     the return values from these function calls for errors.
>
>     Matt
>
>     >
>     > }
>     >
>     > What I'm missing?
>     >
>     >
>     >
>     >
>     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >  I viewed the file and the definition exists.
>     >     > I also checked that I'm picking the correct version.
>     >     >
>     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     EVP_aes_128_gcm(),
>     >     > NULL, NULL, NULL);
>     >     >
>     >     > I also tried to change the code to this two lines :
>     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >
>     >     You have one too many "EVP"'s in there. It should be:
>     >
>     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >
>     >     Although, that really shouldn't be necessary and your original
>     version
>     >     looks ok. What doesn't look quite right is the "&_ctx" bit. In
>     1.1.0 an
>     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate concrete
>     instances
>     >     of it directly.
>     >
>     >     Where previously you might have had:
>     >
>     >     EVP_CIPHER_CTX _ctx;
>     >
>     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >
>     >     You now need to do:
>     >
>     >     EVP_CIPHER_CTX *_ctx;
>     >
>     >     _ctx = EVP_CIPHER_CTX_new();
>     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
>     >
>     >     ...
>     >     EVP_CIPHER_CTX_free(_ctx);
>     >
>     >
>     >     I have omitted error checking code for brevity.
>     >
>     >     Matt
>     >
>     >
>     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >     >
>     >     > After the change I got this error : expected initializer
>     before ‘evp_gcm’
>     >     >
>     >     > What am I doing wrong?
>     >     >
>     >     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     > Hi,
>     >     >     >
>     >     >     > I'm using EVP_aes_128_gcm and have problem with
>     compiling it
>     >     with
>     >     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     >     > Although I included <openssl/evp.h> I got this error :
>     error:
>     >     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >     >
>     >     >     > I'm using CentOS 7.3.
>     >     >     >
>     >     >     > Which file I need to include in order to compile
>     >     EVP_aes_128_gcm ?
>     >     >
>     >     >     It's still declared in evp.h:
>     >     >
>     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >
>     >     >     Perhaps you are not picking up the version of evp.h that
>     you think
>     >     >     you are?
>     >     >
>     >     >     Matt
>     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 16:16, Lior Koskas wrote:
> In the same way. This is the first time I'm checking the code on my
> CentOS machine.

So right at the beginning of this thread you said you were using OpenSSL
1.1.0. How do you know you have that version installed?

What does the command "openssl version" report?

Matt

>
> On 3 May 2017 at 18:13, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 16:10, Lior Koskas wrote:
>     > I checked the evp.h file in the path /usr/local/include and indeed it's
>     > not contain any gcm functions.
>     > I installed openssl via yum install openssl-devel in the past.
>
>     So, how did you install OpenSSL this time?
>
>     Matt
>
>
>     >
>     > On 3 May 2017 at 17:32, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 15:19, Lior Koskas wrote:
>     >     > Thank you for your answer.
>     >     >
>     >     > I made all the changes and the code isn't compiling.
>     >     >
>     >     > I'm using cmake in order to build the code.
>     >     >
>     >     > my CMakeLists.txt contains this line in order to include
>     openssl headers:
>     >     >
>     >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
>     /usr/local/include/openssl/)
>     >
>     >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will
>     install to
>     >     /usr/local, and the headers will be in /usr/local/include. The
>     final
>     >     "openssl" directory name in the path to the individual header
>     files
>     >     should not be included in the include directory path.
>     >
>     >     My guess is that you are picking up the system openssl headers
>     rather
>     >     than the ones from your 1.1.0 installation.
>     >
>     >     Most likely this needs to be:
>     >
>     >     INCLUDE_DIRECTORIES(/usr/local/include)
>     >
>     >     But it does depend on options that you gave to config when you
>     compiled
>     >     OpenSSL (also I don't use cmake so I could be wrong).
>     >
>     >
>     >     >
>     >     > The constructor of my code is :
>     >     >
>     >     > HashEncrypt::HashEncrypt(const unsigned char *key, const
>     unsigned char
>     >     > *iv, size_t ivSizeBytes)
>     >     > {
>     >     >     // copy the 128-bit key
>     >     >     memcpy(_key, key, 16);
>     >     >
>     >     >     //copy the iv:
>     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     _iv = new unsigned char[ivSizeBytes];
>     >     >     memcpy(_iv, iv, ivSizeBytes);
>     >     >
>     >     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >
>     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
>     ivSizeBytes, NULL);
>     >     >
>     >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>     >
>     >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
>     too...plus check
>     >     the return values from these function calls for errors.
>     >
>     >     Matt
>     >
>     >     >
>     >     > }
>     >     >
>     >     > What I'm missing?
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >     >  I viewed the file and the definition exists.
>     >     >     > I also checked that I'm picking the correct version.
>     >     >     >
>     >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     >     EVP_aes_128_gcm(),
>     >     >     > NULL, NULL, NULL);
>     >     >     >
>     >     >     > I also tried to change the code to this two lines :
>     >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >     >
>     >     >     You have one too many "EVP"'s in there. It should be:
>     >     >
>     >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >     >
>     >     >     Although, that really shouldn't be necessary and your
>     original
>     >     version
>     >     >     looks ok. What doesn't look quite right is the "&_ctx"
>     bit. In
>     >     1.1.0 an
>     >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate
>     concrete
>     >     instances
>     >     >     of it directly.
>     >     >
>     >     >     Where previously you might have had:
>     >     >
>     >     >     EVP_CIPHER_CTX _ctx;
>     >     >
>     >     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >
>     >     >     You now need to do:
>     >     >
>     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >
>     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >     ...
>     >     >     EVP_CIPHER_CTX_free(_ctx);
>     >     >
>     >     >
>     >     >     I have omitted error checking code for brevity.
>     >     >
>     >     >     Matt
>     >     >
>     >     >
>     >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >     >     >
>     >     >     > After the change I got this error : expected initializer
>     >     before ‘evp_gcm’
>     >     >     >
>     >     >     > What am I doing wrong?
>     >     >     >
>     >     >     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     <mailto:[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>> wrote:
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     >     > Hi,
>     >     >     >     >
>     >     >     >     > I'm using EVP_aes_128_gcm and have problem with
>     >     compiling it
>     >     >     with
>     >     >     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     >     >     > Although I included <openssl/evp.h> I got this
>     error :
>     >     error:
>     >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >     >     >
>     >     >     >     > I'm using CentOS 7.3.
>     >     >     >     >
>     >     >     >     > Which file I need to include in order to compile
>     >     >     EVP_aes_128_gcm ?
>     >     >     >
>     >     >     >     It's still declared in evp.h:
>     >     >     >
>     >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >     >
>     >     >     >     Perhaps you are not picking up the version of
>     evp.h that
>     >     you think
>     >     >     >     you are?
>     >     >     >
>     >     >     >     Matt
>     >     >     >
>     >     >     >     --
>     >     >     >     openssl-users mailing list
>     >     >     >     To unsubscribe:
>     >     >     >  
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >  
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > --
>     >     >     > Lior           Koskas
>     >     >     > Software Engineer
>     >     >     >
>     >     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
This is a little bit weird.
The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
When I'm running the command `yum install -y openssl-devel` it returns `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest version. Nothing to do`

On 3 May 2017 at 18:20, Matt Caswell <[hidden email]> wrote:


On 03/05/17 16:16, Lior Koskas wrote:
> In the same way. This is the first time I'm checking the code on my
> CentOS machine.

So right at the beginning of this thread you said you were using OpenSSL
1.1.0. How do you know you have that version installed?

What does the command "openssl version" report?

Matt

>
> On 3 May 2017 at 18:13, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 16:10, Lior Koskas wrote:
>     > I checked the evp.h file in the path /usr/local/include and indeed it's
>     > not contain any gcm functions.
>     > I installed openssl via yum install openssl-devel in the past.
>
>     So, how did you install OpenSSL this time?
>
>     Matt
>
>
>     >
>     > On 3 May 2017 at 17:32, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 15:19, Lior Koskas wrote:
>     >     > Thank you for your answer.
>     >     >
>     >     > I made all the changes and the code isn't compiling.
>     >     >
>     >     > I'm using cmake in order to build the code.
>     >     >
>     >     > my CMakeLists.txt contains this line in order to include
>     openssl headers:
>     >     >
>     >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
>     /usr/local/include/openssl/)
>     >
>     >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will
>     install to
>     >     /usr/local, and the headers will be in /usr/local/include. The
>     final
>     >     "openssl" directory name in the path to the individual header
>     files
>     >     should not be included in the include directory path.
>     >
>     >     My guess is that you are picking up the system openssl headers
>     rather
>     >     than the ones from your 1.1.0 installation.
>     >
>     >     Most likely this needs to be:
>     >
>     >     INCLUDE_DIRECTORIES(/usr/local/include)
>     >
>     >     But it does depend on options that you gave to config when you
>     compiled
>     >     OpenSSL (also I don't use cmake so I could be wrong).
>     >
>     >
>     >     >
>     >     > The constructor of my code is :
>     >     >
>     >     > HashEncrypt::HashEncrypt(const unsigned char *key, const
>     unsigned char
>     >     > *iv, size_t ivSizeBytes)
>     >     > {
>     >     >     // copy the 128-bit key
>     >     >     memcpy(_key, key, 16);
>     >     >
>     >     >     //copy the iv:
>     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     _iv = new unsigned char[ivSizeBytes];
>     >     >     memcpy(_iv, iv, ivSizeBytes);
>     >     >
>     >     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >
>     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
>     ivSizeBytes, NULL);
>     >     >
>     >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>     >
>     >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
>     too...plus check
>     >     the return values from these function calls for errors.
>     >
>     >     Matt
>     >
>     >     >
>     >     > }
>     >     >
>     >     > What I'm missing?
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >     >  I viewed the file and the definition exists.
>     >     >     > I also checked that I'm picking the correct version.
>     >     >     >
>     >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     >     EVP_aes_128_gcm(),
>     >     >     > NULL, NULL, NULL);
>     >     >     >
>     >     >     > I also tried to change the code to this two lines :
>     >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >     >
>     >     >     You have one too many "EVP"'s in there. It should be:
>     >     >
>     >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >     >
>     >     >     Although, that really shouldn't be necessary and your
>     original
>     >     version
>     >     >     looks ok. What doesn't look quite right is the "&_ctx"
>     bit. In
>     >     1.1.0 an
>     >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate
>     concrete
>     >     instances
>     >     >     of it directly.
>     >     >
>     >     >     Where previously you might have had:
>     >     >
>     >     >     EVP_CIPHER_CTX _ctx;
>     >     >
>     >     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >
>     >     >     You now need to do:
>     >     >
>     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >
>     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, NULL,
>     NULL);
>     >     >
>     >     >     ...
>     >     >     EVP_CIPHER_CTX_free(_ctx);
>     >     >
>     >     >
>     >     >     I have omitted error checking code for brevity.
>     >     >
>     >     >     Matt
>     >     >
>     >     >
>     >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, NULL);
>     >     >     >
>     >     >     > After the change I got this error : expected initializer
>     >     before ‘evp_gcm’
>     >     >     >
>     >     >     > What am I doing wrong?
>     >     >     >
>     >     >     > On 3 May 2017 at 12:07, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     <mailto:[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>> wrote:
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     >     > Hi,
>     >     >     >     >
>     >     >     >     > I'm using EVP_aes_128_gcm and have problem with
>     >     compiling it
>     >     >     with
>     >     >     >     > OpenSSL 1.1.0 (earlier versions are compiling).
>     >     >     >     > Although I included <openssl/evp.h> I got this
>     error :
>     >     error:
>     >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this scope.
>     >     >     >     >
>     >     >     >     > I'm using CentOS 7.3.
>     >     >     >     >
>     >     >     >     > Which file I need to include in order to compile
>     >     >     EVP_aes_128_gcm ?
>     >     >     >
>     >     >     >     It's still declared in evp.h:
>     >     >     >
>     >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >     >
>     >     >     >     Perhaps you are not picking up the version of
>     evp.h that
>     >     you think
>     >     >     >     you are?
>     >     >     >
>     >     >     >     Matt
>     >     >     >
>     >     >     >     --
>     >     >     >     openssl-users mailing list
>     >     >     >     To unsubscribe:
>     >     >     >
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > --
>     >     >     > Lior           Koskas
>     >     >     > Software Engineer
>     >     >     >
>     >     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Matt Caswell-2


On 03/05/17 16:48, Lior Koskas wrote:
> This is a little bit weird.
> The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
> When I'm running the command `yum install -y openssl-devel` it returns
> `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest
> version. Nothing to do`

And neither version is OpenSSL 1.1.0!!

Most likely you are picking up 0.9.8 headers (version 0.9.8 is ancient
and does not support GCM). Version 1.0.1 does support GCM so that would
probably work for you if you can figure out where the headers and
libraries are installed - although it too is very old. Both versions are
out of support from an OpenSSL Project perspective - although your OS
vendor may still be supporting them.

Matt

>
> On 3 May 2017 at 18:20, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 16:16, Lior Koskas wrote:
>     > In the same way. This is the first time I'm checking the code on my
>     > CentOS machine.
>
>     So right at the beginning of this thread you said you were using OpenSSL
>     1.1.0. How do you know you have that version installed?
>
>     What does the command "openssl version" report?
>
>     Matt
>
>     >
>     > On 3 May 2017 at 18:13, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 16:10, Lior Koskas wrote:
>     >     > I checked the evp.h file in the path /usr/local/include and indeed it's
>     >     > not contain any gcm functions.
>     >     > I installed openssl via yum install openssl-devel in the past.
>     >
>     >     So, how did you install OpenSSL this time?
>     >
>     >     Matt
>     >
>     >
>     >     >
>     >     > On 3 May 2017 at 17:32, Matt Caswell <[hidden email] <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 15:19, Lior Koskas wrote:
>     >     >     > Thank you for your answer.
>     >     >     >
>     >     >     > I made all the changes and the code isn't compiling.
>     >     >     >
>     >     >     > I'm using cmake in order to build the code.
>     >     >     >
>     >     >     > my CMakeLists.txt contains this line in order to include
>     >     openssl headers:
>     >     >     >
>     >     >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
>     >     /usr/local/include/openssl/)
>     >     >
>     >     >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will
>     >     install to
>     >     >     /usr/local, and the headers will be in
>     /usr/local/include. The
>     >     final
>     >     >     "openssl" directory name in the path to the individual
>     header
>     >     files
>     >     >     should not be included in the include directory path.
>     >     >
>     >     >     My guess is that you are picking up the system openssl
>     headers
>     >     rather
>     >     >     than the ones from your 1.1.0 installation.
>     >     >
>     >     >     Most likely this needs to be:
>     >     >
>     >     >     INCLUDE_DIRECTORIES(/usr/local/include)
>     >     >
>     >     >     But it does depend on options that you gave to config
>     when you
>     >     compiled
>     >     >     OpenSSL (also I don't use cmake so I could be wrong).
>     >     >
>     >     >
>     >     >     >
>     >     >     > The constructor of my code is :
>     >     >     >
>     >     >     > HashEncrypt::HashEncrypt(const unsigned char *key, const
>     >     unsigned char
>     >     >     > *iv, size_t ivSizeBytes)
>     >     >     > {
>     >     >     >     // copy the 128-bit key
>     >     >     >     memcpy(_key, key, 16);
>     >     >     >
>     >     >     >     //copy the iv:
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >     _iv = new unsigned char[ivSizeBytes];
>     >     >     >     memcpy(_iv, iv, ivSizeBytes);
>     >     >     >
>     >     >     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
>     >     ivSizeBytes, NULL);
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>     >     >
>     >     >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
>     >     too...plus check
>     >     >     the return values from these function calls for errors.
>     >     >
>     >     >     Matt
>     >     >
>     >     >     >
>     >     >     > }
>     >     >     >
>     >     >     > What I'm missing?
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     <mailto:[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>> wrote:
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >     >     >  I viewed the file and the definition exists.
>     >     >     >     > I also checked that I'm picking the correct version.
>     >     >     >     >
>     >     >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     >     >     EVP_aes_128_gcm(),
>     >     >     >     > NULL, NULL, NULL);
>     >     >     >     >
>     >     >     >     > I also tried to change the code to this two lines :
>     >     >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     You have one too many "EVP"'s in there. It should be:
>     >     >     >
>     >     >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     Although, that really shouldn't be necessary and your
>     >     original
>     >     >     version
>     >     >     >     looks ok. What doesn't look quite right is the "&_ctx"
>     >     bit. In
>     >     >     1.1.0 an
>     >     >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate
>     >     concrete
>     >     >     instances
>     >     >     >     of it directly.
>     >     >     >
>     >     >     >     Where previously you might have had:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX _ctx;
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >
>     >     >     >     You now need to do:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     ...
>     >     >     >     EVP_CIPHER_CTX_free(_ctx);
>     >     >     >
>     >     >     >
>     >     >     >     I have omitted error checking code for brevity.
>     >     >     >
>     >     >     >     Matt
>     >     >     >
>     >     >     >
>     >     >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL,
>     NULL);
>     >     >     >     >
>     >     >     >     > After the change I got this error : expected
>     initializer
>     >     >     before ‘evp_gcm’
>     >     >     >     >
>     >     >     >     > What am I doing wrong?
>     >     >     >     >
>     >     >     >     > On 3 May 2017 at 12:07, Matt Caswell
>     <[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>
>     >     >     >     > <mailto:[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>>> wrote:
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     >     >     > Hi,
>     >     >     >     >     >
>     >     >     >     >     > I'm using EVP_aes_128_gcm and have problem
>     with
>     >     >     compiling it
>     >     >     >     with
>     >     >     >     >     > OpenSSL 1.1.0 (earlier versions are
>     compiling).
>     >     >     >     >     > Although I included <openssl/evp.h> I got this
>     >     error :
>     >     >     error:
>     >     >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this
>     scope.
>     >     >     >     >     >
>     >     >     >     >     > I'm using CentOS 7.3.
>     >     >     >     >     >
>     >     >     >     >     > Which file I need to include in order to
>     compile
>     >     >     >     EVP_aes_128_gcm ?
>     >     >     >     >
>     >     >     >     >     It's still declared in evp.h:
>     >     >     >     >
>     >     >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >     >     >
>     >     >     >     >     Perhaps you are not picking up the version of
>     >     evp.h that
>     >     >     you think
>     >     >     >     >     you are?
>     >     >     >     >
>     >     >     >     >     Matt
>     >     >     >     >
>     >     >     >     >     --
>     >     >     >     >     openssl-users mailing list
>     >     >     >     >     To unsubscribe:
>     >     >     >     >
>     >      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >  
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >     >
>     >      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >  
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>>
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     > --
>     >     >     >     > Lior           Koskas
>     >     >     >     > Software Engineer
>     >     >     >     >
>     >     >     >     >
>     >     >     >     --
>     >     >     >     openssl-users mailing list
>     >     >     >     To unsubscribe:
>     >     >     >  
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >  
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > --
>     >     >     > Lior           Koskas
>     >     >     > Software Engineer
>     >     >     >
>     >     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem compiling EVP_aes_128_gcm()

Lior Koskas
Thank you very much for your help!
I will raised this bug to my vendor support.

On 3 May 2017 at 18:56, Matt Caswell <[hidden email]> wrote:


On 03/05/17 16:48, Lior Koskas wrote:
> This is a little bit weird.
> The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.`
> When I'm running the command `yum install -y openssl-devel` it returns
> `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest
> version. Nothing to do`

And neither version is OpenSSL 1.1.0!!

Most likely you are picking up 0.9.8 headers (version 0.9.8 is ancient
and does not support GCM). Version 1.0.1 does support GCM so that would
probably work for you if you can figure out where the headers and
libraries are installed - although it too is very old. Both versions are
out of support from an OpenSSL Project perspective - although your OS
vendor may still be supporting them.

Matt

>
> On 3 May 2017 at 18:20, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 03/05/17 16:16, Lior Koskas wrote:
>     > In the same way. This is the first time I'm checking the code on my
>     > CentOS machine.
>
>     So right at the beginning of this thread you said you were using OpenSSL
>     1.1.0. How do you know you have that version installed?
>
>     What does the command "openssl version" report?
>
>     Matt
>
>     >
>     > On 3 May 2017 at 18:13, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 03/05/17 16:10, Lior Koskas wrote:
>     >     > I checked the evp.h file in the path /usr/local/include and indeed it's
>     >     > not contain any gcm functions.
>     >     > I installed openssl via yum install openssl-devel in the past.
>     >
>     >     So, how did you install OpenSSL this time?
>     >
>     >     Matt
>     >
>     >
>     >     >
>     >     > On 3 May 2017 at 17:32, Matt Caswell <[hidden email] <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >     >
>     >     >
>     >     >
>     >     >     On 03/05/17 15:19, Lior Koskas wrote:
>     >     >     > Thank you for your answer.
>     >     >     >
>     >     >     > I made all the changes and the code isn't compiling.
>     >     >     >
>     >     >     > I'm using cmake in order to build the code.
>     >     >     >
>     >     >     > my CMakeLists.txt contains this line in order to include
>     >     openssl headers:
>     >     >     >
>     >     >     > INCLUDE_DIRECTORIES(/usr/include/openssl/
>     >     /usr/local/include/openssl/)
>     >     >
>     >     >     Where did you install OpenSSL? By default OpenSSL 1.1.0 will
>     >     install to
>     >     >     /usr/local, and the headers will be in
>     /usr/local/include. The
>     >     final
>     >     >     "openssl" directory name in the path to the individual
>     header
>     >     files
>     >     >     should not be included in the include directory path.
>     >     >
>     >     >     My guess is that you are picking up the system openssl
>     headers
>     >     rather
>     >     >     than the ones from your 1.1.0 installation.
>     >     >
>     >     >     Most likely this needs to be:
>     >     >
>     >     >     INCLUDE_DIRECTORIES(/usr/local/include)
>     >     >
>     >     >     But it does depend on options that you gave to config
>     when you
>     >     compiled
>     >     >     OpenSSL (also I don't use cmake so I could be wrong).
>     >     >
>     >     >
>     >     >     >
>     >     >     > The constructor of my code is :
>     >     >     >
>     >     >     > HashEncrypt::HashEncrypt(const unsigned char *key, const
>     >     unsigned char
>     >     >     > *iv, size_t ivSizeBytes)
>     >     >     > {
>     >     >     >     // copy the 128-bit key
>     >     >     >     memcpy(_key, key, 16);
>     >     >     >
>     >     >     >     //copy the iv:
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >     _iv = new unsigned char[ivSizeBytes];
>     >     >     >     memcpy(_iv, iv, ivSizeBytes);
>     >     >     >
>     >     >     >     //EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN,
>     >     ivSizeBytes, NULL);
>     >     >     >
>     >     >     >     EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv);
>     >     >
>     >     >     You need a call to EVP_CIPHER_CTX_free(_ctx) at the end
>     >     too...plus check
>     >     >     the return values from these function calls for errors.
>     >     >
>     >     >     Matt
>     >     >
>     >     >     >
>     >     >     > }
>     >     >     >
>     >     >     > What I'm missing?
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > On 3 May 2017 at 12:57, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     <mailto:[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>> wrote:
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >     On 03/05/17 10:33, Lior Koskas wrote:
>     >     >     >     >  I viewed the file and the definition exists.
>     >     >     >     > I also checked that I'm picking the correct version.
>     >     >     >     >
>     >     >     >     > My problem is this line : EVP_EncryptInit_ex(&_ctx,
>     >     >     EVP_aes_128_gcm(),
>     >     >     >     > NULL, NULL, NULL);
>     >     >     >     >
>     >     >     >     > I also tried to change the code to this two lines :
>     >     >     >     > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     You have one too many "EVP"'s in there. It should be:
>     >     >     >
>     >     >     >     const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm();
>     >     >     >
>     >     >     >     Although, that really shouldn't be necessary and your
>     >     original
>     >     >     version
>     >     >     >     looks ok. What doesn't look quite right is the "&_ctx"
>     >     bit. In
>     >     >     1.1.0 an
>     >     >     >     EVP_CIPHER_CTX is an opaque type. You cannot allocate
>     >     concrete
>     >     >     instances
>     >     >     >     of it directly.
>     >     >     >
>     >     >     >     Where previously you might have had:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX _ctx;
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX_init(&_ctx);
>     >     >     >     EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >
>     >     >     >     You now need to do:
>     >     >     >
>     >     >     >     EVP_CIPHER_CTX *_ctx;
>     >     >     >
>     >     >     >     _ctx = EVP_CIPHER_CTX_new();
>     >     >     >     EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL,
>     NULL,
>     >     NULL);
>     >     >     >
>     >     >     >     ...
>     >     >     >     EVP_CIPHER_CTX_free(_ctx);
>     >     >     >
>     >     >     >
>     >     >     >     I have omitted error checking code for brevity.
>     >     >     >
>     >     >     >     Matt
>     >     >     >
>     >     >     >
>     >     >     >     > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL,
>     NULL);
>     >     >     >     >
>     >     >     >     > After the change I got this error : expected
>     initializer
>     >     >     before ‘evp_gcm’
>     >     >     >     >
>     >     >     >     > What am I doing wrong?
>     >     >     >     >
>     >     >     >     > On 3 May 2017 at 12:07, Matt Caswell
>     <[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>
>     >     >     >     > <mailto:[hidden email]
>     <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>
>     >     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>>>> wrote:
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >     On 03/05/17 09:43, Lior Koskas wrote:
>     >     >     >     >     > Hi,
>     >     >     >     >     >
>     >     >     >     >     > I'm using EVP_aes_128_gcm and have problem
>     with
>     >     >     compiling it
>     >     >     >     with
>     >     >     >     >     > OpenSSL 1.1.0 (earlier versions are
>     compiling).
>     >     >     >     >     > Although I included <openssl/evp.h> I got this
>     >     error :
>     >     >     error:
>     >     >     >     >     > ‘EVP_aes_128_gcm’ was not declared in this
>     scope.
>     >     >     >     >     >
>     >     >     >     >     > I'm using CentOS 7.3.
>     >     >     >     >     >
>     >     >     >     >     > Which file I need to include in order to
>     compile
>     >     >     >     EVP_aes_128_gcm ?
>     >     >     >     >
>     >     >     >     >     It's still declared in evp.h:
>     >     >     >     >
>     >     >     >     >     const EVP_CIPHER *EVP_aes_128_gcm(void);
>     >     >     >     >
>     >     >     >     >     Perhaps you are not picking up the version of
>     >     evp.h that
>     >     >     you think
>     >     >     >     >     you are?
>     >     >     >     >
>     >     >     >     >     Matt
>     >     >     >     >
>     >     >     >     >     --
>     >     >     >     >     openssl-users mailing list
>     >     >     >     >     To unsubscribe:
>     >     >     >     >
>     >      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >     >
>     >      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>>
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     >
>     >     >     >     > --
>     >     >     >     > Lior           Koskas
>     >     >     >     > Software Engineer
>     >     >     >     >
>     >     >     >     >
>     >     >     >     --
>     >     >     >     openssl-users mailing list
>     >     >     >     To unsubscribe:
>     >     >     >
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >     >
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     >
>     >     >     > --
>     >     >     > Lior           Koskas
>     >     >     > Software Engineer
>     >     >     >
>     >     >     >
>     >     >     --
>     >     >     openssl-users mailing list
>     >     >     To unsubscribe:
>     >     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Lior           Koskas
>     >     > Software Engineer
>     >     >
>     >     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     > --
>     > Lior           Koskas
>     > Software Engineer
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
> Lior           Koskas
> Software Engineer
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Lior           Koskas
Software Engineer

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users