Thank you very much for your help! I will raised this bug to my vendor support.
On 3 May 2017 at 18:56, Matt Caswell <[email protected]> wrote: > > > On 03/05/17 16:48, Lior Koskas wrote: > > This is a little bit weird. > > The command `openssl version` returns `OpenSSL 0.9.8l 5 Nov 2009.` > > When I'm running the command `yum install -y openssl-devel` it returns > > `openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest > > version. Nothing to do` > > And neither version is OpenSSL 1.1.0!! > > Most likely you are picking up 0.9.8 headers (version 0.9.8 is ancient > and does not support GCM). Version 1.0.1 does support GCM so that would > probably work for you if you can figure out where the headers and > libraries are installed - although it too is very old. Both versions are > out of support from an OpenSSL Project perspective - although your OS > vendor may still be supporting them. > > Matt > > > > > On 3 May 2017 at 18:20, Matt Caswell <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > > > On 03/05/17 16:16, Lior Koskas wrote: > > > In the same way. This is the first time I'm checking the code on my > > > CentOS machine. > > > > So right at the beginning of this thread you said you were using > OpenSSL > > 1.1.0. How do you know you have that version installed? > > > > What does the command "openssl version" report? > > > > Matt > > > > > > > > On 3 May 2017 at 18:13, Matt Caswell <[email protected] <mailto: > [email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > > > > > > > On 03/05/17 16:10, Lior Koskas wrote: > > > > I checked the evp.h file in the path /usr/local/include and > indeed it's > > > > not contain any gcm functions. > > > > I installed openssl via yum install openssl-devel in the > past. > > > > > > So, how did you install OpenSSL this time? > > > > > > Matt > > > > > > > > > > > > > > On 3 May 2017 at 17:32, Matt Caswell <[email protected] > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> wrote: > > > > > > > > > > > > > > > > On 03/05/17 15:19, Lior Koskas wrote: > > > > > Thank you for your answer. > > > > > > > > > > I made all the changes and the code isn't compiling. > > > > > > > > > > I'm using cmake in order to build the code. > > > > > > > > > > my CMakeLists.txt contains this line in order to > include > > > openssl headers: > > > > > > > > > > INCLUDE_DIRECTORIES(/usr/include/openssl/ > > > /usr/local/include/openssl/) > > > > > > > > Where did you install OpenSSL? By default OpenSSL 1.1.0 > will > > > install to > > > > /usr/local, and the headers will be in > > /usr/local/include. The > > > final > > > > "openssl" directory name in the path to the individual > > header > > > files > > > > should not be included in the include directory path. > > > > > > > > My guess is that you are picking up the system openssl > > headers > > > rather > > > > than the ones from your 1.1.0 installation. > > > > > > > > Most likely this needs to be: > > > > > > > > INCLUDE_DIRECTORIES(/usr/local/include) > > > > > > > > But it does depend on options that you gave to config > > when you > > > compiled > > > > OpenSSL (also I don't use cmake so I could be wrong). > > > > > > > > > > > > > > > > > > The constructor of my code is : > > > > > > > > > > HashEncrypt::HashEncrypt(const unsigned char *key, > const > > > unsigned char > > > > > *iv, size_t ivSizeBytes) > > > > > { > > > > > // copy the 128-bit key > > > > > memcpy(_key, key, 16); > > > > > > > > > > //copy the iv: > > > > > EVP_CIPHER_CTX *_ctx; > > > > > _iv = new unsigned char[ivSizeBytes]; > > > > > memcpy(_iv, iv, ivSizeBytes); > > > > > > > > > > //EVP_CIPHER_CTX_init(&_ctx); > > > > > _ctx = EVP_CIPHER_CTX_new(); > > > > > > > > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, > > NULL, > > > NULL); > > > > > > > > > > EVP_CIPHER_CTX_ctrl(_ctx, EVP_CTRL_GCM_SET_IVLEN, > > > ivSizeBytes, NULL); > > > > > > > > > > EVP_EncryptInit_ex(_ctx, NULL, NULL, _key, _iv); > > > > > > > > You need a call to EVP_CIPHER_CTX_free(_ctx) at the end > > > too...plus check > > > > the return values from these function calls for errors. > > > > > > > > Matt > > > > > > > > > > > > > > } > > > > > > > > > > What I'm missing? > > > > > > > > > > > > > > > > > > > > > > > > > On 3 May 2017 at 12:57, Matt Caswell <[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> > > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>> wrote: > > > > > > > > > > > > > > > > > > > > On 03/05/17 10:33, Lior Koskas wrote: > > > > > > I viewed the file and the definition exists. > > > > > > I also checked that I'm picking the correct > version. > > > > > > > > > > > > My problem is this line : > EVP_EncryptInit_ex(&_ctx, > > > > EVP_aes_128_gcm(), > > > > > > NULL, NULL, NULL); > > > > > > > > > > > > I also tried to change the code to this two > lines : > > > > > > EVP_CIPHER *EVP evp_gcm = EVP_aes_128_gcm(); > > > > > > > > > > You have one too many "EVP"'s in there. It should > be: > > > > > > > > > > const EVP_CIPHER *evp_gcm = EVP_aes_128_gcm(); > > > > > > > > > > Although, that really shouldn't be necessary and > your > > > original > > > > version > > > > > looks ok. What doesn't look quite right is the > "&_ctx" > > > bit. In > > > > 1.1.0 an > > > > > EVP_CIPHER_CTX is an opaque type. You cannot > allocate > > > concrete > > > > instances > > > > > of it directly. > > > > > > > > > > Where previously you might have had: > > > > > > > > > > EVP_CIPHER_CTX _ctx; > > > > > > > > > > EVP_CIPHER_CTX_init(&_ctx); > > > > > EVP_EncryptInit_ex(&_ctx, EVP_aes_128_gcm(), NULL, > > NULL, > > > NULL); > > > > > > > > > > > > > > > You now need to do: > > > > > > > > > > EVP_CIPHER_CTX *_ctx; > > > > > > > > > > _ctx = EVP_CIPHER_CTX_new(); > > > > > EVP_EncryptInit_ex(_ctx, EVP_aes_128_gcm(), NULL, > > NULL, > > > NULL); > > > > > > > > > > ... > > > > > EVP_CIPHER_CTX_free(_ctx); > > > > > > > > > > > > > > > I have omitted error checking code for brevity. > > > > > > > > > > Matt > > > > > > > > > > > > > > > > EVP_EncryptInit_ex(&_ctx, evp_gcm, NULL, NULL, > > NULL); > > > > > > > > > > > > After the change I got this error : expected > > initializer > > > > before ‘evp_gcm’ > > > > > > > > > > > > What am I doing wrong? > > > > > > > > > > > > On 3 May 2017 at 12:07, Matt Caswell > > <[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>>> wrote: > > > > > > > > > > > > > > > > > > > > > > > > On 03/05/17 09:43, Lior Koskas wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I'm using EVP_aes_128_gcm and have problem > > with > > > > compiling it > > > > > with > > > > > > > OpenSSL 1.1.0 (earlier versions are > > compiling). > > > > > > > Although I included <openssl/evp.h> I got > this > > > error : > > > > error: > > > > > > > ‘EVP_aes_128_gcm’ was not declared in this > > scope. > > > > > > > > > > > > > > I'm using CentOS 7.3. > > > > > > > > > > > > > > Which file I need to include in order to > > compile > > > > > EVP_aes_128_gcm ? > > > > > > > > > > > > It's still declared in evp.h: > > > > > > > > > > > > const EVP_CIPHER *EVP_aes_128_gcm(void); > > > > > > > > > > > > Perhaps you are not picking up the version of > > > evp.h that > > > > you think > > > > > > you are? > > > > > > > > > > > > Matt > > > > > > > > > > > > -- > > > > > > openssl-users mailing list > > > > > > To unsubscribe: > > > > > > > > > https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>> > > > > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>> > > > > > > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>> > > > > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Lior Koskas > > > > > > Software Engineer > > > > > > > > > > > > > > > > > -- > > > > > openssl-users mailing list > > > > > To unsubscribe: > > > > > > > https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>> > > > > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>>> > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Lior Koskas > > > > > Software Engineer > > > > > > > > > > > > > > -- > > > > openssl-users mailing list > > > > To unsubscribe: > > > > https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>>> > > > > > > > > > > > > > > > > > > > > -- > > > > Lior Koskas > > > > Software Engineer > > > > > > > > > > > -- > > > openssl-users mailing list > > > To unsubscribe: > > > https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > <https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users>> > > > > > > > > > > > > > > > -- > > > Lior Koskas > > > Software Engineer > > > > > > > > -- > > openssl-users mailing list > > To unsubscribe: > > https://mta.openssl.org/mailman/listinfo/openssl-users > > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > > > > > > > > -- > > Lior Koskas > > Software Engineer > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Lior Koskas Software Engineer
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
