Re: Problem in trying EVP Key Derivation example in openssl

[Dr Paul Dale]

And done.
This also pointed out a mistake in the man page code.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 15 Sep 2019, at 9:16 am, Dr Paul Dale  wrote:
> 
> The example is wrong.
> 
> The KDF API changed recently to better match the way the rest of the project 
> is moving.
> I’ll update the example.
> 
> 
> Pauli
> -- 
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
> 
>> On 15 Sep 2019, at 7:28 am, Bhuvan Sharma > > wrote:
>> 
>> Hey all,
>> I'm new to openssl community and I don't know much about it. I tried to use 
>> openssl on my linux machine. I clone openssl git repo and executed these 
>> commands as mentioned in the file "INSTALL": "./config", "make", "make 
>> test", "make install". It went alright. Then I tried an "EVP KEY Derivation" 
>> example from this link: 
>> https://wiki.openssl.org/index.php?title=EVP_Key_Derivation&redirect=no#targetText=HKDF%20was%20designed%20by%20Krawczyk,from%20the%20OpenSSL%20man%20pages
>>  
>> .
>>  But it gives me some error for undeclared function. 
>> ~/openssl$ gcc -std=c99 test.c -o test.exe -l:libcrypto.a -pthread -ldl
>> test.c: In function ‘main’:
>> test.c:12:17: warning: implicit declaration of function 
>> ‘EVP_KDF_CTX_new_id’; did you mean ‘EVP_KDF_CTX_new’? 
>> [-Wimplicit-function-declaration]
>>  if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
>>  ^~
>>  EVP_KDF_CTX_new
>> test.c:12:36: error: ‘EVP_KDF_HKDF’ undeclared (first use in this function); 
>> did you mean ‘EVP_PKEY_HKDF’?
>>  if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
>> ^~~~
>> EVP_PKEY_HKDF
>> test.c:12:36: note: each undeclared identifier is reported only once for 
>> each function it appears in
>> test.c:13:9: warning: implicit declaration of function ‘error’; did you mean 
>> ‘perror’? [-Wimplicit-function-declaration]
>>  error("EVP_KDF_CTX_new_id");
>>  ^
>>  perror
>> test.c:15:9: warning: implicit declaration of function ‘EVP_KDF_ctrl’; did 
>> you mean ‘EVP_KDF_size’? [-Wimplicit-function-declaration]
>>  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
>>  ^~~~
>>  EVP_KDF_size
>> 
>> Is there any problem with the installation or am I missing something else?
>> Your help is much appreciated.
>> 
>> Thanks & Regards,
>> Bhuvan Sharma
> 

Re: Problem in trying EVP Key Derivation example in openssl

[Dr Paul Dale]

The example is wrong.

The KDF API changed recently to better match the way the rest of the project is 
moving.
I’ll update the example.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 15 Sep 2019, at 7:28 am, Bhuvan Sharma  wrote:
> 
> Hey all,
> I'm new to openssl community and I don't know much about it. I tried to use 
> openssl on my linux machine. I clone openssl git repo and executed these 
> commands as mentioned in the file "INSTALL": "./config", "make", "make test", 
> "make install". It went alright. Then I tried an "EVP KEY Derivation" example 
> from this link: 
> https://wiki.openssl.org/index.php?title=EVP_Key_Derivation&redirect=no#targetText=HKDF%20was%20designed%20by%20Krawczyk,from%20the%20OpenSSL%20man%20pages
>  
> .
>  But it gives me some error for undeclared function. 
> ~/openssl$ gcc -std=c99 test.c -o test.exe -l:libcrypto.a -pthread -ldl
> test.c: In function ‘main’:
> test.c:12:17: warning: implicit declaration of function ‘EVP_KDF_CTX_new_id’; 
> did you mean ‘EVP_KDF_CTX_new’? [-Wimplicit-function-declaration]
>  if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
>  ^~
>  EVP_KDF_CTX_new
> test.c:12:36: error: ‘EVP_KDF_HKDF’ undeclared (first use in this function); 
> did you mean ‘EVP_PKEY_HKDF’?
>  if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
> ^~~~
> EVP_PKEY_HKDF
> test.c:12:36: note: each undeclared identifier is reported only once for each 
> function it appears in
> test.c:13:9: warning: implicit declaration of function ‘error’; did you mean 
> ‘perror’? [-Wimplicit-function-declaration]
>  error("EVP_KDF_CTX_new_id");
>  ^
>  perror
> test.c:15:9: warning: implicit declaration of function ‘EVP_KDF_ctrl’; did 
> you mean ‘EVP_KDF_size’? [-Wimplicit-function-declaration]
>  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
>  ^~~~
>  EVP_KDF_size
> 
> Is there any problem with the installation or am I missing something else?
> Your help is much appreciated.
> 
> Thanks & Regards,
> Bhuvan Sharma

Problem in trying EVP Key Derivation example in openssl

[Bhuvan Sharma]

Hey all,
I'm new to openssl community and I don't know much about it. I tried to use
openssl on my linux machine. I clone openssl git repo and executed these
commands as mentioned in the file "INSTALL": "./config", "make", "make
test", "make install". It went alright. Then I tried an "EVP KEY
Derivation" example from this link:
https://wiki.openssl.org/index.php?title=EVP_Key_Derivation&redirect=no#targetText=HKDF%20was%20designed%20by%20Krawczyk,from%20the%20OpenSSL%20man%20pages.
But it gives me some error for undeclared function.
~/openssl$ gcc -std=c99 test.c -o test.exe -l:libcrypto.a -pthread -ldl
test.c: In function ‘main’:
test.c:12:17: warning: implicit declaration of function
‘EVP_KDF_CTX_new_id’; did you mean ‘EVP_KDF_CTX_new’?
[-Wimplicit-function-declaration]
 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
 ^~
 EVP_KDF_CTX_new
test.c:12:36: error: ‘EVP_KDF_HKDF’ undeclared (first use in this
function); did you mean ‘EVP_PKEY_HKDF’?
 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
^~~~
EVP_PKEY_HKDF
test.c:12:36: note: each undeclared identifier is reported only once for
each function it appears in
test.c:13:9: warning: implicit declaration of function ‘error’; did you
mean ‘perror’? [-Wimplicit-function-declaration]
 error("EVP_KDF_CTX_new_id");
 ^
 perror
test.c:15:9: warning: implicit declaration of function ‘EVP_KDF_ctrl’; did
you mean ‘EVP_KDF_size’? [-Wimplicit-function-declaration]
 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
 ^~~~
 EVP_KDF_size

Is there any problem with the installation or am I missing something else?
Your help is much appreciated.

Thanks & Regards,
Bhuvan Sharma

Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support

[Osman Zakir]

Are there additional commands I have to pass to the Configure module if I want 
to build completely static libs?  If so, what are they?

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

[Michael Wojcik]

Again, please don't send questions about OpenSSL directly to me. I am not a 
member of the OpenSSL Project.

> From: Osman Zakir [mailto:osmanzaki...@hotmail.com]
> Sent: Saturday, September 14, 2019 10:54

> I'm not trying to build a DLL, though.  I want to build a static .lib library 
> (are there
> additional commands I need to give to make it build static libs?).

Yes, and they're documented in the Configure options just like everything else.

You need to configure with "no-shared" to disable the building of shared 
libraries. You may want no-dynamic-engine to have engines linked statically 
rather than loaded at runtime, no-zlib-dynamic for the same reason, and no-dso 
to disable loading of objects at runtime (though I'm not sure this has any 
effect on Windows builds). I don't think no-pic has any effect on Windows.

I can't guess what options you actually might want because you STILL haven't 
told us what you're trying to do, and why.

--
Michael Wojcik
Distinguished Engineer, Micro Focus

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

[Michael Wojcik]

> From: Osman Zakir [mailto:osmanzaki...@hotmail.com]
> Sent: Friday, September 13, 2019 18:06

> I won't build with either one enabled if that's better, but I'd still like to 
> know how
> to fix those linker errors.

Someone should probably look into that, but I don't have time to; and if no one 
else from the community picks it up, you'll probably have to wait until someone 
from the OpenSSL team has a chance to get to it.

Does the DLL you built have the missing symbols? (Try "dumpbin /exports 
libssl-1_1-x64.dll | findstr EVP_md2" in the apps directory.) If so, the link 
is picking up the wrong import library. If not, something didn't get rebuilt 
correctly.

> I do also want to ask what AFALG is and if I should enable it or not (and 
> what happens
> if I do).

I answered this in one of my other replies, sent Thursday 12 September. The 
afalg engine is only applicable to Linux.

--
Michael Wojcik
Distinguished Engineer, Micro Focus

Re: 1.1.1d LD_LIBRARY_PATH

[Salz, Rich via openssl-users]

On restart on my host with version 1.1.1d , I have this problem:

I hope you are not replacing your system OpenSSL with one you built.  Don't do 
that.
 

Re: 1.1.1d LD_LIBRARY_PATH

[Kyle Hamilton]

You might be able to set this in the equivalent of /etc/ld.so.conf and
rerun ldconfig(8), but those specific operations rely on the GNU dynamic
linker.  The only clue that suggests it may be GNU's dynamic linker is the
LD_LIBRARY_PATH environment variable name.  If it's not, you'll have to
look up your platform's dynamic linking process and set it yourself.

-Kyle H

On Fri, Sep 13, 2019, 23:12 Mal via openssl-users 
wrote:

> Hi,
>
> On restart on my host with version 1.1.1d , I have this problem:
> >
> HOST:/ # openssl version
> openssl: /usr/lib/arm-linux-gnueabihf/libssl.so.1.1: version
> `OPENSSL_1_1_1' not found (required by openssl)
> openssl: /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.1: version
> `OPENSSL_1_1_1' not found (required by openssl)
>
>
> When i manually add LD_LIBRARY_PATH, we get back in business:
> >
> HOST:/ # export LD_LIBRARY_PATH=/os/openssl-1.1.1d
> HOST:/ # openssl version
> OpenSSL 1.1.1d  10 Sep 2019
>
>
>
> Would someone let me know how to add this path permanently, as currently
> i need to re-add on restart ?
>
> Thanks..
>
>