c++ - Compile error when using AES/GCM in Xcode on OS X -
i'm using os x 10.10 xcode 7 beta 2. want use aes/gcm openssl. wanted started example, took 1 openssl wiki. code below.
the code doesn't compile. looks compiler can't find following:
evp_aes_256_gcmevp_ctrl_gcm_set_ivlenevp_ctrl_gcm_get_tag
i take items involving gcm mode missing. should do? there way update library or didn't import?
here code:
#include <openssl/evp.h> #include <openssl/crypto.h> #include <openssl/aes.h> void handleerrors() { } int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *aad, int aad_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) { evp_cipher_ctx *ctx; int len; int ciphertext_len; /* create , initialise context */ if(!(ctx = evp_cipher_ctx_new())) handleerrors(); /* initialise encryption operation. */ if(1 != evp_encryptinit_ex(ctx, evp_aes_256_gcm(), null, null, null)) handleerrors(); /* set iv length if default 12 bytes (96 bits) not appropriate */ if(1 != evp_cipher_ctx_ctrl(ctx, evp_ctrl_gcm_set_ivlen, 16, null)) handleerrors(); /* initialise key , iv */ if(1 != evp_encryptinit_ex(ctx, null, null, key, iv)) handleerrors(); /* provide aad data. can called 0 or more times * required */ if(1 != evp_encryptupdate(ctx, null, &len, aad, aad_len)) handleerrors(); /* provide message encrypted, , obtain encrypted output. * evp_encryptupdate can called multiple times if necessary */ if(1 != evp_encryptupdate(ctx, ciphertext, &len, plaintext, plaintext_len)) handleerrors(); ciphertext_len = len; /* finalise encryption. ciphertext bytes may written @ * stage, not occur in gcm mode */ if(1 != evp_encryptfinal_ex(ctx, ciphertext + len, &len)) handleerrors(); ciphertext_len += len; /* tag */ if(1 != evp_cipher_ctx_ctrl(ctx, evp_ctrl_gcm_get_tag, 16, tag)) handleerrors(); /* clean */ evp_cipher_ctx_free(ctx); return ciphertext_len; } int main() { }
i take items involving gcm mode missing. should do? there way update library or didn't import?
os x provides openssl 0.9.8. anemic, , lacks ec stuff, tls 1.1, tls 1.2, support client certs, etc. in december, 2015, enter end of life.
what should download , install openssl 1.0.2. download openssl sources , tarballs. unpack it, , (most of taken openssl's compilation , installation):
cd openssl-1.0.2 export kernel_bits=64 ./config no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/ make make test sudo make install you have manually add enable-ec_nistp_64_gcc_128 64-bit architectures because configure can't determine on own.
then, perform dclean, , optionally build 32-bit:
export kernel_bits=32 make clean && make dclean ./config no-ssl2 no-ssl3 --openssldir=/usr/local/ssl/macosx-x86/ make make test sudo make install in above, shared omitted. that's because apple linkers use shared object, if try specify static archive. shared libraries in trouble because apple's version of dylib found before version (unless use tricks dyld_library_path or rpaths).
you should consider adding no-comp because know compression leaks information in contexts. crime , breach 2 demonstrations of information leak.
finally, should not build fat library. in fact, build system not allow adding -arch i386 -arch x86_64 (requires manual modifications makefile.org). breaks ar command, iirc. if build fat library, or use lipo create one, opensslconf.h incorrect 1 of platforms.
use these xcode build settings setting x86_64:
- always search user paths:
no - header search path:
/usr/local/ssl/macosx-x64/include - library search path:
/usr/local/ssl/macosx-x64/lib
and use these xcode build settings setting i386:
- always search user paths:
no - header search path:
/usr/local/ssl/macosx-x86/include - library search path:
/usr/local/ssl/macosx-x86/lib
be sure specify libcrypto.a library or linker errors. not easy/intuitive under xcode. that, see how “add existing frameworks” in xcode?
Comments
Post a Comment