By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,081 Members | 861 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,081 IT Pros & Developers. It's quick & easy.

PLEASE HELP - How do I include OpenSSL in my code?

P: n/a
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>

int main(){
unsigned char temp[4];

RAND_bytes(temp, 4);
return 0;
}

If I type: whereis openssl
I get: openssl: /usr/bin/openssl /usr/include/openssl
/usr/share/man/man1/openssl.1ssl.gz

I compile this as:
gcc -g -o test test.c -I/usr/include/openssl -L/usr/bin/openssl

I get a linker error message as :
/tmp/cc4tQEqd.o(.text+0x1af0): In function `main':
/home/ecelrc/students/abanerj/cpp/test.c:6: undefined reference to
`RAND_bytes'

Could someone please point out what I am doing wrong? Any help would be
greatly
appreciated.

May 12 '06 #1
Share this Question
Share on Google+
17 Replies


P: n/a
cp**********@yahoo.com said:
I get a linker error message as :
/tmp/cc4tQEqd.o(.text+0x1af0): In function `main':
/home/ecelrc/students/abanerj/cpp/test.c:6: undefined reference to
`RAND_bytes'


You forgot to add -lssl to the end of your gcc line.

Strictly speaking, third party libs are off-topic in clc - but hey, I won't
tell if you don't.

Next time, though, try a Linux group, just to play safe. Here, we get all
antsy if it ain't ANSI. :-)

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
May 12 '06 #2

P: n/a
cp**********@yahoo.com wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>
You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off: PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY,
RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS
OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY
ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS
WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY
VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

May 12 '06 #3

P: n/a
On 2006-05-12, cp**********@yahoo.com <cp**********@yahoo.com> wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>

int main(){
unsigned char temp[4];

RAND_bytes(temp, 4);
return 0;
}

If I type: whereis openssl
I get: openssl: /usr/bin/openssl /usr/include/openssl
/usr/share/man/man1/openssl.1ssl.gz

I compile this as:
gcc -g -o test test.c -I/usr/include/openssl -L/usr/bin/openssl

I get a linker error message as :
/tmp/cc4tQEqd.o(.text+0x1af0): In function `main':
/home/ecelrc/students/abanerj/cpp/test.c:6: undefined reference to
`RAND_bytes'

Could someone please point out what I am doing wrong? Any help would be
greatly
appreciated.


You need -l.

-L tells gcc where to look for libraries, -l tells it what libraries to
look in for symbols.

-lxxx means "look for a library called libxxx.a in the usual places".
You add places to "the usual places", if necessary, with -L.

The library you want is libssl.a and is quite likely in /usr/lib, where
gcc looks anyway, so -lssl with no -L option will probably do the trick:

$ gcc -g -o test test.c -I/usr/include/openssl -lssl

or also add -L/usr/lib/openssl (or something, depending on where
libssl.a is on your system) if you need it.

(gnu.gcc.help is the right NG for this by the way).
May 12 '06 #4

P: n/a
On 2006-05-12, Martin Ambuhl <ma*****@earthlink.net> wrote:
cp**********@yahoo.com wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>


You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off:
[snipped]


It wouldn't scare me off, but seeing people posting solid walls of text
in all caps would.

My poor eyes...

Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.
May 13 '06 #5

P: n/a
Andrew Poelstra wrote:
On 2006-05-12, Martin Ambuhl <ma*****@earthlink.net> wrote:
cp**********@yahoo.com wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>
You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off:
[snipped]

It wouldn't scare me off, but seeing people posting solid walls of text
in all caps would.


On the other hand, changing the text from the openssl website to cater to
My poor eyes...
would be dishonest. It is not the posting that is all caps, but the
quoted text.
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
If you sufficiently understand these laws well enough to be sure of
avoiding problems (and the courts do not agree on what that
interpretation should be), then you should be getting the big bucks as a
corporate lawyer insted of programming.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.


Now you expect us to treat messages posted as somehow limited to the US
and Canada, and further to rely on your imperfect knowledge ("that I
know of"). Ephraim, you are a cake not turned.

May 13 '06 #6

P: n/a
Andrew Poelstra said:

<snip>
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.


I've got news for you, folks - we already have strong crypto outside the
USA. We've had unbreakable crypto (albeit impractical for many purposes)
for almost a century, and almost-unbreakable public/private key for - well,
for just a few years longer than you. :-)

And in any case, inventing a reasonably secure cryptosystem is, frankly,
trivial. The tricky bit is not the "technology" if that's the word, but the
usage - a great many ciphers are cracked not because they are inherently
weak but because they are misused.

The genie has been out of the bottle for a very long time.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
May 13 '06 #7

P: n/a
In article <sl**********************@localhost.localdomain> ,
Andrew Poelstra <ap*******@localhost.localdomain> wrote:
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.


There *are* laws controlling the export of cryptography from the US to
Canada. Those laws happen to say something on the order of, "providing
these conditions are met, no export permit is required" to export to
Canada, and that "providing these conditions are met, there is an
automatic export permit" to a small number of other countries. The
catch is in the "these conditions are met" portion.

For example, if a citizen of one of the six or so designated "hostile
countries" manages to legally reach the USA, then that citizen may
freely use strong cryptography *within the USA*, and that foreign
citizen may buy books, attend lectures, enter a cryptography PhD
program and so on -- as long as that foreign citizen does not -export-
the cryptographic programs.

I, a Canadian citizen, can buy and utilize US-originated strong
encryption programs within Canada (or to the USA or the other select
countries). However, the way the US export laws are written, if the
strong encryption program had been exported from the USA, then I [in
Canada] could not permit that same foreign citizen from using my copy
of the program, not even just to communicate within Canada between they
and I.
Now, it happens that some of our employees are from one of those
designated countries; and I am not permitted to discriminate against
any employee based upon country of origin, so my choice was effectively
to either be careful only to use cryptography that did not originate in
the USA, or else to not make cryptographic services routinely available
to any of our employees.

I did raise this point with our corporate security people at one point;
they believed that there was an exemption covering the situation, but
they did not have any justification available for such an exemption; I
gather that they casually asked someone who works for A Four Letter
Acronym {Three Letter Acronyms are for the USA ;-) } and were casually
told it wasn't a problem. (I preferred a stronger reassurance...)
--
All is vanity. -- Ecclesiastes
May 14 '06 #8

P: n/a
On 2006-05-13, Martin Ambuhl <ma*****@earthlink.net> wrote:
Andrew Poelstra wrote:
On 2006-05-12, Martin Ambuhl <ma*****@earthlink.net> wrote:
cp**********@yahoo.com wrote:

Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>

You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off:

[snipped]

It wouldn't scare me off, but seeing people posting solid walls of text
in all caps would.


On the other hand, changing the text from the openssl website to cater to

He needed neither to change the text or to quote it at all.
My poor eyes...


would be dishonest. It is not the posting that is all caps, but the
quoted text.

I know; but on the site I can set stylesheets so that the colors aren't
so painful (slrn put the post in red on black).
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.


If you sufficiently understand these laws well enough to be sure of
avoiding problems (and the courts do not agree on what that
interpretation should be), then you should be getting the big bucks as a
corporate lawyer insted of programming.

See below.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.


Now you expect us to treat messages posted as somehow limited to the US
and Canada, and further to rely on your imperfect knowledge ("that I
know of"). Ephraim, you are a cake not turned.

"For example" does not mean "As applies to everyone here". US/Canada is
the border that concerns me personally the most, but I'm in no way
speaking for everyone.
May 14 '06 #9

P: n/a
On 2006-05-13, Richard Heathfield <in*****@invalid.invalid> wrote:
Andrew Poelstra said:

<snip>
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.
I've got news for you, folks - we already have strong crypto outside the
USA. We've had unbreakable crypto (albeit impractical for many purposes)
for almost a century, and almost-unbreakable public/private key for - well,
for just a few years longer than you. :-)

Yes, I'm well aware of that. :-)
And in any case, inventing a reasonably secure cryptosystem is, frankly,
trivial. The tricky bit is not the "technology" if that's the word, but the
usage - a great many ciphers are cracked not because they are inherently
weak but because they are misused.
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem". I prefer to say
simply that only cryptographers can make decent ciphers. It saves me
from every having to debug a homebrew one.

May 14 '06 #10

P: n/a
Andrew Poelstra said:
On 2006-05-13, Richard Heathfield <in*****@invalid.invalid> wrote:
And in any case, inventing a reasonably secure cryptosystem is, frankly,
trivial. The tricky bit is not the "technology" if that's the word, but
the usage - a great many ciphers are cracked not because they are
inherently weak but because they are misused.

True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem".


And so it is, provided nobody actually tries to crack it (which, again, is
true of most cryptosystems!).

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
May 14 '06 #11

P: n/a
Martin Ambuhl wrote:
cp**********@yahoo.com wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>


You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off:
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY,
RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS
OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY
ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS
WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY
VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.


Why is this scary? It's just a typical "you cannot sue us" extension of
the BSD license. In reality there are only a few countries where this
would be a problem. A hint is that OpenSSL development having to do
with encryption is not done in those countries (and therefore, not
subject to export law). They ship from those countries "because they
can" (quote from the OpenSSL website).

Even in the US, as long as you do not export the software you write
based on strong crypto like OpenSSL you should be fine. It is not
illegal to code (yet). Most export laws are triggered once you try to
sell or provide software based on such tech to another country or agent
of another country.

However, the laws regarding such material are byzantine and subject to
broad interpretation. This warning is a just a YMMV.
May 15 '06 #12

P: n/a
Clever Monkey wrote:
Why is this scary? It's just a typical "you cannot sue us" extension of How about this:
OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS

the BSD license.


The BSD license is irrelevant. We have a government in the US that is
technically challenged (so they don't understand the pointlessness of
these attempts to control information about cryptology) and with a will
to arrest on the slightest provocation.
In reality there are only a few countries where this
would be a problem.
"A few countries" are a serious problem with an uncontrolled medium like
a newsgroup.
Even in the US, as long as you do not export the software you write
based on strong crypto like OpenSSL you should be fine. It is not
illegal to code (yet).


Please don't offer legal advice unless you are willing to be sued should
it go wrong. The original poster asked for technical suggestions. Are
you willing to bet your freedom and property that the government will
not come after people who answer him? Are you willing to bet your
freedom and property that this newsgroup does not reach those "few
countries" in which this could be a problem.
May 15 '06 #13

P: n/a
"Richard Heathfield" <in*****@invalid.invalid> wrote in message
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem".


And so it is, provided nobody actually tries to crack it (which, again, is
true of most cryptosystems!).

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up
with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

But if you are scanning every email sent in the country, for the string "Mr
Vladimir orders three quarts of cheese", then those ten minutes are
prohibitive.
--
www.personal.leeds.ac.uk/~bgy1mm


May 17 '06 #14

P: n/a
On 2006-05-17, Malcolm <re*******@btinternet.com> wrote:
"Richard Heathfield" <in*****@invalid.invalid> wrote in message
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem".


And so it is, provided nobody actually tries to crack it (which, again, is
true of most cryptosystems!).

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up
with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

But if you are scanning every email sent in the country, for the string "Mr
Vladimir orders three quarts of cheese", then those ten minutes are
prohibitive.

Don't cut attribution lines; it took me five minutes to figure out that I
had made the post Richard replied to.

Once you crack a message, you can figure out the algorithm, and from there it
no longer takes 10 minutes per message.

--

Andrew Poelstra < http://www.wpsoftware.net/blog >
May 18 '06 #15

P: n/a
Malcolm said:
"Richard Heathfield" <in*****@invalid.invalid> wrote in message
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem".


And so it is, provided nobody actually tries to crack it (which, again,
is true of most cryptosystems!).

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up
with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

But if you are scanning every email sent in the country, for the string
"Mr Vladimir orders three quarts of cheese", then those ten minutes are
prohibitive.


Yes, but this was (almost) twenty years ago, by hand. With a computer, it
would have taken approximately three xesoseconds[1] to crack the code -
which, despite all its superficial complexity, was a mono.

Two common mistakes made by bozocryptographers are:

(1) they think that, to get the plaintext, the cryppies are required to
reverse-engineer the actual (secret) cryptosystem devised by the
cryptographer;
(2) they don't realise that two (or even a great many more than two)
substitution schemes are basically the same as one substitution scheme and
can be solved as if they were one.

Well, it was almost twenty years ago, so I think I've known enough Andrews
that I can call the guy Andrew (his real name) without fear of embarrassing
him. What Andrew had done was to set up a monoalphabetic substitution
cipher (A = R, B = K, C = Z, whatever). He had then replaced each letter by
an entire word beginning with that letter. He then replaced the word by a
picture representing the word. And he then replaced the picture by a
four-digit number. He thought there was no way I'd be able to even guess
that pictures were involved (which was true!), and that therefore I would
be unable to decipher the message (which was not!).

[1] abbrev for "oneofthosenewfangledprefixesoseconds"

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
May 18 '06 #16

P: n/a
On 2006-05-18, Andrew Poelstra <ap*******@localhost.localdomain> wrote:
On 2006-05-17, Malcolm <re*******@btinternet.com> wrote:
"Richard Heathfield" <in*****@invalid.invalid> wrote in message
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem".

And so it is, provided nobody actually tries to crack it (which, again, is
true of most cryptosystems!).

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up
with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

But if you are scanning every email sent in the country, for the string "Mr
Vladimir orders three quarts of cheese", then those ten minutes are
prohibitive.

Don't cut attribution lines; it took me five minutes to figure out that I
had made the post Richard replied to.

Once you crack a message, you can figure out the algorithm, and from there it
no longer takes 10 minutes per message.


Assuming the secret is also the same for all the other messages - an
algorithm on its own buys you very little.
May 18 '06 #17

P: n/a
Richard Heathfield wrote:
When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>


But you are a genius. See:
http://groups.google.com/group/comp....05e5d339edec01

May 19 '06 #18

This discussion thread is closed

Replies have been disabled for this discussion.