PLEASE HELP - How do I include OpenSSL in my code?

Re: PLEASE HELP - How do I include OpenSSL in my code?

cpptutor2000@ya hoo.com said:
[color=blue]
> I get a linker error message as :
> /tmp/cc4tQEqd.o(.tex t+0x1af0): In function `main':
> /home/ecelrc/students/abanerj/cpp/test.c:6: undefined reference to
> `RAND_bytes'[/color]

You forgot to add -lssl to the end of your gcc line.

Strictly speaking, third party libs are off-topic in clc - but hey, I won't
tell if you don't.

Next time, though, try a Linux group, just to play safe. Here, we get all
antsy if it ain't ANSI. :-)

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999

email: rjh at above domain (but drop the www, obviously)

Re: PLEASE HELP - How do I include OpenSSL in my code?

cpptutor2000@ya hoo.com wrote:[color=blue]
> Could some C guru please help me? I have a simple piece of code as:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <openssl/rand.h>[/color]

You're trying to get us into trouble, aren't you. Even if openssl were
on topic here, or if your implementation-specific question were on
topic, the language from the openssl site would scre me off:[color=blue]
> PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
> SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
> TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
> PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY,
> RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS
> OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY
> ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS
> WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY
> VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.[/color]

Re: PLEASE HELP - How do I include OpenSSL in my code?

On 2006-05-12, cpptutor2000@ya hoo.com <cpptutor2000@y ahoo.com> wrote:[color=blue]
> Could some C guru please help me? I have a simple piece of code as:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <openssl/rand.h>
>
> int main(){
> unsigned char temp[4];
>
> RAND_bytes(temp , 4);
> return 0;
> }
>
> If I type: whereis openssl
> I get: openssl: /usr/bin/openssl /usr/include/openssl
> /usr/share/man/man1/openssl.1ssl.gz
>
> I compile this as:
> gcc -g -o test test.c -I/usr/include/openssl -L/usr/bin/openssl
>
> I get a linker error message as :
> /tmp/cc4tQEqd.o(.tex t+0x1af0): In function `main':
> /home/ecelrc/students/abanerj/cpp/test.c:6: undefined reference to
> `RAND_bytes'
>
> Could someone please point out what I am doing wrong? Any help would be
> greatly
> appreciated.[/color]

You need -l.

-L tells gcc where to look for libraries, -l tells it what libraries to
look in for symbols.

-lxxx means "look for a library called libxxx.a in the usual places".
You add places to "the usual places", if necessary, with -L.

The library you want is libssl.a and is quite likely in /usr/lib, where
gcc looks anyway, so -lssl with no -L option will probably do the trick:

$ gcc -g -o test test.c -I/usr/include/openssl -lssl

or also add -L/usr/lib/openssl (or something, depending on where
libssl.a is on your system) if you need it.

(gnu.gcc.help is the right NG for this by the way).

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

On 2006-05-12, Martin Ambuhl <mambuhl@earthl ink.net> wrote:[color=blue]
> cpptutor2000@ya hoo.com wrote:[color=green]
>> Could some C guru please help me? I have a simple piece of code as:
>>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <openssl/rand.h>[/color]
>
> You're trying to get us into trouble, aren't you. Even if openssl were
> on topic here, or if your implementation-specific question were on
> topic, the language from the openssl site would scre me off:[color=green]
>> [snipped][/color][/color]

It wouldn't scare me off, but seeing people posting solid walls of text
in all caps would.

My poor eyes...

Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographicla ws&gt;

Andrew Poelstra wrote:[color=blue]
> On 2006-05-12, Martin Ambuhl <mambuhl@earthl ink.net> wrote:
>[color=green]
>>cpptutor2000@ yahoo.com wrote:
>>[color=darkred]
>>>Could some C guru please help me? I have a simple piece of code as:
>>>
>>>#include <stdio.h>
>>>#include <stdlib.h>
>>>#include <openssl/rand.h>[/color]
>>
>>You're trying to get us into trouble, aren't you. Even if openssl were
>>on topic here, or if your implementation-specific question were on
>>topic, the language from the openssl site would scre me off:
>>[color=darkred]
>>>[snipped][/color][/color]
>
>
> It wouldn't scare me off, but seeing people posting solid walls of text
> in all caps would.[/color]

On the other hand, changing the text from the openssl website to cater to
[color=blue]
> My poor eyes...[/color]

would be dishonest. It is not the posting that is all caps, but the
quoted text.
[color=blue]
> Also, if you understood basic import/export cryptography laws, those
> warnings would be warnings and you'd know how to avoid legal issues.[/color]

If you sufficiently understand these laws well enough to be sure of
avoiding problems (and the courts do not agree on what that
interpretation should be), then you should be getting the big bucks as a
corporate lawyer insted of programming.
[color=blue]
> For example, there are no laws barring export between the US and
> Canada that I know of, but to transfer cryposystems overseas you must
> not use an electronic form.[/color]

Now you expect us to treat messages posted as somehow limited to the US
and Canada, and further to rely on your imperfect knowledge ("that I
know of"). Ephraim, you are a cake not turned.

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

Andrew Poelstra said:

<snip>
[color=blue]
> Also, if you understood basic import/export cryptography laws, those
> warnings would be warnings and you'd know how to avoid legal issues.
> For example, there are no laws barring export between the US and
> Canada that I know of, but to transfer cryposystems overseas you must
> not use an electronic form.[/color]

I've got news for you, folks - we already have strong crypto outside the
USA. We've had unbreakable crypto (albeit impractical for many purposes)
for almost a century, and almost-unbreakable public/private key for - well,
for just a few years longer than you. :-)

And in any case, inventing a reasonably secure cryptosystem is, frankly,
trivial. The tricky bit is not the "technology " if that's the word, but the
usage - a great many ciphers are cracked not because they are inherently
weak but because they are misused.

The genie has been out of the bottle for a very long time.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999

email: rjh at above domain (but drop the www, obviously)

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

In article <slrne6c9l9.5vd .apoelstra@loca lhost.localdoma in>,
Andrew Poelstra <apoelstra@loca lhost.localdoma in> wrote:[color=blue]
>Also, if you understood basic import/export cryptography laws, those
>warnings would be warnings and you'd know how to avoid legal issues.
>For example, there are no laws barring export between the US and
>Canada that I know of, but to transfer cryposystems overseas you must
>not use an electronic form.[/color]

There *are* laws controlling the export of cryptography from the US to
Canada. Those laws happen to say something on the order of, "providing
these conditions are met, no export permit is required" to export to
Canada, and that "providing these conditions are met, there is an
automatic export permit" to a small number of other countries. The
catch is in the "these conditions are met" portion.

For example, if a citizen of one of the six or so designated "hostile
countries" manages to legally reach the USA, then that citizen may
freely use strong cryptography *within the USA*, and that foreign
citizen may buy books, attend lectures, enter a cryptography PhD
program and so on -- as long as that foreign citizen does not -export-
the cryptographic programs.

I, a Canadian citizen, can buy and utilize US-originated strong
encryption programs within Canada (or to the USA or the other select
countries). However, the way the US export laws are written, if the
strong encryption program had been exported from the USA, then I [in
Canada] could not permit that same foreign citizen from using my copy
of the program, not even just to communicate within Canada between they
and I.


Now, it happens that some of our employees are from one of those
designated countries; and I am not permitted to discriminate against
any employee based upon country of origin, so my choice was effectively
to either be careful only to use cryptography that did not originate in
the USA, or else to not make cryptographic services routinely available
to any of our employees.

I did raise this point with our corporate security people at one point;
they believed that there was an exemption covering the situation, but
they did not have any justification available for such an exemption; I
gather that they casually asked someone who works for A Four Letter
Acronym {Three Letter Acronyms are for the USA ;-) } and were casually
told it wasn't a problem. (I preferred a stronger reassurance...)
--
All is vanity. -- Ecclesiastes

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

On 2006-05-13, Martin Ambuhl <mambuhl@earthl ink.net> wrote:[color=blue]
> Andrew Poelstra wrote:[color=green]
>> On 2006-05-12, Martin Ambuhl <mambuhl@earthl ink.net> wrote:
>>[color=darkred]
>>>cpptutor2000 @yahoo.com wrote:
>>>
>>>>Could some C guru please help me? I have a simple piece of code as:
>>>>
>>>>#include <stdio.h>
>>>>#include <stdlib.h>
>>>>#include <openssl/rand.h>
>>>
>>>You're trying to get us into trouble, aren't you. Even if openssl were
>>>on topic here, or if your implementation-specific question were on
>>>topic, the language from the openssl site would scre me off:
>>>
>>>>[snipped][/color]
>>
>>
>> It wouldn't scare me off, but seeing people posting solid walls of text
>> in all caps would.[/color]
>
> On the other hand, changing the text from the openssl website to cater to
>[/color]
He needed neither to change the text or to quote it at all.
[color=blue][color=green]
>> My poor eyes...[/color]
>
> would be dishonest. It is not the posting that is all caps, but the
> quoted text.[/color]
I know; but on the site I can set stylesheets so that the colors aren't
so painful (slrn put the post in red on black).
[color=blue][color=green]
>> Also, if you understood basic import/export cryptography laws, those
>> warnings would be warnings and you'd know how to avoid legal issues.[/color]
>
> If you sufficiently understand these laws well enough to be sure of
> avoiding problems (and the courts do not agree on what that
> interpretation should be), then you should be getting the big bucks as a
> corporate lawyer insted of programming.
>[/color]
See below.
[color=blue][color=green]
>> For example, there are no laws barring export between the US and
>> Canada that I know of, but to transfer cryposystems overseas you must
>> not use an electronic form.[/color]
>
> Now you expect us to treat messages posted as somehow limited to the US
> and Canada, and further to rely on your imperfect knowledge ("that I
> know of"). Ephraim, you are a cake not turned.
>[/color]
"For example" does not mean "As applies to everyone here". US/Canada is
the border that concerns me personally the most, but I'm in no way
speaking for everyone.

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

On 2006-05-13, Richard Heathfield <invalid@invali d.invalid> wrote:[color=blue]
> Andrew Poelstra said:
>
><snip>
>[color=green]
>> Also, if you understood basic import/export cryptography laws, those
>> warnings would be warnings and you'd know how to avoid legal issues.
>> For example, there are no laws barring export between the US and
>> Canada that I know of, but to transfer cryposystems overseas you must
>> not use an electronic form.[/color]
>
> I've got news for you, folks - we already have strong crypto outside the
> USA. We've had unbreakable crypto (albeit impractical for many purposes)
> for almost a century, and almost-unbreakable public/private key for - well,
> for just a few years longer than you. :-)
>[/color]
Yes, I'm well aware of that. :-)
[color=blue]
> And in any case, inventing a reasonably secure cryptosystem is, frankly,
> trivial. The tricky bit is not the "technology " if that's the word, but the
> usage - a great many ciphers are cracked not because they are inherently
> weak but because they are misused.
>[/color]
True; of course, most people who hear that believe that ciphertext[i] =
plaintext[i] ^ 5 is a "reasonably secure cryptosystem". I prefer to say
simply that only cryptographers can make decent ciphers. It saves me
from every having to debug a homebrew one.[color=blue]
>[/color]

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

Andrew Poelstra said:
[color=blue]
> On 2006-05-13, Richard Heathfield <invalid@invali d.invalid> wrote:
>[color=green]
>> And in any case, inventing a reasonably secure cryptosystem is, frankly,
>> trivial. The tricky bit is not the "technology " if that's the word, but
>> the usage - a great many ciphers are cracked not because they are
>> inherently weak but because they are misused.
>>[/color]
> True; of course, most people who hear that believe that ciphertext[i] =
> plaintext[i] ^ 5 is a "reasonably secure cryptosystem".[/color]

And so it is, provided nobody actually tries to crack it (which, again, is
true of most cryptosystems!) .

When people do try to roll their own, it is sometimes embarrassing to see
just how quickly they can be broken. A guy I used to work with came up with
what he thought was an uncrackably complex scheme. He had spent several
days designing it. He gave me no algorithm, just some ciphertext, and it
took me about ten minutes. <sigh>

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999

email: rjh at above domain (but drop the www, obviously)

Re: PLEASE HELP - How do I include OpenSSL in my code?

Martin Ambuhl wrote:[color=blue]
> cpptutor2000@ya hoo.com wrote:[color=green]
>> Could some C guru please help me? I have a simple piece of code as:
>>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <openssl/rand.h>[/color]
>
> You're trying to get us into trouble, aren't you. Even if openssl were
> on topic here, or if your implementation-specific question were on
> topic, the language from the openssl site would scre me off:[color=green]
>> PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
>> SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
>> TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
>> PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY,
>> RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS
>> OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY
>> ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS
>> WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY
>> VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.[/color][/color]

Why is this scary? It's just a typical "you cannot sue us" extension of
the BSD license. In reality there are only a few countries where this
would be a problem. A hint is that OpenSSL development having to do
with encryption is not done in those countries (and therefore, not
subject to export law). They ship from those countries "because they
can" (quote from the OpenSSL website).

Even in the US, as long as you do not export the software you write
based on strong crypto like OpenSSL you should be fine. It is not
illegal to code (yet). Most export laws are triggered once you try to
sell or provide software based on such tech to another country or agent
of another country.

However, the laws regarding such material are byzantine and subject to
broad interpretation. This warning is a just a YMMV.

Re: PLEASE HELP - How do I include OpenSSL in my code?

Clever Monkey wrote:
[color=blue]
> Why is this scary? It's just a typical "you cannot sue us" extension of[/color]
How about this:[color=blue][color=green][color=darkred]
>>> OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS[/color][/color]
> the BSD license.[/color]

The BSD license is irrelevant. We have a government in the US that is
technically challenged (so they don't understand the pointlessness of
these attempts to control information about cryptology) and with a will
to arrest on the slightest provocation.
[color=blue]
> In reality there are only a few countries where this
> would be a problem.[/color]

"A few countries" are a serious problem with an uncontrolled medium like
a newsgroup.
[color=blue]
> Even in the US, as long as you do not export the software you write
> based on strong crypto like OpenSSL you should be fine. It is not
> illegal to code (yet).[/color]

Please don't offer legal advice unless you are willing to be sued should
it go wrong. The original poster asked for technical suggestions. Are
you willing to bet your freedom and property that the government will
not come after people who answer him? Are you willing to bet your
freedom and property that this newsgroup does not reach those "few
countries" in which this could be a problem.

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

"Richard Heathfield" <invalid@invali d.invalid> wrote in message[color=blue][color=green]
>> True; of course, most people who hear that believe that ciphertext[i] =
>> plaintext[i] ^ 5 is a "reasonably secure cryptosystem".[/color]
>
> And so it is, provided nobody actually tries to crack it (which, again, is
> true of most cryptosystems!) .
>
> When people do try to roll their own, it is sometimes embarrassing to see
> just how quickly they can be broken. A guy I used to work with came up
> with
> what he thought was an uncrackably complex scheme. He had spent several
> days designing it. He gave me no algorithm, just some ciphertext, and it
> took me about ten minutes. <sigh>
>[/color]
But if you are scanning every email sent in the country, for the string "Mr
Vladimir orders three quarts of cheese", then those ten minutes are
prohibitive.
--

Re: PLEASE HELP - How do I include OpenSSL in my code? &lt;OT: Cryptographic laws&gt;

On 2006-05-17, Malcolm <regniztar@btin ternet.com> wrote:[color=blue]
> "Richard Heathfield" <invalid@invali d.invalid> wrote in message[color=green][color=darkred]
>>> True; of course, most people who hear that believe that ciphertext[i] =
>>> plaintext[i] ^ 5 is a "reasonably secure cryptosystem".[/color]
>>
>> And so it is, provided nobody actually tries to crack it (which, again, is
>> true of most cryptosystems!) .
>>
>> When people do try to roll their own, it is sometimes embarrassing to see
>> just how quickly they can be broken. A guy I used to work with came up
>> with
>> what he thought was an uncrackably complex scheme. He had spent several
>> days designing it. He gave me no algorithm, just some ciphertext, and it
>> took me about ten minutes. <sigh>
>>[/color]
> But if you are scanning every email sent in the country, for the string "Mr
> Vladimir orders three quarts of cheese", then those ten minutes are
> prohibitive.[/color]
Don't cut attribution lines; it took me five minutes to figure out that I
had made the post Richard replied to.

Once you crack a message, you can figure out the algorithm, and from there it
no longer takes 10 minutes per message.

--

Andrew Poelstra < http://www.wpsoftware.net/blog >