On Mon, Feb 01, 2016 at 10:21:49PM +0100, Martin Vegter wrote: > I have a C program, which is using AES routines from the OpenSSL > library. I have the necessary library installed (libssl-dev > 1.0.1e-2+deb7u19): > > $ ls /usr/lib/x86_64-linux-gnu/libcrypto.* > /usr/lib/x86_64-linux-gnu/libcrypto.a > /usr/lib/x86_64-linux-gnu/libcrypto.so > /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 > > I can compile my program statically: > > gcc -s -o aes aes.c /usr/lib/x86_64-linux-gnu/libcrypto.a > > but when i try to compile it dynamically, I get following error: > > $ gcc -s -o aes aes.c -lcrypto > /tmp/ccofFr4N.o: In function `encrypt': > aes.c:(.text+0x9f): undefined reference to `aesni_set_encrypt_key' > aes.c:(.text+0xd9): undefined reference to `aesni_cbc_encrypt' > aes.c:(.text+0x1a0): undefined reference to `aesni_cbc_encrypt' > /tmp/ccofFr4N.o: In function `decrypt': > aes.c:(.text+0x2d4): undefined reference to `aesni_set_decrypt_key' > aes.c:(.text+0x31e): undefined reference to `aesni_cbc_encrypt' > collect2: error: ld returned 1 exit status You're using internal function names that are not exported by the libcrypto shared library on Debian systems. Use the EVP interface. In future versions of OpenSSL constrained visibility of shared library symbols will be extended to more platforms (than just Debian where the export list was created by the Debian package maintainer). The EVP interface is faster on many systems (supports AES-NI on suitably capable Intel CPUs) and also safer (avoids timing side-channels). -- Viktor.
