[openssl-users] error when linking with OpenSSL library dynamically

Matt Caswell matt at openssl.org
Tue Feb 2 09:40:10 UTC 2016

On 02/02/16 09:18, Martin Vegter wrote:
> On 1 February 2016 at 22:45, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>> You're using internal function names that are not exported by the
>> libcrypto shared library on Debian systems.  Use the EVP interface.
>> In future versions of OpenSSL constrained visibility of shared
>> library symbols will be extended to more platforms (than just Debian
>> where the export list was created by the Debian package maintainer).
>> The EVP interface is faster on many systems (supports AES-NI on
>> suitably capable Intel CPUs) and also safer (avoids timing
>> side-channels).
> thanks Viktor,
> but what if (for reasons beyond this discussion) I wish to use the low
> level internal aesni_* functions?
> Would I have to compile libssl-dev myself ?

These symbols are in libcrypto not libssl.

> It looks to me as if Debian was trying to protect me from myself.
> Can't I play with the internal functions ? I don't mind loosing
> compatibility on non-AES-NI processors.

Indeed it is. These symbols do not form part of the public API (they are
not in any of the public header files). Therefore they are liable to
change without notice (even, in theory, between letter releases). In the
forthcoming 1.1.0 we do very much the same thing in the main tree that
Debian does now for 1.0.2, i.e. these symbols are not exported at all in
the .so - you would have to start hacking the OpenSSL source to make
them visible again.

You can of course compile up your own libcrypto and access them directly
- but you're really on your own if you decide to do so.


More information about the openssl-users mailing list