Function EVP_aes_256_ctr not found when compiling with OpenSSL on a Mac

Question

I've been trying to compile some files using the "make" command on a directory. However, I keep getting this error:

Sammys-MacBook-Pro:p1 AlphaMale$ make
gcc -L/usr/local/lib/ -o kem-enc ske.o rsa.o kem-enc.o prf.o -lcrypto -lssl -lgmp
Undefined symbols for architecture x86_64:
"_EVP_aes_256_ctr", referenced from:
  _ske_encrypt in ske.o
  _ske_decrypt in ske.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [kem-enc] Error 1

Answer 1

The error message is (in the relevant part):

Undefined symbols for architecture x86_64:
  "_EVP_aes_256_ctr", referenced from:
      _ske_encrypt in ske.o
      _ske_decrypt in ske.o

telling you that the function EVP_aes_256_ctr is not found in the version of OpenSSL that you're using. Did you try a Google search on, say, 'openssl evp_aes_256_ctr'? If so, say so. If not, do so. If you look in the most recent documentation (OpenSSL 1.1.0), you can find a number of EVP_aes_256_xyz functions, but EVP_aes_256_ctr() is not one of them.

So, you have to track down who thought that the function existed and where they found it. The encryption modes (the xyz values) that are listed in the OpenSSL docs include: cbc, ccm, cfb, ecb, gcm, ofb — and not ctr — mildly surprising, but apparently so.

You could check the source to see whether it is available but undocumented. Looking in the source from openssl-1.1.0b.tar.gz, I can find:

./include/openssl/evp.h:780:const EVP_CIPHER *EVP_aes_256_ecb(void);
./include/openssl/evp.h:781:const EVP_CIPHER *EVP_aes_256_cbc(void);
./include/openssl/evp.h:782:const EVP_CIPHER *EVP_aes_256_cfb1(void);
./include/openssl/evp.h:783:const EVP_CIPHER *EVP_aes_256_cfb8(void);
./include/openssl/evp.h:784:const EVP_CIPHER *EVP_aes_256_cfb128(void);
./include/openssl/evp.h:785:# define EVP_aes_256_cfb EVP_aes_256_cfb128
./include/openssl/evp.h:786:const EVP_CIPHER *EVP_aes_256_ofb(void);
./include/openssl/evp.h:787:const EVP_CIPHER *EVP_aes_256_ctr(void);
./include/openssl/evp.h:788:const EVP_CIPHER *EVP_aes_256_ccm(void);
./include/openssl/evp.h:789:const EVP_CIPHER *EVP_aes_256_gcm(void);
./include/openssl/evp.h:790:const EVP_CIPHER *EVP_aes_256_xts(void);
./include/openssl/evp.h:791:const EVP_CIPHER *EVP_aes_256_wrap(void);
./include/openssl/evp.h:792:const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
./include/openssl/evp.h:794:const EVP_CIPHER *EVP_aes_256_ocb(void);
./include/openssl/evp.h:797:const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
./include/openssl/evp.h:799:const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);

Note line 787! So, in some versions of OpenSSL, the function is partially known (I didn't spot the implementation of the function) but it is not formally documented in the OpenSSL documentation on the OpenSSL web site. Having said that, tracking the source of EVP_aes_256_cbc is not trivial, so tracking the source of EVP_aes_256_ctr is equally fiddly. Looking in my own build of OpenSSL 1.0.2h (update needed), I find EVP_aes_256_ctr() and EVP_aes_256_cbc() defined in object file e_aes.o in the library. There are mentions of ctr in the source of crypto/evp/e_aes.c, but working out exactly how EVP_aes_256_ctr gets to be in the object file is … challenging (as in: "I've not worked out how, yet").

Answer 2

For me it was a mismatch between headers from Macports' openssl @1.0.2r_0 (-I /opt/local/include/) and system libs with openssl 0.9.x (-L /usr/lib) leading to:

Undefined symbols for architecture x86_64:
            "_EVP_aes_256_ctr", referenced from:
                _libssh2_crypt_method_aes256_ctr in liblibssh2_sys-8dfe6494e5de1ded.rlib(crypt.o)
            "_EVP_aes_192_ctr", referenced from:
                _libssh2_crypt_method_aes192_ctr in liblibssh2_sys-8dfe6494e5de1ded.rlib(crypt.o)
            "_EVP_aes_128_ctr", referenced from:
                _libssh2_crypt_method_aes128_ctr in liblibssh2_sys-8dfe6494e5de1ded.rlib(crypt.o)
          ld: symbol(s) not found for architecture x86_64