[tor-bugs] #13817 [Tor]: Untange kludgey library detection, particularly for SSL forks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Nov 23 04:01:01 UTC 2014
#13817: Untange kludgey library detection, particularly for SSL forks
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version: Tor: 0.2.6.1-alpha
Resolution: | Keywords: lorax
Actual Points: | Parent ID: #6311
Points: |
------------------------+--------------------------------
Comment (by teor):
From:
https://lists.torproject.org/pipermail/tor-
relays/2014-November/005812.html
https://lists.torproject.org/pipermail/tor-
relays/2014-November/005822.html
'''Seth:'''
>> I'm trying to build tor-0.2.5.10 from source against LibreSSL 2.1.1 on
a
>> FreeBSD 9.3x jail system.
>>
>> It fails with this message
>>
>> -----------------------------------
>>
>> CC src/tools/tor-gencert.o
>> CCLD src/tools/tor-gencert
>> src/common/libor-crypto.a(aes.o): In function `aes_new_cipher':
>> /usr/local/src/tor-0.2.5.10/src/common/aes.c:100: undefined reference
to
>> `EVP_aes_128_ctr'
>> *** [src/tools/tor-gencert] Error code 1
>>
>> Stop in /usr/local/src/tor-0.2.5.10.
>> *** [all] Error code 1
>>
>> Stop in /usr/local/src/tor-0.2.5.10.
>>
>> --------------------------------------
>>
>> Has anyone has any luck building Tor against LibreSSL?
>>
'''teor:'''
> Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to
> SSL errors. Others have had more luck, but mostly on Linux AFAIK.
>
> Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking
> EVP_aes_128_ctr?
>
> See https://trac.torproject.org/projects/tor/ticket/13817 for a similar
> failure, due to the following issues:
>
> configure --with-openssl-dir= detects the wrong bin/openssl if
> "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl
> executables.
> configure --enable-static-openssl requires
> LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.
>
> If you do run into runtime SSL errors, see this bug:
> https://trac.torproject.org/projects/tor/ticket/13816
'''Seth:'''
Thanks for the information. I was able to get the latest git version of
Tor build against the libressl-2.1.1 pkg in a fresh FreeBSD 9x jail using
the following steps:
pkg install libressl autoconf git gmake gettext
mkdir /usr/local/src;cd /usr/local/src;git clone
https://git.torproject.org/git/tor
cd tor;sh autogen.sh;./configure --with-openssl-dir=/usr/local
--disable-asciidoc
make;make install;tor
Here's the terminal output when launching it:
Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)
running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and
Zlib 1.2.8.
Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.
Expect more bugs than usual.
Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"
not present, using reasonable defaults.
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)
running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and
Zlib 1.2.8.
Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.
Expect more bugs than usual.
Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"
not present, using reasonable defaults.
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.000 [notice] Parsing GEOIP IPv4 file
/usr/local/share/tor/geoip.
Nov 22 17:26:42.000 [notice] Parsing GEOIP IPv6 file
/usr/local/share/tor/geoip6.
Nov 22 17:26:42.000 [warn] You are running Tor as root. You don't need to,
and you probably shouldn't.
Nov 22 17:26:42.000 [notice] We were built to run on a 64-bit CPU, with
OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently
lacks accelerated support for the NIST P-224 and P-256 groups. Building
openssl with such support (using the enable-ec_nistp_64_gcc_128 option
when configuring it) would make ECDH much faster.
Nov 22 17:26:42.000 [notice] Bootstrapped 0%: Starting
Nov 22 17:26:43.000 [notice] Bootstrapped 5%: Connecting to directory
server
Nov 22 17:26:43.000 [notice] Bootstrapped 10%: Finishing handshake with
directory server
Nov 22 17:26:43.000 [notice] We weren't able to find support for all of
the TLS ciphersuites that we wanted to advertise. This won't hurt
security, but it might make your Tor (if run as a client) more easy for
censors to block.
Nov 22 17:26:43.000 [notice] To correct this, use a version of OpenSSL
built with none of its ciphers disabled.
Nov 22 17:26:44.000 [notice] Bootstrapped 15%: Establishing an encrypted
directory connection
Nov 22 17:26:44.000 [notice] Bootstrapped 20%: Asking for networkstatus
consensus
Nov 22 17:26:45.000 [notice] Bootstrapped 25%: Loading networkstatus
consensus
Nov 22 17:26:47.000 [notice] I learned some more directory information,
but not enough to build a circuit: We have no usable consensus.
Nov 22 17:26:48.000 [notice] Bootstrapped 40%: Loading authority key certs
Nov 22 17:26:49.000 [notice] Bootstrapped 45%: Asking for relay
descriptors
Nov 22 17:26:49.000 [notice] I learned some more directory information,
but not enough to build a circuit: We need more microdescriptors: we have
0/6624, and can only build 0% of likely paths. (We have 0% of guards bw,
0% of midpoint bw, and 0% of exit bw.)
Nov 22 17:26:50.000 [notice] Bootstrapped 50%: Loading relay descriptors
Nov 22 17:26:53.000 [notice] Bootstrapped 55%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 60%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 65%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 70%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 75%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] We now have enough directory information to
build circuits.
Nov 22 17:26:55.000 [notice] Bootstrapped 80%: Connecting to the Tor
network
Nov 22 17:26:55.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 22 17:26:56.000 [notice] Tor has successfully opened a circuit. Looks
like client functionality is working.
Nov 22 17:26:56.000 [notice] Bootstrapped 100%: Done
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13817#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list