[tor-bugs] #14188 [Tor]: OpenSSL 1.1.0-dev change: builds without deprecated functions by default
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 13 02:29:16 UTC 2015
#14188: OpenSSL 1.1.0-dev change: builds without deprecated functions by default
-------------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version: Tor: 0.2.6.2-alpha
Keywords: openssl tor-build | Actual Points:
Parent ID: | Points:
-------------------------------+------------------------------------
Due to the following OpenSSL change:
{{{
*) config has been changed so that by default OPENSSL_NO_DEPRECATED is
used.
Access to deprecated functions can be re-enabled by running config
with
"enable-deprecated". In addition applications wishing to use
deprecated
functions must define OPENSSL_USE_DEPRECATED. Note that this new
behaviour
will, by default, disable some transitive includes that previously
existed
in the header files (e.g. ec.h will no longer, by default, include
bn.h)
[Matt Caswell]
}}}
Building tor git with the latest OpenSSL 1.1.0-dev git causes the
following errors on OS X with clang (edited for brevity):
{{{
CC src/common/tortls.o
src/common/crypto.c:408:3: error: implicit declaration of function
'ERR_remove_state' is invalid in C99
ERR_remove_state(0);
src/common/crypto.c:1783:19: error: implicit declaration of function
'DH_generate_parameters' is invalid in C99
dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL,
NULL);
src/common/crypto.c:1783:19: note: did you mean
'DH_generate_parameters_ex'?
/test/tor/openssl-install-x86_64/include/openssl/dh.h:213:5: note:
'DH_generate_parameters_ex' declared here
int DH_generate_parameters_ex(DH *dh, int prime_len,int generator,
B...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC src/trunnel/pwbox.o
src/common/crypto.c:3131:3: error: implicit declaration of function
'CRYPTO_set_id_callback' is invalid in C99
CRYPTO_set_id_callback(tor_get_thread_id);
4 errors generated.
make[1]: *** [src/common/crypto.o] Error 1
src/common/tortls.c:675:27: error: implicit declaration of function
'BN_bin2bn'
is invalid in C99
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp),
NULL)))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/common/tortls.c:713:5: error: implicit declaration of function
'BN_clear_free' is invalid in C99
BN_clear_free(serial_number);
src/common/tortls.c:1069:16: error: implicit declaration of function
'BN_num_bits' is invalid in C99
if (rsa && BN_num_bits(rsa->n) == 1024)
src/common/tortls.c:1069:31: error: incomplete definition of type
'struct rsa_st'
if (rsa && BN_num_bits(rsa->n) == 1024)
/test/tor/openssl-install-x86_64/include/openssl/ossl_typ.h:147:16: note:
forward declaration of 'struct rsa_st'
typedef struct rsa_st RSA;
src/common/tortls.c:1072:7: error: implicit declaration of function
'RSA_free'
is invalid in C99
RSA_free(rsa);
src/common/tortls.c:1072:7: note: did you mean 'SSL_free'?
/test/tor/openssl-install-x86_64/include/openssl/ssl.h:2201:6: note:
'SSL_free'
declared here
void SSL_free(SSL *ssl);
}}}
Building OpenSSL with `./Configure enable-deprecated` and including
`-DOPENSSL_USE_DEPRECATED` in the CPPFLAGS seems to require a few tries to
actually work. (I don't think it likes parallel builds.)
Building tor with this new version then ...
{{{
Undefined symbols for architecture x86_64:
"_EVP_aes_128_ctr", referenced from:
_aes_new_cipher in libor-crypto.a(aes.o)
}}}
We should probably fix this by 0.2.6-final, otherwise it won't be able to
be built with OpenSSL 1.1.0 dev out of the box.
But how are we going to cope with platforms that build OpenSSL without
deprecated functions?
Conditionalise on `#if OPENSSL_USE_DEPRECATED`s in the code?
Advise them not to?
It seems like this change could cause a huge mess.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14188>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list