[tor-bugs] #16901 [Tor]: tor 0.2.7 configures OS X system OpenSSL, even though it's too old to work

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 1 13:49:56 UTC 2015 

#16901: tor 0.2.7 configures OS X system OpenSSL, even though it's too old to work
--------------------------+---------------------------------------------
     Reporter:  teor      |      Owner:
         Type:  defect    |     Status:  needs_review
     Priority:  critical  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor       |    Version:  Tor: 0.2.7.2-alpha
   Resolution:            |   Keywords:  TorCoreTeam201509 Post027Freeze
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+---------------------------------------------

Comment (by teor):

 Replying to [comment:2 nickm]:
 > Also, there should have been a failure much earlier, in crypto.c:
 > {{{
 > #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
 > #error "We require OpenSSL >= 1.0.0"
 > #endif
 > }}}
 >
 > Did that not happen?

 When tor is built, it requires libevent:
 {{{
 checking for libevent directory... configure: WARNING: Could not find a
 linkable libevent.  If you have it installed somewhere unusual, you can
 specify an explicit path using --with-libevent-dir
 }}}

 When libevent is installed via MacPorts, it installs openssl (currently
 1.0.2d) as a dependency.

 When openssl 1.0.2d is installed via MacPorts, and I run:
 `CC="gcc -v" ./configure --with-libevent-dir=/opt/local; make`
 I see:
 {{{
   CCLD     src/tools/tor-gencert
 Apple LLVM version 6.1.0 (clang-602.0.53) (based on LLVM 3.6.0svn)
 Target: x86_64-apple-darwin14.5.0
 Thread model: posix
 "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld"
 -demangle -export_dynamic -dynamic -arch x86_64 -dead_strip
 -macosx_version_min 10.10.0 -pie -o src/tools/tor-gencert src/tools/tor-
 gencert.o src/common/libor.a src/common/libor-crypto.a
 src/common/libcurve25519_donna.a src/ext/ed25519/ref10/libed25519_ref10.a
 src/ext/ed25519/donna/libed25519_donna.a -lz -lssl -lcrypto -lSystem
 /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib/darwin/libclang_rt.osx.a
 Undefined symbols for architecture x86_64:
   "_EVP_aes_128_ctr", referenced from:
       _aes_new_cipher in libor-crypto.a(aes.o)
   "_CRYPTO_THREADID_set_numeric", referenced from:
       _tor_set_openssl_thread_id in libor-crypto.a(crypto.o)
   "_CRYPTO_THREADID_set_callback", referenced from:
       _crypto_early_init in libor-crypto.a(crypto.o)
 ld: symbol(s) not found for architecture x86_64
 clang: error: linker command failed with exit code 1 (use -v to see
 invocation)
 make[1]: *** [src/tools/tor-gencert] Error 1
 }}}
 when linking tor-gencert.

 But tor has already linked successfully earlier in the build process, with
 the output:
 {{{
   CCLD     src/or/tor
 Apple LLVM version 6.1.0 (clang-602.0.53) (based on LLVM 3.6.0svn)
 Target: x86_64-apple-darwin14.5.0
 Thread model: posix
 "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld"
 -demangle -export_dynamic -dynamic -arch x86_64 -dead_strip
 -macosx_version_min 10.10.0 -pie -o src/or/tor -L/opt/local/lib
 src/or/tor_main.o src/or/libtor.a src/common/libor.a src/common/libor-
 crypto.a src/common/libcurve25519_donna.a
 src/ext/ed25519/ref10/libed25519_ref10.a
 src/ext/ed25519/donna/libed25519_donna.a src/common/libor-event.a
 src/trunnel/libor-trunnel.a -lz -levent -lssl -lcrypto -lSystem
 /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib/darwin/libclang_rt.osx.a
 }}}

 The difference is that tor's linker command includes `-L/opt/local/lib`
 for `-levent`, which also gets applied to `-lssl -lcrypto`, pulling in
 openssl 1.0.2d. (Also, `-L/opt/local/lib` gets applied to `-lz`, but
 that's unlikely to matter much). tor-gencert doesn't use libevent, so it
 doesn't get `-L/opt/local/lib`.

 It's also worth noting that libevent's `-I/opt/local/include` is being
 applied to all the openssl headers as well, pulling in the openssl 1.0.2d
 headers, which is why the preprocessor warning isn't triggered.

 Now I'll move on to testing your branch.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16901#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list