[tor-bugs] #13817 [Tor]: Untange kludgey library detection, particularly for SSL forks

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Nov 23 04:01:01 UTC 2014 

#13817: Untange kludgey library detection, particularly for SSL forks
------------------------+--------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: unspecified
    Component:  Tor     |    Version:  Tor: 0.2.6.1-alpha
   Resolution:          |   Keywords:  lorax
Actual Points:          |  Parent ID:  #6311
       Points:          |
------------------------+--------------------------------

Comment (by teor):

 From:
 https://lists.torproject.org/pipermail/tor-
 relays/2014-November/005812.html
 https://lists.torproject.org/pipermail/tor-
 relays/2014-November/005822.html

 '''Seth:'''
 >> I'm trying to build tor-0.2.5.10 from source against LibreSSL 2.1.1 on
 a
 >> FreeBSD 9.3x jail system.
 >>
 >> It fails with this message
 >>
 >> -----------------------------------
 >>
 >>    CC       src/tools/tor-gencert.o
 >>    CCLD     src/tools/tor-gencert
 >> src/common/libor-crypto.a(aes.o): In function `aes_new_cipher':
 >> /usr/local/src/tor-0.2.5.10/src/common/aes.c:100: undefined reference
 to
 >> `EVP_aes_128_ctr'
 >> *** [src/tools/tor-gencert] Error code 1
 >>
 >> Stop in /usr/local/src/tor-0.2.5.10.
 >> *** [all] Error code 1
 >>
 >> Stop in /usr/local/src/tor-0.2.5.10.
 >>
 >> --------------------------------------
 >>
 >> Has anyone has any luck building Tor against LibreSSL?
 >>

 '''teor:'''
 > Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to
 > SSL errors. Others have had more luck, but mostly on Linux AFAIK.
 >
 > Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking
 > EVP_aes_128_ctr?
 >
 > See https://trac.torproject.org/projects/tor/ticket/13817 for a similar
 > failure, due to the following issues:
 >
 > configure --with-openssl-dir= detects the wrong bin/openssl if
 > "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl
 > executables.
 > configure --enable-static-openssl requires
 > LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.
 >
 > If you do run into runtime SSL errors, see this bug:
 > https://trac.torproject.org/projects/tor/ticket/13816

 '''Seth:'''
 Thanks for the information. I was able to get the latest git version of
 Tor build against the libressl-2.1.1 pkg in a fresh FreeBSD 9x jail using
 the following steps:

 pkg install libressl autoconf git gmake gettext
 mkdir /usr/local/src;cd /usr/local/src;git clone
 https://git.torproject.org/git/tor
 cd tor;sh autogen.sh;./configure --with-openssl-dir=/usr/local
 --disable-asciidoc
 make;make install;tor

 Here's the terminal output when launching it:

 Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)
 running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and
 Zlib 1.2.8.
 Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"
 not present, using reasonable defaults.
 Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
 Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)
 running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and
 Zlib 1.2.8.
 Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"
 not present, using reasonable defaults.
 Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
 Nov 22 17:26:41.000 [notice] Parsing GEOIP IPv4 file
 /usr/local/share/tor/geoip.
 Nov 22 17:26:42.000 [notice] Parsing GEOIP IPv6 file
 /usr/local/share/tor/geoip6.
 Nov 22 17:26:42.000 [warn] You are running Tor as root. You don't need to,
 and you probably shouldn't.
 Nov 22 17:26:42.000 [notice] We were built to run on a 64-bit CPU, with
 OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently
 lacks accelerated support for the NIST P-224 and P-256 groups. Building
 openssl with such support (using the enable-ec_nistp_64_gcc_128 option
 when configuring it) would make ECDH much faster.
 Nov 22 17:26:42.000 [notice] Bootstrapped 0%: Starting
 Nov 22 17:26:43.000 [notice] Bootstrapped 5%: Connecting to directory
 server
 Nov 22 17:26:43.000 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Nov 22 17:26:43.000 [notice] We weren't able to find support for all of
 the TLS ciphersuites that we wanted to advertise. This won't hurt
 security, but it might make your Tor (if run as a client) more easy for
 censors to block.
 Nov 22 17:26:43.000 [notice] To correct this, use a version of OpenSSL
 built with none of its ciphers disabled.
 Nov 22 17:26:44.000 [notice] Bootstrapped 15%: Establishing an encrypted
 directory connection
 Nov 22 17:26:44.000 [notice] Bootstrapped 20%: Asking for networkstatus
 consensus
 Nov 22 17:26:45.000 [notice] Bootstrapped 25%: Loading networkstatus
 consensus
 Nov 22 17:26:47.000 [notice] I learned some more directory information,
 but not enough to build a circuit: We have no usable consensus.
 Nov 22 17:26:48.000 [notice] Bootstrapped 40%: Loading authority key certs
 Nov 22 17:26:49.000 [notice] Bootstrapped 45%: Asking for relay
 descriptors
 Nov 22 17:26:49.000 [notice] I learned some more directory information,
 but not enough to build a circuit: We need more microdescriptors: we have
 0/6624, and can only build 0% of likely paths. (We have 0% of guards bw,
 0% of midpoint bw, and 0% of exit bw.)
 Nov 22 17:26:50.000 [notice] Bootstrapped 50%: Loading relay descriptors
 Nov 22 17:26:53.000 [notice] Bootstrapped 55%: Loading relay descriptors
 Nov 22 17:26:54.000 [notice] Bootstrapped 60%: Loading relay descriptors
 Nov 22 17:26:54.000 [notice] Bootstrapped 65%: Loading relay descriptors
 Nov 22 17:26:55.000 [notice] Bootstrapped 70%: Loading relay descriptors
 Nov 22 17:26:55.000 [notice] Bootstrapped 75%: Loading relay descriptors
 Nov 22 17:26:55.000 [notice] We now have enough directory information to
 build circuits.
 Nov 22 17:26:55.000 [notice] Bootstrapped 80%: Connecting to the Tor
 network
 Nov 22 17:26:55.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
 Nov 22 17:26:56.000 [notice] Tor has successfully opened a circuit. Looks
 like client functionality is working.
 Nov 22 17:26:56.000 [notice] Bootstrapped 100%: Done

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13817#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list