[tor-dev] Compiling tor against OpenSSL_1_0_2-stable

Christian Kujau lists at nerdbynature.de
Mon Sep 24 08:13:54 UTC 2012


while trying to compile the latest git-checkout against openssl-1.0.2, 
I've come across the following issues:

make[1]: Entering directory `/usr/local/src/tor-git'
  CC     src/common/tortls.o
cc1: warnings being treated as errors
In file included from /opt/openssl/include/openssl/ssl.h:1382,
                 from src/common/tortls.c:36:
/opt/openssl/include/openssl/srtp.h:138: error: redundant redeclaration of 
/opt/openssl/include/openssl/srtp.h:135: note: previous declaration of 
‘SSL_get_selected_srtp_profile’ was here
make[1]: *** [src/common/tortls.o] Error 1
make[1]: Leaving directory `/usr/local/src/tor-git'
make: *** [all] Error 2

There is an open ticket[0] in the openssl bugtracker for this. While the 
proper solution is to fix openssl/include/openssl/srtp.h, I wanted to 
compile without -Werror. However, when adding CFLAGS="-Wno-error" during 
./configure, -Werror is still added to the ./Makefile and overriding 
-Wno-error. When adding CFLAGS="-Wno-error" during "make" all the other 
CFLAGS are gone too. Thus I ended up removing -Werror from the Makefile 
and tortls.o compiled.

While this is really an issue with openssl, I wanted to have this 
documented, just in case anybody else tries the same. If someone knows of 
a better workaround (i.e. compiling just tortls.c with -Wno-error and 
everything else with -Werror), please share! :-)

A bit later, compilation stops again:

  CCLD   src/or/tor
src/common/libor-crypto.a(aes.o): In function `aes_crypt':
aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt'
collect2: ld returned 1 exit status
make[1]: *** [src/or/tor] Error 1
make[1]: Leaving directory `/usr/local/src/tor-git'
make: *** [all] Error 2

Hm, this leaves me puzzled for now. CRYPTO_ctr128_encrypt is still 
included in openssl-1.0.2 and src/common/aes.o seems to be built with
this function included as well, not sure why src/common/libor-crypto.a
complains now:

$ grep -r CRYPTO_ctr128_encrypt /opt/openssl/
/opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
/opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
Binary file /opt/openssl/bin/openssl matches
Binary file /opt/openssl/lib/libcrypto.a matches

$ grep -r CRYPTO_ctr128_encrypt .
./src/common/aes.c:      CRYPTO_ctr128_encrypt((const unsigned char *)input,
Binary file ./src/common/aes.o matches
Binary file ./src/common/libor-crypto.a matches

Why do I (try to) build against openssl-1.0.2? I'm on Debian/stable which 
still ships openssl-0.9.8o and I wanted to get rid of this "use a more recent 
OpenSSL" message during startup :-)

Otherwise, today's git-checkout of tor runs just fine when built against 
openssl-0.9.8 (on powerpc) - yay!


[0] http://rt.openssl.org/Ticket/Display.html?id=2724
BOFH excuse #330:

quantum decoherence

More information about the tor-dev mailing list