[tor-relays] building Tor against LibreSSL 2.1.1 fails with "undefined reference to `EVP_aes_128_ctr'" error

Seth list at sysfu.com
Sun Nov 23 01:33:59 UTC 2014 

On Sat, 22 Nov 2014 06:40:24 -0800, teor <teor2345 at gmail.com> wrote:

> Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to  
> SSL errors. Others have had more luck, but mostly on Linux AFAIK.
>
> Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking  
> EVP_aes_128_ctr?
>
> See https://trac.torproject.org/projects/tor/ticket/13817 for a similar  
> failure, due to the following issues:
>
> configure --with-openssl-dir= detects the wrong bin/openssl if  
> "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl  
> executables.
> configure --enable-static-openssl requires  
> LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.
>
> If you do run into runtime SSL errors, see this bug:
> https://trac.torproject.org/projects/tor/ticket/13816


Thanks for the information. I was able to get the latest git version of  
Tor build against the libressl-2.1.1 pkg in a fresh FreeBSD 9x jail using  
the following steps:

pkg install libressl autoconf git gmake gettext
mkdir /usr/local/src;cd /usr/local/src;git clone  
https://git.torproject.org/git/tor
cd tor;sh autogen.sh;./configure --with-openssl-dir=/usr/local  
--disable-asciidoc
make;make install;tor

Here's the terminal output when launching it:

Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)  
running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and  
Zlib 1.2.8.
Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn  
how to be safe at https://www.torproject.org/download/download#warning
Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.  
Expect more bugs than usual.
Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"  
not present, using reasonable defaults.
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa)  
running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and  
Zlib 1.2.8.
Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn  
how to be safe at https://www.torproject.org/download/download#warning
Nov 22 17:26:41.971 [notice] This version is not a stable Tor release.  
Expect more bugs than usual.
Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc"  
not present, using reasonable defaults.
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.000 [notice] Parsing GEOIP IPv4 file  
/usr/local/share/tor/geoip.
Nov 22 17:26:42.000 [notice] Parsing GEOIP IPv6 file  
/usr/local/share/tor/geoip6.
Nov 22 17:26:42.000 [warn] You are running Tor as root. You don't need to,  
and you probably shouldn't.
Nov 22 17:26:42.000 [notice] We were built to run on a 64-bit CPU, with  
OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently  
lacks accelerated support for the NIST P-224 and P-256 groups. Building  
openssl with such support (using the enable-ec_nistp_64_gcc_128 option  
when configuring it) would make ECDH much faster.
Nov 22 17:26:42.000 [notice] Bootstrapped 0%: Starting
Nov 22 17:26:43.000 [notice] Bootstrapped 5%: Connecting to directory  
server
Nov 22 17:26:43.000 [notice] Bootstrapped 10%: Finishing handshake with  
directory server
Nov 22 17:26:43.000 [notice] We weren't able to find support for all of  
the TLS ciphersuites that we wanted to advertise. This won't hurt  
security, but it might make your Tor (if run as a client) more easy for  
censors to block.
Nov 22 17:26:43.000 [notice] To correct this, use a version of OpenSSL  
built with none of its ciphers disabled.
Nov 22 17:26:44.000 [notice] Bootstrapped 15%: Establishing an encrypted  
directory connection
Nov 22 17:26:44.000 [notice] Bootstrapped 20%: Asking for networkstatus  
consensus
Nov 22 17:26:45.000 [notice] Bootstrapped 25%: Loading networkstatus  
consensus
Nov 22 17:26:47.000 [notice] I learned some more directory information,  
but not enough to build a circuit: We have no usable consensus.
Nov 22 17:26:48.000 [notice] Bootstrapped 40%: Loading authority key certs
Nov 22 17:26:49.000 [notice] Bootstrapped 45%: Asking for relay descriptors
Nov 22 17:26:49.000 [notice] I learned some more directory information,  
but not enough to build a circuit: We need more microdescriptors: we have  
0/6624, and can only build 0% of likely paths. (We have 0% of guards bw,  
0% of midpoint bw, and 0% of exit bw.)
Nov 22 17:26:50.000 [notice] Bootstrapped 50%: Loading relay descriptors
Nov 22 17:26:53.000 [notice] Bootstrapped 55%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 60%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 65%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 70%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 75%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] We now have enough directory information to  
build circuits.
Nov 22 17:26:55.000 [notice] Bootstrapped 80%: Connecting to the Tor  
network
Nov 22 17:26:55.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 22 17:26:56.000 [notice] Tor has successfully opened a circuit. Looks  
like client functionality is working.
Nov 22 17:26:56.000 [notice] Bootstrapped 100%: Done

More information about the tor-relays mailing list