Opened 5 years ago

Closed 4 years ago

Last modified 3 years ago

#13415 closed defect (worksforme)

tor fails LibreSSL compiliation and chutney basic

Reported by: teor Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords: tor-router, lorax, 027-triaged-1-out
Cc: nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm having trouble getting LibreSSL to work with tor git on OS X 10.9.

Configuring

Here are the issues I've found and fixed in the configure invocation:

  • configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables.
  • configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.

I'm pretty sure these issues will affect all (non-system/non-standard) SSLs.

Can we make configuring with non-system SSLs easier by prepending "$OPENSSL_DIR/bin" and "$OPENSSL_DIR/lib" to the PATH and LDFLAGS respectively?

Happy to do the fix, but it may take me some time as I'm not familiar with autoconf scripts.

Testing with Chutney

Once I get tor/LibreSSL to compile, the unit tests pass flawlessly.

But I see the following log entries in chutney clients, which I really don't have any idea how to fix (I'm going to try boringssl next):

[notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
[notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled.

[info] TLS error while handshaking with "127.0.0.1": wrong cipher returned (in SSL routines:SSL3_GET_SERVER_HELLO:SSLv3 read server hello B)
[info] int connection_tls_continue_handshake(or_connection_t *)(): tls error [misc error]. breaking connection.
[info] void circuit_n_chan_done(channel_t *, int)(): Channel failed; closing circ.
[info] void circuit_build_failed(origin_circuit_t *)(): Our circuit died before the first hop with no connection
[info] void connection_ap_fail_onehop(const char *, cpath_build_state_t *)(): Closing one-hop stream to '$<KEY>/127.0.0.1' because the OR conn just failed.
[info] void connection_or_note_state_when_broken(or_connection_t *)(): Connection died in state 'handshaking (TLS) with SSL state SSLv3 read server hello B in HANDSHAKE'
[info] void control_event_bootstrap_problem(const char *, int, or_connection_t *)(): Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 8; recommendation ignore)
[info] 8 connections have failed:
[info] 8 connections died in state handshaking (TLS) with SSL state SSLv3 read server hello B in HANDSHAKE

chutney routers are similar, with these extra lines on init:

[info] int crypto_global_init(int, const char *, const char *)(): NOT using OpenSSL engine support.
[info] int evaluate_evp_for_aes(int)(): This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
[info] void tor_tls_init()(): OpenSSL LibreSSL 2.0 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation

chutney authorities also include these extras:

[info] or_connection_t *connection_or_connect(const tor_addr_t *, uint16_t, const char *, channel_tls_t *)(): Client asked me to connect to myself. Refusing.
[info] void log_unsupported_ciphers(smartlist_t *)(): The unsupported ciphers were: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:AES128-SHA:CAMELLIA128-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA:RC4-SHA
[info] TLS error while handshaking with "127.0.0.1": sslv3 alert illegal parameter (in SSL routines:SSL3_READ_BYTES:SSLv3 read client certificate A)

Child Tickets

TicketStatusOwnerSummaryComponent
#13816closedtor SSL errors with LibreSSL on OS X 10.9Core Tor/Tor

Change History (14)

comment:1 Changed 5 years ago by teor

BoringSSL is even worse - it doesn't even have an openssl executable, only builds static libraries, and is a pain to configure correctly under our current config scripts.

I can't seem to stop it finding the system-supplied SSL, even when I provide it the BoringSSL directories.

comment:2 Changed 5 years ago by teor

I get the following warnings when I manually install BoringSSL into include/lib/bin dirs, and fake the openssl executable using the bssl executable:
(I've cleaned up some warnings that were irrelevant or trivial.)

CC src/common/crypto.o

src/common/crypto.c:170:12: warning: implicit declaration of function

'ENGINE_get_name' is invalid in C99 [-Wimplicit-function-declaration]

name = ENGINE_get_name(e);


src/common/crypto.c:171:10: warning: implicit declaration of function

'ENGINE_get_id' is invalid in C99 [-Wimplicit-function-declaration]

id = ENGINE_get_id(e);


src/common/crypto.c:186:15: warning: implicit declaration of function

'ENGINE_by_id' is invalid in C99 [-Wimplicit-function-declaration]

ENGINE *e = ENGINE_by_id("dynamic");


src/common/crypto.c:188:10: warning: implicit declaration of function

'ENGINE_ctrl_cmd_string' is invalid in C99
[-Wimplicit-function-declaration]

if (!ENGINE_ctrl_cmd_string(e, "ID", engine, 0)


src/common/crypto.c:227:31: warning: implicit declaration of function

'SSLeay_version' is invalid in C99 [-Wimplicit-function-declaration]

const char *raw_version = SSLeay_version(SSLEAY_VERSION);


src/common/crypto.c:227:46: error: use of undeclared identifier 'SSLEAY_VERSION'

const char *raw_version = SSLeay_version(SSLEAY_VERSION);


src/common/crypto.c:241:51: error: use of undeclared identifier

'OPENSSL_VERSION_TEXT'

parse_openssl_version_str(OPENSSL_VERSION_TEXT);


src/common/crypto.c:251:7: warning: implicit declaration of function

'RAND_get_rand_method' is invalid in C99 [-Wimplicit-function-declaration]

if (RAND_get_rand_method() != RAND_SSLeay()) {


src/common/crypto.c:251:33: warning: implicit declaration of function

'RAND_SSLeay' is invalid in C99 [-Wimplicit-function-declaration]

if (RAND_get_rand_method() != RAND_SSLeay()) {


src/common/crypto.c:255:5: warning: implicit declaration of function

'RAND_set_rand_method' is invalid in C99 [-Wimplicit-function-declaration]

RAND_set_rand_method(RAND_SSLeay());

src/common/crypto.c:291:9: warning: implicit declaration of function 'SSLeay' is

invalid in C99 [-Wimplicit-function-declaration]

if (SSLeay() == OPENSSL_VERSION_NUMBER &&


src/common/crypto.c:292:32: error: use of undeclared identifier 'SSLEAY_VERSION'

!strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {


src/common/crypto.c:292:49: error: use of undeclared identifier

'OPENSSL_VERSION_TEXT'

!strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {


CC src/common/crypto_s2k.o

src/common/crypto.c:294:57: error: use of undeclared identifier 'SSLEAY_VERSION'

"(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));


./src/common/../common/torlog.h:190:50: note: expanded from macro 'log_info'

log_fn_(LOG_INFO, domain, PRETTY_FUNCTION, args)


src/common/crypto.c:299:55: error: use of undeclared identifier

'OPENSSL_VERSION_TEXT'

(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,


./src/common/../common/torlog.h:194:50: note: expanded from macro 'log_warn'

log_fn_(LOG_WARN, domain, PRETTY_FUNCTION, args)


src/common/crypto.c:300:41: error: use of undeclared identifier 'SSLEAY_VERSION'

SSLeay(), SSLeay_version(SSLEAY_VERSION));


./src/common/../common/torlog.h:194:50: note: expanded from macro 'log_warn'

log_fn_(LOG_WARN, domain, PRETTY_FUNCTION, args)


src/common/crypto.c:339:7: warning: implicit declaration of function

'ENGINE_load_builtin_engines' is invalid in C99
[-Wimplicit-function-declaration]
ENGINE_load_builtin_engines();

src/common/crypto.c:340:7: warning: implicit declaration of function

'ENGINE_register_all_complete' is invalid in C99
[-Wimplicit-function-declaration]
ENGINE_register_all_complete();

src/common/crypto.c:350:13: warning: incompatible integer to pointer conversion

assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int'
[-Wint-conversion]

e = ENGINE_by_id(accelName);

~

src/common/crypto.c:363:9: warning: implicit declaration of function

'ENGINE_set_default' is invalid in C99 [-Wimplicit-function-declaration]

ENGINE_set_default(e, ENGINE_METHOD_ALL);

src/common/crypto.c:363:31: error: use of undeclared identifier

'ENGINE_METHOD_ALL'

ENGINE_set_default(e, ENGINE_METHOD_ALL);


src/common/crypto.c:367:25: warning: implicit declaration of function

'ENGINE_get_default_RSA' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("RSA", ENGINE_get_default_RSA());


src/common/crypto.c:368:24: warning: implicit declaration of function

'ENGINE_get_default_DH' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("DH", ENGINE_get_default_DH());


src/common/crypto.c:369:26: warning: implicit declaration of function

'ENGINE_get_default_ECDH' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("ECDH", ENGINE_get_default_ECDH());


src/common/crypto.c:370:27: warning: implicit declaration of function

'ENGINE_get_default_ECDSA' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("ECDSA", ENGINE_get_default_ECDSA());


src/common/crypto.c:371:26: warning: implicit declaration of function

'ENGINE_get_default_RAND' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("RAND", ENGINE_get_default_RAND());


src/common/crypto.c:373:26: warning: implicit declaration of function

'ENGINE_get_digest_engine' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));


src/common/crypto.c:374:30: warning: implicit declaration of function

'ENGINE_get_cipher_engine' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));


src/common/crypto.c:408:3: warning: implicit declaration of function

'ERR_remove_state' is invalid in C99 [-Wimplicit-function-declaration]

ERR_remove_state(0);

src/common/crypto.c:691:25: error: incomplete definition of type

'struct buf_mem_st'

*dest = tor_malloc(buf->length+1);

~

./src/common/util.h:116:44: note: expanded from macro 'tor_malloc'
#define tor_malloc(size) tor_malloc_(size DMALLOC_ARGS)


/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward

declaration of 'struct buf_mem_st'

typedef struct buf_mem_st BUF_MEM;


src/common/crypto.c:692:20: error: incomplete definition of type

'struct buf_mem_st'

memcpy(*dest, buf->data, buf->length);

~

/usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy'

builtin_memcpy_chk (dest, src, len, darwin_obsz0 (dest))


/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward

declaration of 'struct buf_mem_st'

typedef struct buf_mem_st BUF_MEM;


src/common/crypto.c:692:31: error: incomplete definition of type

'struct buf_mem_st'

memcpy(*dest, buf->data, buf->length);

~

/usr/include/secure/_string.h:65:38: note: expanded from macro 'memcpy'

builtin_memcpy_chk (dest, src, len, darwin_obsz0 (dest))


/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward

declaration of 'struct buf_mem_st'

typedef struct buf_mem_st BUF_MEM;


src/common/crypto.c:693:14: error: incomplete definition of type

'struct buf_mem_st'

(*dest)[buf->length] = 0; /* nul terminate it */

~

/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward

declaration of 'struct buf_mem_st'

typedef struct buf_mem_st BUF_MEM;


src/common/crypto.c:694:13: error: incomplete definition of type

'struct buf_mem_st'

*len = buf->length;

~

/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward

declaration of 'struct buf_mem_st'

typedef struct buf_mem_st BUF_MEM;


src/common/crypto.c:695:3: warning: implicit declaration of function

'BUF_MEM_free' is invalid in C99 [-Wimplicit-function-declaration]

BUF_MEM_free(buf);

src/common/crypto.c:1783:19: warning: implicit declaration of function

'DH_generate_parameters' is invalid in C99
[-Wimplicit-function-declaration]

dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);


src/common/crypto.c:2118:12: error: no member named 'length' in 'struct dh_st'

res->dh->length = DH_PRIVATE_KEY_BITS;
~

src/common/crypto.c:3046:2: error: OpenSSL has been built without thread

support. Tor requires an OpenSSL library with thread support enabled.

#error OpenSSL has been built without thread support. Tor requires an \


src/common/crypto.c:3149:3: warning: implicit declaration of function

'ENGINE_cleanup' is invalid in C99 [-Wimplicit-function-declaration]

ENGINE_cleanup();

src/common/crypto.c:3152:3: warning: implicit declaration of function

'CONF_modules_unload' is invalid in C99 [-Wimplicit-function-declaration]

CONF_modules_unload(1);

comment:3 Changed 5 years ago by nickm

Interesting. It looks like building with BoringSSL will require some actual porting to detect all the APIs they've removed, and to figure out whether we can replace them.

LibreSSL should be easier to fix. There's some kind of server-side issue we'll need to solve, though.

I suggest we split this into two tickets.

comment:4 Changed 5 years ago by nickm

(The build issues are another matter and should get their own ticket: Untangling our kludgey library detection has been something a bunch of people have wanted for a while.)

comment:5 Changed 5 years ago by nickm

Tor master with libressl 2.1.0 bootstraps fine under Chutney with me, without the "TLS error while handshaking" warnings. Do I need to do additional steps to see those?

comment:6 Changed 5 years ago by teor

Split off:

#13815 for the BoringSSL port

#13816 for the LibreSSL runtime chutney issue

#13817 for the (SSL fork) library detection

comment:7 Changed 5 years ago by teor

Also #13977 for other SSL/TLS libraries

comment:8 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-final

comment:9 Changed 4 years ago by nickm

Status: newassigned

comment:10 Changed 4 years ago by nickm

Keywords: 027-triaged-1-out added

Marking triaged-out items from first round of 0.2.7 triage.

comment:11 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???

comment:12 Changed 4 years ago by teor

Resolution: worksforme
Status: assignedclosed

I installed libressl 2.2.2 from MacPorts on OS X 10.10, and then rebuilt all the dependencies of openssl/libressl in MacPorts, including libevent and tor. (I probably skipped this step last time, which might have been the source of my issues. MacPorts (or I) seem smarter about this now.)

I then rebuilt the latest tor master with:

make clean
./configure --with-libevent-dir=/opt/local --with-openssl-dir=/opt/local --disable-asciidoc
make test-network-all

All of the 7 make test-network-all tests passed, including the mixed test based on tor master and the rebuilt tor 0.2.6.9 from MacPorts.

I think this was either a misconfiguration on my end (failure to rebuild), or something we fixed in both tor master and tor 0.2.6.9, or something specific to a different version of OS X, Xcode, or clang.

comment:13 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:14 Changed 3 years ago by nickm

Milestone: Tor: 0.3.???

Milestone deleted

Note: See TracTickets for help on using tickets.