Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#16251 closed defect (fixed)

Tor does not recognise libressl version and fails to compile on OpenBSD 5.6

Reported by: cwk Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords: libressl
Cc: cwk@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Compiling tor from git returns:

src/common/tortls.c:1451: undefined reference to `SSL_CIPHER_find'

Latest commit on the git repo is, for reference: 90e07ab338cd59caeaeb31a3d207bb34d433b8ab

User 'mancha' on #tor helped me pin the problem. They supplied the following source code to test the SSL version currently in use:

{{{#include <stdio.h>
#include <openssl/crypto.h>

#define OPENSSL_VER(a,b,c,d,e) \

(((a)<<28) | \

((b)<<20) | \
((c)<<12) | \
((d)<< 4) | \

(e))

#define OPENSSL_V_SERIES(a,b,c) OPENSSL_VER((a),(b),(c),0,0)

int main()
{

printf("OPENSSL_VERSION_NUMBER : %x\n", OPENSSL_VERSION_NUMBER);
printf("OPENSSL_V_SERIES(1,0,2): %x\n", OPENSSL_V_SERIES(1,0,2));
return 0;

}

}}}

Compiling with cc -o foo foo.c -lcrypto returns:

OPENSSL_VERSION_NUMBER : 20000000
OPENSSL_V_SERIES(1,0,2): 10002000

Mancha also suggested the following patch:

--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1440,7 +1440,7 @@ static int
 find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
 {
   const SSL_CIPHER *c;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,2)
+#if 0
   {
     unsigned char cipherid[3];
     tor_assert(ssl);

Applying the patch makes tor compile successfully.

Child Tickets

Change History (10)

comment:1 Changed 4 years ago by cwk

apologies, I mis-formatted the description and now can't edit it. Needs a newline after the first {{{

comment:2 Changed 4 years ago by mancha

The issue is introduced via:

commit 496df21c89d1425ff06dc9067d2cd4eb076a412c
Author: Nick Mathewson <nickm@torproject.org>
Date:   Thu May 14 10:14:06 2015 -0400

    Use SSL_CIPHER_find where possible.

To clarify, my suggested patch is merely a stopgap measure I provided the reporter so he could immediately build tor HEAD on OpenBSD 5.6. A proper patch would test for LibreSSL.

comment:3 Changed 4 years ago by nickm

Looks like we should detect this with autoconf.

comment:4 Changed 4 years ago by cwk

Cc: cwk@… added

comment:5 Changed 4 years ago by nickm_mobile

Milestone: Tor: 0.2.7.x-final

comment:6 Changed 4 years ago by nickm

I've tried doing this with autoconf in 7fd8496d7221dfc0658b3b7269ea0ce3d4c94f8c of my branch for bug #15760 . (I did it there because that introduces autoconf tests for openssl.) Not tested with libressl.

comment:7 Changed 4 years ago by nickm

Status: newneeds_review

comment:8 Changed 4 years ago by yawning

That change lgtm.

comment:9 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged to master! Please reopen if not fixed.

comment:10 Changed 4 years ago by cwk

Bug does not appear any more on the same setup used to raise it with latest pull from github.

Thanks everyone.

Note: See TracTickets for help on using tickets.