Opened 3 months ago

Last modified 5 weeks ago

#27802 new defect

OpenSSL 1.1.0 issue during static link

Reported by: cretz Owned by:
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: static, 029-backport, 033-backport, 034-backport, 032-unreached-backport
Cc: Actual Points:
Parent ID: #6623 Points:
Reviewer: Sponsor:

Description

Here's my configure call (using Tor 0.3.5.1-alpha in my case):

sh ./configure --prefix=/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/dist --disable-gcc-hardening --disable-system-torrc --disable-asciidoc --enable-static-libevent --with-libevent-dir=/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../libevent/dist --enable-static-openssl --with-openssl-dir=/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist --enable-static-zlib --with-zlib-dir=/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist --enable-static-tor

Note, this all works fine with OpenSSL 1.0.x. Running gets:

configure: Now, we'll look for OpenSSL >= 1.0.1
checking for openssl directory... configure: WARNING: Could not find a linkable openssl.  If you have it installed somewhere unusual, you can specify an explicit path using --with-openssl-dir
configure: WARNING: On Debian, you can install openssl using "apt-get install libssl-dev"
configure: error: Missing libraries; unable to proceed.

Looking in config.log where it's checking OpenSSL:

configure:9656: Now, we'll look for OpenSSL >= 1.0.1
configure:9677: checking for openssl directory
configure:9732: gcc -o conftest -g -O2 -static -I/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/include  -L/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib  conftest.c -lpthread -ldl  -lssl -lcrypto   >&5
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(b_addr.o): In function `BIO_lookup':
b_addr.c:(.text+0xc9c): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(b_sock.o): In function `BIO_gethostbyname':
b_sock.c:(.text+0x71): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_lock_new':
threads_pthread.c:(.text+0x25): undefined reference to `pthread_rwlock_init'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_read_lock':
threads_pthread.c:(.text+0x65): undefined reference to `pthread_rwlock_rdlock'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_write_lock':
threads_pthread.c:(.text+0x85): undefined reference to `pthread_rwlock_wrlock'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_unlock':
threads_pthread.c:(.text+0xa5): undefined reference to `pthread_rwlock_unlock'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_lock_free':
threads_pthread.c:(.text+0xca): undefined reference to `pthread_rwlock_destroy'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_run_once':
threads_pthread.c:(.text+0xf5): undefined reference to `pthread_once'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_init_local':
threads_pthread.c:(.text+0x115): undefined reference to `pthread_key_create'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_set_local':
threads_pthread.c:(.text+0x147): undefined reference to `pthread_setspecific'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_cleanup_local':
threads_pthread.c:(.text+0x167): undefined reference to `pthread_key_delete'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_get_local':
threads_pthread.c:(.text+0x133): undefined reference to `pthread_getspecific'
/home/cretz/work/bine/gopath/src/github.com/cretz/tor-static/tor/../openssl/dist/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_THREAD_get_current_id':
threads_pthread.c:(.text+0x181): undefined reference to `pthread_self'
/usr/lib/gcc/x86_64-linux-gnu/5/libgcc_eh.a(unwind-dw2.o): In function `uw_init_context_1':
(.text+0x1e0d): undefined reference to `pthread_once'
collect2: error: ld returned 1 exit status

And also:

configure:9732: gcc -o conftest -g -O2 -static   conftest.c -lpthread -ldl  -lssl -lcrypto   >&5
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
(.text+0x11): undefined reference to `dlopen'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
(.text+0x24): undefined reference to `dlsym'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
(.text+0x2f): undefined reference to `dlclose'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
(.text+0x334): undefined reference to `dlsym'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
(.text+0x3db): undefined reference to `dlerror'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
(.text+0x454): undefined reference to `dlsym'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
(.text+0x4fb): undefined reference to `dlerror'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
(.text+0x569): undefined reference to `dlopen'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
(.text+0x5cb): undefined reference to `dlclose'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
(.text+0x603): undefined reference to `dlerror'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr':
(.text+0x69f): undefined reference to `dladdr'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr':
(.text+0x709): undefined reference to `dlerror'
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
(.text+0x762): undefined reference to `dlclose'
collect2: error: ld returned 1 exit status

This is happening because the gcc call is putting -lssl and -lcrypto after -lpthread and -ldl instead of before it. This apparently has been happening a long time (see #12720) and I can't find any recent blame to cause this. I have also confirmed this is happening in Windows using MinGW on static builds too.

Please adjust TOR_SEARCH_LIBRARY or whatever is needed to make sure the -lssl and -lcrypto appear first on these checks. In the meantime, devs can solve this by setting the LIBS env var to "-lssl -lcrypto -lcrypt32 -lgdi32 -lws2_32" at least on Windows and presumably "-lssl -lcrypto -lpthread -ldl" on Linux (running into #6623 on Linux, so unsure).

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by teor

Keywords: static 029-backport 032-backport 033-backport 034-backport added
Milestone: Tor: 0.3.5.x-final
Parent ID: #6623

I am not sure whether to put this fix in 0.3.5 or 0.3.6, but it would be nice to have a working static binary in our LTS release.
It might also be good to backport these fixes, if they aren't too big.

comment:2 Changed 3 months ago by cretz

Just to clarify for here and #6623, static compilation works perfectly fine with OpenSSL 1.0.2 on Windows, Linux, and macOS. It's just 1.1.0 that causes an issue. My script visible at https://github.com/cretz/tor-static/tree/tor-0.3.5.x.

comment:3 Changed 5 weeks ago by teor

Keywords: 032-unreached-backport added; 032-backport removed

0.3.2 is end of life, so 032-backport is now 032-unreached-backport.

Note: See TracTickets for help on using tickets.