Opened 7 weeks ago

Closed 7 weeks ago

Last modified 7 weeks ago

#31844 closed defect (fixed)

OpenSSL 1.1.1d fails to compile for some platforms/architectures

Reported by: gk Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, TorBrowserTeam201909R, tbb-9.0-must-alpha
Cc: boklm Actual Points: 1.5
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

According to our nightly builds only linux32 and macOS compilations for OpenSSL 1.1.1d succeeded, which is weird. Here is the error for linux 64bit:

${LDCMD:-gcc} -pthread -Wa,--noexecstack -Wall -O3 -L.   \
                -o apps/openssl apps/asn1pars.o apps/ca.o apps/ciphers.o apps/cms.o apps/crl.o apps/crl2p7.o apps/dgst.o apps/dhparam.o apps/dsa.o apps/dsaparam.o apps/ec.o apps/ecparam.o apps/enc.o apps/engine.o apps/errstr.o apps/gendsa.o apps/genpkey.o apps/genrsa.o apps/nseq.o apps/ocsp.o apps/openssl.o apps/passwd.o apps/pkcs12.o apps/pkcs7.o apps/pkcs8.o apps/pkey.o apps/pkeyparam.o apps/pkeyutl.o apps/prime.o apps/rand.o apps/rehash.o apps/req.o apps/rsa.o apps/rsautl.o apps/s_client.o apps/s_server.o apps/s_time.o apps/sess_id.o apps/smime.o apps/speed.o apps/spkac.o apps/srp.o apps/storeutl.o apps/ts.o apps/verify.o apps/version.o apps/x509.o \
                 apps/libapps.a -lssl -lcrypto -ldl -pthread
./libcrypto.so: undefined reference to `aesni_ccm64_decrypt_blocks'
./libcrypto.so: undefined reference to `aesni_xts_encrypt'
./libcrypto.so: undefined reference to `aesni_ctr32_encrypt_blocks'
./libcrypto.so: undefined reference to `aesni_ccm64_encrypt_blocks'
./libcrypto.so: undefined reference to `aesni_cbc_encrypt'
./libcrypto.so: undefined reference to `aesni_ecb_encrypt'
./libcrypto.so: undefined reference to `aesni_gcm_decrypt'
./libcrypto.so: undefined reference to `aesni_gcm_encrypt'
./libcrypto.so: undefined reference to `aesni_ocb_decrypt'
./libcrypto.so: undefined reference to `gcm_ghash_avx'
./libcrypto.so: undefined reference to `aesni_ocb_encrypt'
./libcrypto.so: undefined reference to `aesni_encrypt'
./libcrypto.so: undefined reference to `aesni_decrypt'
./libcrypto.so: undefined reference to `aesni_set_encrypt_key'
./libcrypto.so: undefined reference to `aesni_set_decrypt_key'
./libcrypto.so: undefined reference to `aesni_xts_decrypt'
collect2: error: ld returned 1 exit status

Child Tickets

Change History (14)

comment:1 Changed 7 weeks ago by gk

lolwut

*** Installing runtime programs
install apps/openssl.exe -> /var/tmp/dist/openssl/bin/openssl.exe
install ./tools/c_rehash -> /var/tmp/dist/openssl/bin/c_rehash
/bin/sh: 1: Syntax error: "(" unexpected
make: *** [install_ssldirs] Error 2
Makefile:297: recipe for target 'install_ssldirs' failed

That's for Windows i686.

comment:2 Changed 7 weeks ago by cypherpunks

lolwut

This? https://knowyourmeme.com/memes/wat

That's for Windows i686.

#31383 included.

comment:3 Changed 7 weeks ago by gk

And here we have the error for 64bit Windows

*** Installing runtime programs
install apps/openssl.exe -> /var/tmp/dist/openssl/bin/openssl.exe
install ./tools/c_rehash -> /var/tmp/dist/openssl/bin/c_rehash
created directory `C:'
created directory `C:/Program'
created directory `Files'
created directory `Files/Common'
created directory `Files/SSL'
created directory `Files/SSL/certs'
created directory `Files/SSL/private'
created directory `Files/SSL/misc'
install ./apps/CA.pl -> C:/Program Files/Common Files/SSL/misc/CA.pl
cp: target 'Files/SSL/misc/CA.pl.new' is not a directory
Makefile:297: recipe for target 'install_ssldirs' failed
make: *** [install_ssldirs] Error 1

comment:4 Changed 7 weeks ago by eighthave

I don't know if it is useful to you, but I'm building for Android using openssl v1.1.1d for all 4 supported arches: https://github.com/guardianproject/tor-android/pull/19

comment:5 Changed 7 weeks ago by boklm

The Windows build issue is probably related to this change:
https://github.com/openssl/openssl/commit/54aa9d51b09d67e90db443f682cface795f5af9e

comment:6 Changed 7 weeks ago by boklm

I think the Windows i686 error might be caused by this line in the generated Makefile, where the path contain some (:

OPENSSLDIR_dir=/Program Files (x86)/Common Files/SSL

comment:7 Changed 7 weeks ago by boklm

Keywords: TorBrowserTeam201909R added; TorBrowserTeam201909 removed
Status: newneeds_review

There are two patches for review in branch bug_31844_v3:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_31844_v3&id=7bab743e199ea3d3ba8ca3f5ba5289609035f37c

One is to stop using --prefix, so that openssl does not look for config file in a user-writable directory (which is CVE-2019-1552, although I am not sure if Tor is using openssl in a way where this matters).

The other is for fixing the use of unquoted paths. I should also submit this patch to https://github.com/openssl/openssl/issues/9520.

However, the linux64 build is not yet fixed.

comment:8 Changed 7 weeks ago by boklm

For the linux64 build, this seems similar to this issue:
https://github.com/openssl/openssl/issues/9839

Adding no-asm to the configure options, as suggested in this ticket, is fixing the build.

comment:9 in reply to:  8 ; Changed 7 weeks ago by gk

Replying to boklm:

For the linux64 build, this seems similar to this issue:
https://github.com/openssl/openssl/issues/9839

Adding no-asm to the configure options, as suggested in this ticket, is fixing the build.

Hm. Maybe we should just switch the target here to the one mentioned in the bug (and adapt the 32bit one while we are at it)?

comment:10 in reply to:  9 Changed 7 weeks ago by boklm

Replying to gk:

Replying to boklm:

For the linux64 build, this seems similar to this issue:
https://github.com/openssl/openssl/issues/9839

Adding no-asm to the configure options, as suggested in this ticket, is fixing the build.

Hm. Maybe we should just switch the target here to the one mentioned in the bug (and adapt the 32bit one while we are at it)?

Yes, I was thinking the same. Using linux-x86_64 instead of linux-generic64 is also fixing the build.

comment:11 in reply to:  9 Changed 7 weeks ago by boklm

Replying to gk:

Replying to boklm:

For the linux64 build, this seems similar to this issue:
https://github.com/openssl/openssl/issues/9839

Adding no-asm to the configure options, as suggested in this ticket, is fixing the build.

Hm. Maybe we should just switch the target here to the one mentioned in the bug (and adapt the 32bit one while we are at it)?

I added a new patch doing that in branch bug_31844_v3:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_31844_v3&id=74f146865135f2a655c936164ffa2f5c25a4d05e

comment:12 Changed 7 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Those patches look good to me, thanks! And, yes, please upstream the one Windows related patch. I merged them to master as commit abdfbfdb3f4122300c3f3f5e745af1c74a559102, 7bab743e199ea3d3ba8ca3f5ba5289609035f37c, and 74f146865135f2a655c936164ffa2f5c25a4d05e.

comment:13 Changed 7 weeks ago by boklm

Actual Points: 1.5

comment:14 Changed 7 weeks ago by boklm

Note: See TracTickets for help on using tickets.