[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] building Tor against LibreSSL 2.1.1 fails with "undefined reference to `EVP_aes_128_ctr'" error

On Sat, 22 Nov 2014 06:40:24 -0800, teor <teor2345@xxxxxxxxx> wrote:
Yes, on OS X, but it wasn't easy, and it didn't bootstrap for me due to SSL errors. Others have had more luck, but mostly on Linux AFAIK.
Do you perhaps have a system-installed OpenSSL 0.9.* which is lacking EVP_aes_128_ctr?
See https://trac.torproject.org/projects/tor/ticket/13817 for a similar failure, due to the following issues:
configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables. configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X. 

If you do run into runtime SSL errors, see this bug:
https://trac.torproject.org/projects/tor/ticket/13816
Thanks for the information. I was able to get the latest git version of Tor build against the libressl-2.1.1 pkg in a fresh FreeBSD 9x jail using the following steps: 

pkg install libressl autoconf git gmake gettext
mkdir /usr/local/src;cd /usr/local/src;git clone https://git.torproject.org/git/tor cd tor;sh autogen.sh;./configure --with-openssl-dir=/usr/local --disable-asciidoc 
make;make install;tor

Here's the terminal output when launching it:
Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa) running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and Zlib 1.2.8. Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Nov 22 17:26:41.971 [notice] This version is not a stable Tor release. Expect more bugs than usual. Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults. 
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.971 [notice] Tor v0.2.6.1-alpha-dev (git-336c856e52d211aa) running on FreeBSD with Libevent 2.0.21-stable, OpenSSL LibreSSL 2.1 and Zlib 1.2.8. Nov 22 17:26:41.971 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Nov 22 17:26:41.971 [notice] This version is not a stable Tor release. Expect more bugs than usual. Nov 22 17:26:41.972 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults. 
Nov 22 17:26:41.987 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 22 17:26:41.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip. Nov 22 17:26:42.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6. Nov 22 17:26:42.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Nov 22 17:26:42.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. 
Nov 22 17:26:42.000 [notice] Bootstrapped 0%: Starting
Nov 22 17:26:43.000 [notice] Bootstrapped 5%: Connecting to directory server Nov 22 17:26:43.000 [notice] Bootstrapped 10%: Finishing handshake with directory server Nov 22 17:26:43.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block. Nov 22 17:26:43.000 [notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled. Nov 22 17:26:44.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection Nov 22 17:26:44.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus Nov 22 17:26:45.000 [notice] Bootstrapped 25%: Loading networkstatus consensus Nov 22 17:26:47.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 
Nov 22 17:26:48.000 [notice] Bootstrapped 40%: Loading authority key certs
Nov 22 17:26:49.000 [notice] Bootstrapped 45%: Asking for relay descriptors
Nov 22 17:26:49.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6624, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) 
Nov 22 17:26:50.000 [notice] Bootstrapped 50%: Loading relay descriptors
Nov 22 17:26:53.000 [notice] Bootstrapped 55%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 60%: Loading relay descriptors
Nov 22 17:26:54.000 [notice] Bootstrapped 65%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 70%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] Bootstrapped 75%: Loading relay descriptors
Nov 22 17:26:55.000 [notice] We now have enough directory information to build circuits. Nov 22 17:26:55.000 [notice] Bootstrapped 80%: Connecting to the Tor network 
Nov 22 17:26:55.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 22 17:26:56.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. 
Nov 22 17:26:56.000 [notice] Bootstrapped 100%: Done
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays