Hi,
while trying to compile the latest git-checkout against openssl-1.0.2, I've come across the following issues:
---- make[1]: Entering directory `/usr/local/src/tor-git' CC src/common/tortls.o cc1: warnings being treated as errors In file included from /opt/openssl/include/openssl/ssl.h:1382, from src/common/tortls.c:36: /opt/openssl/include/openssl/srtp.h:138: error: redundant redeclaration of ‘SSL_get_selected_srtp_profile’ /opt/openssl/include/openssl/srtp.h:135: note: previous declaration of ‘SSL_get_selected_srtp_profile’ was here make[1]: *** [src/common/tortls.o] Error 1 make[1]: Leaving directory `/usr/local/src/tor-git' make: *** [all] Error 2 ----
There is an open ticket[0] in the openssl bugtracker for this. While the proper solution is to fix openssl/include/openssl/srtp.h, I wanted to compile without -Werror. However, when adding CFLAGS="-Wno-error" during ./configure, -Werror is still added to the ./Makefile and overriding -Wno-error. When adding CFLAGS="-Wno-error" during "make" all the other CFLAGS are gone too. Thus I ended up removing -Werror from the Makefile and tortls.o compiled.
While this is really an issue with openssl, I wanted to have this documented, just in case anybody else tries the same. If someone knows of a better workaround (i.e. compiling just tortls.c with -Wno-error and everything else with -Werror), please share! :-)
A bit later, compilation stops again:
---- CCLD src/or/tor src/common/libor-crypto.a(aes.o): In function `aes_crypt': aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt' collect2: ld returned 1 exit status make[1]: *** [src/or/tor] Error 1 make[1]: Leaving directory `/usr/local/src/tor-git' make: *** [all] Error 2 ----
Hm, this leaves me puzzled for now. CRYPTO_ctr128_encrypt is still included in openssl-1.0.2 and src/common/aes.o seems to be built with this function included as well, not sure why src/common/libor-crypto.a complains now:
---- $ grep -r CRYPTO_ctr128_encrypt /opt/openssl/ /opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, /opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, Binary file /opt/openssl/bin/openssl matches Binary file /opt/openssl/lib/libcrypto.a matches
$ grep -r CRYPTO_ctr128_encrypt . ./src/common/aes.c: CRYPTO_ctr128_encrypt((const unsigned char *)input, Binary file ./src/common/aes.o matches Binary file ./src/common/libor-crypto.a matches ----
Why do I (try to) build against openssl-1.0.2? I'm on Debian/stable which still ships openssl-0.9.8o and I wanted to get rid of this "use a more recent OpenSSL" message during startup :-)
Otherwise, today's git-checkout of tor runs just fine when built against openssl-0.9.8 (on powerpc) - yay!
Christian.
[0] http://rt.openssl.org/Ticket/Display.html?id=2724
On Mon, Sep 24, 2012 at 4:13 AM, Christian Kujau lists@nerdbynature.de wrote:
Hi,
while trying to compile the latest git-checkout against openssl-1.0.2, I've come across the following issues:
[...]
While this is really an issue with openssl, I wanted to have this documented, just in case anybody else tries the same. If someone knows of a better workaround (i.e. compiling just tortls.c with -Wno-error and everything else with -Werror), please share! :-)
So, -Werror isn't supposed to be on by default; you only get that if you configure with --enable-gcc-warnings. You can get all the warnings, but with -Werror disabled, by using --enable-gcc-warnings-advisory instead.
A bit later, compilation stops again:
CCLD src/or/tor src/common/libor-crypto.a(aes.o): In function `aes_crypt': aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt'
Well that's certainly annoying. If you're not feeling hackerish, I'd suggest backing off to openssl the openssl 1.0.1 branch, which has actually been, y'know, released. (There's no released openssl 1.0.2 version yet, right?) But if you're willing to hack the Tor code, you might be able to make CAN_USE_OPENSSL_CTR always undefined in aes.c, and make USE_EVP_AES_CTR always defined, so that Tor doesn't even consider using the CRYPTO_ implementation.
As a late follow-up, for the archives...
Nick Mathewson wrote on 9/25/12 09:36:
On Mon, Sep 24, 2012 at 4:13 AM, Christian Kujau lists@nerdbynature.de wrote:
while trying to compile the latest git-checkout against openssl-1.0.2, I've come across the following issues:
[...]
While this is really an issue with openssl, I wanted to have this documented, just in case anybody else tries the same. If someone knows of a better workaround (i.e. compiling just tortls.c with -Wno-error and everything else with -Werror), please share! :-)
So, -Werror isn't supposed to be on by default; you only get that if you configure with --enable-gcc-warnings. You can get all the warnings, but with -Werror disabled, by using --enable-gcc-warnings-advisory instead.
Yes, --enable-gcc-warnings-advisory helps - thanks!
A bit later, compilation stops again:
CCLD src/or/tor src/common/libor-crypto.a(aes.o): In function `aes_crypt': aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt'
Well that's certainly annoying. If you're not feeling hackerish, I'd suggest backing off to openssl the openssl 1.0.1 branch, which has actually been, y'know, released. (There's no released openssl 1.0.2 version yet, right?) But if you're willing to hack the Tor code, you might be able to make CAN_USE_OPENSSL_CTR always undefined in aes.c, and make USE_EVP_AES_CTR always defined, so that Tor doesn't even consider using the CRYPTO_ implementation.
At first I felt hackerish and tried your suggestion, but then I realized that although I used --with-openssl-dir=/opt/openssl, the compilation process made use of my already installed libssl-dev package and stopped with the error above. Uninstalling my distro's openssl development libraries helped and latest Tor compiles against the latest openssl CVS checkout. yay!
Thanks for replying & sorry for my late response, Christian.
-
Christian Kujau -
Nick Mathewson