Opened 6 years ago

Closed 6 years ago

#6673 closed defect (fixed)

tor crashes silently with non-threaded openssl build

Reported by: darkk Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version: Tor: 0.2.2.37
Severity: Keywords: openssl ssl tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I've seen lots of cryptic crashes of tor on my openwrt gateway: https://atlas.torproject.org/#details/F44DA505AD91CFC8D5745BB070909F20F21E06D9

I've recently decided to debug this issue and run tor with --Daemon 0 under tmux and I got assertion failure:

...
Aug 24 00:43:13.842 [notice] Performing bandwidth self-test...done.
/usr/sbin/tor: md_rand.c: 325: ssleay_rand_add: Assertion `md_c[1] == md_count[1]' failed.
Aborted

Accoding to openssl code it means that openssl was built without OPENSSL_THREADS

crypto/rand/md_rand.c
320-	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
321-	    entropy += add;
322-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
323-	
324-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
325:	assert(md_c[1] == md_count[1]);
326-#endif
327-	}
328-
329-static void ssleay_rand_seed(const void *buf, int num)
330-	{

If OPENSSL_THREADS is required for tor to work, then tor should probably check for it in compile-time:

openssl-1.0.1/doc/crypto/threads.pod

You can find out if OpenSSL was configured with thread support:

 #define OPENSSL_THREAD_DEFINES
 #include <openssl/opensslconf.h>
 #if defined(OPENSSL_THREADS)
   // thread support enabled
 #else
   // no thread support
 #endif

If OPENSSL_THREADS is not required, than it looks like either bug in tor itself or in tor<->openssl interaction.

libopenssl - 1.0.1c-1
tor - 0.2.2.37-1

P.S. related OpenWrt ticket: https://dev.openwrt.org/ticket/12072

Child Tickets

Change History (7)

comment:1 Changed 6 years ago by arma

Component: - Select a componentTor Client

comment:2 Changed 6 years ago by darkk

P.S. I don't know if it's possible to enable/disable OPENSSL_THREADS without changing libopenssl ABI. It would be cool to check it in run-time too, if it's possible.

comment:3 Changed 6 years ago by nickm

Milestone: Tor: 0.2.3.x-final

Yeah, we should totally add a compile-time check here at least.

comment:4 Changed 6 years ago by nickm

Keywords: tor-client added

comment:5 Changed 6 years ago by nickm

Component: Tor ClientTor

comment:6 Changed 6 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.4.x-final
Status: newneeds_review

Fix in branch "bug6673".

comment:7 Changed 6 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Still looks okay to me.

Note: See TracTickets for help on using tickets.