[tor-bugs] #28616 [Core Tor/Tor]: TLS internal error running Tor 0.3.4.9 on Debian Buster (OpenSSL 1.1.1a)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 26 01:19:07 UTC 2018 

#28616: TLS internal error running Tor 0.3.4.9 on Debian Buster (OpenSSL 1.1.1a)
--------------------------+------------------------------
 Reporter:  filippo       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Component:  Core Tor/Tor
  Version:  Tor: 0.3.4.9  |       Severity:  Normal
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------
 Running a simple Tor relay on Debian Buster seems to report TLS 1.3
 related OpenSSL internal errors. Not entirely sure how a function named
 tls13_hkdf_expand can fail, but I'm sure OpenSSL found a way.

 {{{
 Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at
 ../src/common/buffers_tls.c:65:
 Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL
 routines:tls13_hkdf_expand:---)
 }}}

 {{{
 FROM debian:buster
 ENV DEBIAN_FRONTEND noninteractive

 RUN apt-get update && apt-get install -y apt-transport-https gnupg ca-
 certificates

 RUN echo "deb https://deb.torproject.org/torproject.org buster main" >
 /etc/apt/sources.list.d/tor.list
 RUN echo "deb-src https://deb.torproject.org/torproject.org buster main"
 >> /etc/apt/sources.list.d/tor.list

 RUN gpg --no-tty --keyserver keys.gnupg.net --recv
 A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
 RUN gpg --no-tty --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-
 key add -

 RUN apt-get update && apt-get install -y tor deb.torproject.org-keyring
 nyx

 ADD torrc /etc/tor/torrc

 RUN useradd --user-group --system --create-home tor
 USER tor

 RUN mkdir -p /home/tor/.tor/keys
 VOLUME /home/tor/.tor

 EXPOSE 9001

 ENTRYPOINT ["tor"]
 }}}

 {{{
 Nov 26 01:07:27.114 [notice] Tor 0.3.4.9 (git-de9ea9f0dfc5ecae) running on
 Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma
 5.2.2, and Libzstd 1.3.5.
 Nov 26 01:07:27.114 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Nov 26 01:07:27.115 [notice] Read configuration file "/etc/tor/torrc".
 Nov 26 01:07:27.117 [notice] Based on detected system memory,
 MaxMemInQueues is set to 5767 MB. You can override this by setting
 MaxMemInQueues by hand.
 Nov 26 01:07:27.118 [notice] Scheduler type KIST has been enabled.
 Nov 26 01:07:27.118 [notice] Opening OR listener on 0.0.0.0:9999
 Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Nov 26 01:07:31.000 [notice] Configured to measure statistics. Look for
 the *-stats files that will first be written to the data directory in 24
 hours from now.
 Nov 26 01:07:31.000 [notice] Your Tor server's identity key fingerprint is
 'ToBeAnnounced 2EC042F4274CC8A54381C78E8D1BF322FA26A095'
 Nov 26 01:07:31.000 [notice] Bootstrapped 0%: Starting
 Nov 26 01:07:39.000 [notice] Starting with guard context "default"
 Nov 26 01:07:39.000 [notice] Bootstrapped 5%: Connecting to directory
 server
 Nov 26 01:07:39.000 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Nov 26 01:07:39.000 [notice] Bootstrapped 50%: Loading relay descriptors
 Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at
 ../src/common/buffers_tls.c:65:
 Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL
 routines:tls13_hkdf_expand:---)
 Nov 26 01:07:40.000 [notice] I learned some more directory information,
 but not enough to build a circuit: We're missing descriptors for 1/2 of
 our primary entry guards (total microdescriptors: 5519/6239).
 Nov 26 01:07:41.000 [notice] I learned some more directory information,
 but not enough to build a circuit: We're missing descriptors for 1/2 of
 our primary entry guards (total microdescriptors: 5506/6327).
 Nov 26 01:07:42.000 [warn] Unhandled OpenSSL errors found at
 ../src/common/buffers_tls.c:65:
 Nov 26 01:07:42.000 [warn] TLS error: internal error (in SSL
 routines:tls13_hkdf_expand:---)
 Nov 26 01:07:49.000 [notice] Bootstrapped 80%: Connecting to the Tor
 network
 Nov 26 01:07:50.000 [notice] Bootstrapped 85%: Finishing handshake with
 first hop
 Nov 26 01:07:50.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
 Nov 26 01:07:51.000 [notice] Tor has successfully opened a circuit. Looks
 like client functionality is working.
 Nov 26 01:07:51.000 [notice] Bootstrapped 100%: Done
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28616>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list