RSA_get0_d could not be located in the dynamic link library tor.exe

OS: Win10 (win64)

Tor Browser will not run, when attempting to establish a connection the following error appeats:

The procedure entry point RSA_get0_d could not be located in the dynamic link library C:\Users\MyUser\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe

Trac:
Username: ner0

added component::core tor/tor priority::medium reporter::ner0 severity::normal status::assigned type::defect labels

Could not specify before, but this starts with latest browser update v9.0.7 (tor 0.4.2.7)

Trac:
Username: ner0

A user reported the same issue on the blog: https://blog.torproject.org/comment/287165#comment-287165

I think this is probably related with this change: https://gitweb.torproject.org/tor.git/commit/?h=maint-0.4.2&id=8abdb394893a1704f885278f5f5d7913cdf516c9

We are including ./Browser/TorBrowser/Tor/libssl-1_1.dll in the bundle. I am wondering if tor.exe gets linked to wrong dll for some reason.

nickm, teor: do you have any idea about what could be causing this error?

Trac:
Cc: N/A to nickm, teor

One additional data point: I am unable to reproduce this problem on a Win10 64-bit laptop that has minimal software installed (no anti-malware software except the built-in Defender).

Replying to boklm:

A user reported the same issue on the blog: https://blog.torproject.org/comment/287165#comment-287165 That was also me.

Replying to mcs:

One additional data point: I am unable to reproduce this problem on a Win10 64-bit laptop that has minimal software installed (no anti-malware software except the built-in Defender). Can confirm. In the system showing the issue I have Comodo AV, I hav esince cloned the system to a VM, removed tons of software including AV and it doesn't work all the same.

Trac:
Username: ner0

I have uninstalled virtually everything on the system and the issue persists. Should be noted that the issue does not happen when using the 32bit version of Tor Browser, only 64bit.

Trac:
Username: ner0

update

uninstalled virtually everything

reinstall torbrowser?

Replying to cypherpunks:

update

uninstalled virtually everything

reinstall torbrowser? Yes, reinstalled it multiple times. Also purged the whole folder, as well as Program Files and ProgramData leftovers. Tested with new Win user to exclude user profile issues. As mentioned by mcs, I also have been able to use the new win64 release on a another machine with no issue. On my computer (and VM) only the 32bit version is working, 64bit throws the error mentioned in the title.

I could try to be of further assistance if I knew a good way to debug or gather logging information that could be useful.

Trac:
Username: ner0

Replying to boklm:

nickm, teor: do you have any idea about what could be causing this error?

Most frequently this kind of error happens when Tor is compiled with one version of openssl, but linked with another substantially different. I don't know so much about Windows linking behavior, however.

Is there some kind of tool that can be used to tell which specific libraries Windows is trying to link Tor against here? If so, that would probably help figure this out.

Trac:
Username: ner0

Trac:
Username: ner0

I don't know if procmon logs can be useful on their own. I've attached logs and side by side comparison of v9.0.6 and v9.0.7, the issue arises very early on, not sue what is the trigger though.

Trac:
Username: ner0

Trac:
Username: ner0

procmon_logs.7z

Trac:
Username: ner0

12:01:42.7784859 PM	tor.exe	25560	CreateFile	C:\Windows\System32\libcrypto-1_1-x64.dll	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened

libcrypto-1_1-x64.dll in system32 dir (why?)

When looking at Logfile_v9.0.7_win64_fail_hl.PML I see that it contains the string C:\Windows\System32\libssl-1_1-x64.dll.

So it looks like libssl is loaded from the Windows system directory instead of the Tor Browser directory.

When looking at: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order The directory from which the application loaded is first, so I don't know why it is not loaded from Tor Browser's directory.

However in Factors That Affect Searching they also say: If the DLL is on the list of known DLLs for the version of Windows on which the application is running, the system uses its copy of the known DLL (and the known DLL's dependent DLLs, if any) instead of searching for the DLL. For a list of known DLLs on the current system, see the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs.

Maybe libssl is part of the known DLLs?

Replying to cypherpunks:

{{{ 12:01:42.7784859 PM tor.exe 25560 CreateFile C:\Windows\System32\libcrypto-1_1-x64.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened }}} libcrypto-1_1-x64.dll in system32 dir (why?) The OpenSSL Toolkit... that's where it came from.

that might have been a contributing factor, but weirder is how it was "fixed":

1. Ran Tor Browser once as administrator;
2. Done.

I don't have a clue as to what/why. I can now run it without elevated privileges just fine, no more issues.

Trac:
Username: ner0