[tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Dec 27 04:21:36 UTC 2011


#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  major      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.9-alpha
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------
Changes (by nickm):

  * owner:  => nickm
  * status:  new => accepted


Comment:

 Hooray, results!  I can confirm that the test passes (by saying "Looks ok
 to me") on Ubuntu 11.10 and on Fedora 16.

 There are a few possibilities here:

  * The test shows a real bug in Centos's openssl.
  * The test shows a real bug in openssl itself.
  * The test is badly designed, and proves nothing.
  * The test is badly designed, and Tor has the same bad design in its use
 of AES_ctr128_encrypt.

 So the first step here might be to find out whether it works on an
 unpatched version of the openssl that centos started with.  If so, then we
 can rule out an openssl bug. Then we can try to tell which of the centos
 patches broke it, and submit a bug report to the centos people.

 But before that, I could use some review on the test code, to make sure
 that it actually uses the API correctly and tests what it is supposed to
 test.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list