[tor-bugs] #4779 [Tor Relay]: AES broken since on CentOS 6

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Dec 27 04:38:59 UTC 2011

#4779: AES broken since on CentOS 6
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  major      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor:
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    

Comment(by rransom):

 Replying to [comment:15 nickm]:
 > Hooray, results!  I can confirm that the test passes (by saying "Looks
 ok to me") on Ubuntu 11.10 and on Fedora 16.
 > There are a few possibilities here:
 >  * The test shows a real bug in Centos's openssl.
 >  * The test shows a real bug in openssl itself.
 >  * The test is badly designed, and proves nothing.
 >  * The test is badly designed, and Tor has the same bad design in its
 use of AES_ctr128_encrypt.
 > So the first step here might be to find out whether it works on an
 unpatched version of the openssl that centos started with.  If so, then we
 can rule out an openssl bug. Then we can try to tell which of the centos
 patches broke it, and submit a bug report to the centos people.

 This is a Red Hat SRPM; any bug report should go to them.

 > But before that, I could use some review on the test code, to make sure
 that it actually uses the API correctly and tests what it is supposed to

 Is `AES_ctr128_encrypt` documented anywhere?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list