[tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Dec 27 04:39:44 UTC 2011
#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
Reporter: Pascal | Owner: nickm
Type: defect | Status: accepted
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: 0.2.3.9-alpha
Keywords: aes | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Replying to [comment:15 nickm]:
> Hooray, results! I can confirm that the test passes (by saying "Looks
ok to me") on Ubuntu 11.10 and on Fedora 16.
>
> There are a few possibilities here:
>
> * The test shows a real bug in Centos's openssl.
> * The test shows a real bug in openssl itself.
> * The test is badly designed, and proves nothing.
> * The test is badly designed, and Tor has the same bad design in its
use of AES_ctr128_encrypt.
Oh, another possibility:
* This bug was in openssl 1.0.0 and was fixed in subsequent version,
but centos hasn't backported the fix.
Unfortunately, I'm travelling with a little netbook and intermittent till
wednesday, so I probably won't be able to try building a bunch of
different openssl versions until then.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list