[tor-bugs] #4779 [Tor Relay]: AES broken since on CentOS 6

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Dec 28 01:30:45 UTC 2011

#4779: AES broken since on CentOS 6
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  major      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor:
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    

Comment(by nickm):

 Looking at the diffs, I believe that the change to the implementation of
 modes/ctr128.c in openssl 1.0.0a is probably what's responsible for the
 fixed behavior.  None of the changes in openssl 1.0.0b seem applicable.

 Replying to [comment:23 Pascal]:
 > Rather than doing a version check, I would recommend implementing a test
 during startup to determine if the installed OpenSSL is working correctly
 and use a workaround if not.

 That would be great if we have a good quick test here.  The aestest2.c
 hack above is ... well, a hack, and the version check is so simple.  I'm
 going to check in the version check for now, but if anybody has time to
 come up with an elegant way to test for the broken openssl 1.0.0
 implementation, that would be great.

 > Anyone know how to get Red Hat to upgrade RHEL 6 to a newer OpenSSL?

 RHEL will almost never upgrade openssl within a RHEL version; they will
 only backport patches as needed. If somebody files a bug, shows them my
 test code, and tells them that the patch is in openssl 1.0.0a and requires
 a backport, that might be enough for them, but I don't know whether they
 would consider this bug "serious enough".

 It's still worth trying, though.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list