[tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Jan 9 17:45:59 UTC 2012
#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
Reporter: Pascal | Owner: nickm
Type: defect | Status: accepted
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: 0.2.3.9-alpha
Keywords: aes | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by Pascal):
Replying to [comment:26 fermenthor]:
> The problem with version checking is that rpms from redhat will continue
to patch the openssl header with OPENSSL_VERSION_NUMBER 0x10000003 for ABI
compatibility. Even if you build on fedora with openssl-1.0.0f-1, Tor will
not use the counter mode.
The bigger problem is that the current check is at compile time. So if
Tor is built on a box with a working OpenSSL, then moved to a box with a
broken OpenSSL, it will still use counter mode. E.g. if whoever builds
the RPMs for the website has a working OpenSSL, then anyone downloading
them will get a version that uses counter mode, even though they may not
have a working OpenSSL. IMHO, until we have a working runtime check,
counter mode should be completely disabled.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list