[tor-bugs] #16189 [Tor]: Ensure our scrypt interoperates with openssl's scrypt

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 9 15:33:08 UTC 2015


#16189: Ensure our scrypt interoperates with openssl's scrypt
------------------------+--------------------------------
     Reporter:  nickm   |      Owner:  rl1987
         Type:  defect  |     Status:  needs_revision
     Priority:  normal  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 > I have preliminary patch for this:
 ​https://github.com/rl1987/tor/compare/libscrypt_eq_openssl

 Looks promising. We'll need to pull it out eventually, once we add some
 logic to stop linking libscrypt when openssl has scrypt... but for now it
 should be fine.

 There's a logic bug, though: The code that calls EVP_PBE_scrypt() needs to
 be disabled entirely when openssl doesn't have that function, or our tests
 won't compile.

 > OpenSSL seems to fail with the last test vector from draft-josefsson-
 scrypt-kdf-00 section 11.

 Hmmm.  Does libscrypt pass with that test vector?  If so, we should submit
 a bug to the openssl people so they don't release a broken scrypt
 implementation.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16189#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list