[tor-bugs] #16189 [Tor]: Ensure our scrypt interoperates with openssl's scrypt
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 9 20:03:37 UTC 2015
#16189: Ensure our scrypt interoperates with openssl's scrypt
------------------------+--------------------------------
Reporter: nickm | Owner: rl1987
Type: defect | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by rl1987):
Replying to [comment:5 nickm]:
> > I have preliminary patch for this:
https://github.com/rl1987/tor/compare/libscrypt_eq_openssl
> >
> >
>
> Looks promising. We'll need to pull it out eventually, once we add some
logic to stop linking libscrypt when openssl has scrypt... but for now it
should be fine.
>
> There's a logic bug, though: The code that calls EVP_PBE_scrypt() needs
to be disabled entirely when openssl doesn't have that function, or our
tests won't compile.
>
I pushed one more commit that fixes this.
> > OpenSSL seems to fail with the last test vector from draft-josefsson-
scrypt-kdf-00 section 11.
> >
> >
>
> Hmmm. Does libscrypt pass with that test vector? If so, we should
submit a bug to the openssl people so they don't release a broken scrypt
implementation.
>
It seems to, since libscrypt is being tested independently in
`test_crypto_scrypt_vectors()` and this test does not fail. I have
isolated the failing part using `#if 0` so that others could take a look.
If you enable that part of the code, you will see that `EVP_PBE_scrypt()`
returns the failure status if you try to compute key with the last test
vector in Section 11.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16189#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list