[tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Dec 28 01:30:45 UTC 2011
#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
Reporter: Pascal | Owner: nickm
Type: defect | Status: accepted
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: 0.2.3.9-alpha
Keywords: aes | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Looking at the diffs, I believe that the change to the implementation of
modes/ctr128.c in openssl 1.0.0a is probably what's responsible for the
fixed behavior. None of the changes in openssl 1.0.0b seem applicable.
Replying to [comment:23 Pascal]:
> Rather than doing a version check, I would recommend implementing a test
during startup to determine if the installed OpenSSL is working correctly
and use a workaround if not.
That would be great if we have a good quick test here. The aestest2.c
hack above is ... well, a hack, and the version check is so simple. I'm
going to check in the version check for now, but if anybody has time to
come up with an elegant way to test for the broken openssl 1.0.0
implementation, that would be great.
> Anyone know how to get Red Hat to upgrade RHEL 6 to a newer OpenSSL?
RHEL will almost never upgrade openssl within a RHEL version; they will
only backport patches as needed. If somebody files a bug, shows them my
test code, and tells them that the patch is in openssl 1.0.0a and requires
a backport, that might be enough for them, but I don't know whether they
would consider this bug "serious enough".
It's still worth trying, though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list