[tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Jan 9 17:45:59 UTC 2012


#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  normal     |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.9-alpha
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by Pascal):

 Replying to [comment:26 fermenthor]:
 > The problem with version checking is that rpms from redhat will continue
 to patch the openssl header with OPENSSL_VERSION_NUMBER 0x10000003 for ABI
 compatibility. Even if you build on fedora with openssl-1.0.0f-1, Tor will
 not use the counter mode.

 The bigger problem is that the current check is at compile time.  So if
 Tor is built on a box with a working OpenSSL, then moved to a box with a
 broken OpenSSL, it will still use counter mode.  E.g. if whoever builds
 the RPMs for the website has a working OpenSSL, then anyone downloading
 them will get a version that uses counter mode, even though they may not
 have a working OpenSSL.  IMHO, until we have a working runtime check,
 counter mode should be completely disabled.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list