[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 27 Dec 2011 04:39:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 26 Dec 2011 23:39:57 -0500
In-reply-to: <046.007d65a3572214d149c9452c7aa96a0c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.007d65a3572214d149c9452c7aa96a0c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  major      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.9-alpha
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by nickm):

 Replying to [comment:15 nickm]:
 > Hooray, results!  I can confirm that the test passes (by saying "Looks
 ok to me") on Ubuntu 11.10 and on Fedora 16.
 >
 > There are a few possibilities here:
 >
 >  * The test shows a real bug in Centos's openssl.
 >  * The test shows a real bug in openssl itself.
 >  * The test is badly designed, and proves nothing.
 >  * The test is badly designed, and Tor has the same bad design in its
 use of AES_ctr128_encrypt.

 Oh, another possibility:

    * This bug was in openssl 1.0.0 and was fixed in subsequent version,
 but centos hasn't backported the fix.

 Unfortunately, I'm travelling with  a little netbook and intermittent till
 wednesday, so I probably won't be able to try building a bunch of
 different openssl versions until then.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Next by Author: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Previous by thread: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Next by thread: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Index(es):
- Author
- Thread