[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 09 Jan 2012 17:45:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Jan 2012 12:46:17 -0500
In-reply-to: <046.007d65a3572214d149c9452c7aa96a0c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.007d65a3572214d149c9452c7aa96a0c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4779: AES broken since 0.2.3.9-alpha on CentOS 6
-----------------------+----------------------------------------------------
 Reporter:  Pascal     |          Owner:  nickm             
     Type:  defect     |         Status:  accepted          
 Priority:  normal     |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.9-alpha
 Keywords:  aes        |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by Pascal):

 Replying to [comment:26 fermenthor]:
 > The problem with version checking is that rpms from redhat will continue
 to patch the openssl header with OPENSSL_VERSION_NUMBER 0x10000003 for ABI
 compatibility. Even if you build on fedora with openssl-1.0.0f-1, Tor will
 not use the counter mode.

 The bigger problem is that the current check is at compile time.  So if
 Tor is built on a box with a working OpenSSL, then moved to a box with a
 broken OpenSSL, it will still use counter mode.  E.g. if whoever builds
 the RPMs for the website has a working OpenSSL, then anyone downloading
 them will get a version that uses counter mode, even though they may not
 have a working OpenSSL.  IMHO, until we have a working runtime check,
 counter mode should be completely disabled.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4779#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #4838 [Tor Relay]: A directory cache will never purge some old descriptors
Next by Author: Re: [tor-bugs] #2434 [Tor Relay]: Don't disable dirport when accounting limit can't be reached due to bwrate
Previous by thread: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Next by thread: Re: [tor-bugs] #4779 [Tor Relay]: AES broken since 0.2.3.9-alpha on CentOS 6
Index(es):
- Author
- Thread