Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Created by Yawning Angel@yawning

Audit all of our Go code that uses `crypto/aes`.

The implementation is not constant time (and neither is the GHASH provided by crypto/cipher) without AES-NI/PCLMULQDQ or equivalent. I do not believe that we use either in a situation where it matters, but we should double check to confirm this. This affects any uses of the raw primitive, when wrapped in the various block cipher modes, and when used via TLS.

Known uses:

  • obfs2
  • obfs3
  • scramblesuit
  • meek without a helper