[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.



#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
 Reporter:  yawning          |          Owner:
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor              |        Version:  Tor: unspecified
 Severity:  Normal           |     Resolution:
 Keywords:  tor-core crypto  |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |
-----------------------------+------------------------------------

Comment (by yawning):

 Replying to [comment:4 cypherpunks]:
 > If the threat is the former, why is it necessary to perform the check on
 every startup? Isn't a build-time unit test sufficient?

 Was my phrasing overly idiomatic?  More still means both...

 The test is dirt cheap as long as it won't be done on every TLS connection
 (and it isn't, just once during initialization).  It could be moved to the
 unit test code, but that involves exposing the currently opaque
 `crypto_dh_t` internals, which doesn't feel great since there's zero
 reason for the internals of the struct to be visible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs