[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:4 cypherpunks]:
> If the threat is the former, why is it necessary to perform the check on
every startup? Isn't a build-time unit test sufficient?
Was my phrasing overly idiomatic? More still means both...
The test is dirt cheap as long as it won't be done on every TLS connection
(and it isn't, just once during initialization). It could be moved to the
unit test code, but that involves exposing the currently opaque
`crypto_dh_t` internals, which doesn't feel great since there's zero
reason for the internals of the struct to be visible.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs