[tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 4 11:44:02 UTC 2016
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:4 cypherpunks]:
> If the threat is the former, why is it necessary to perform the check on
every startup? Isn't a build-time unit test sufficient?
Was my phrasing overly idiomatic? More still means both...
The test is dirt cheap as long as it won't be done on every TLS connection
(and it isn't, just once during initialization). It could be moved to the
unit test code, but that involves exposing the currently opaque
`crypto_dh_t` internals, which doesn't feel great since there's zero
reason for the internals of the struct to be visible.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list