Opened 6 years ago

Closed 6 years ago

#10793 closed enhancement (implemented)

Tor should clear() then free() BigIntegers

Reported by: nextgens Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: security pfs tor-relay ssl tls 024-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In order to have decent Forward Secrecy, secrets have to be securely disposed of... the patch attached improves the statu quo and makes my static analysis tools happier.

It replaces all occurrences of BN_free() by BN_clear_free(), even where it doesn't matter.

Child Tickets

Attachments (1)

0001-Some-anti-forensics-paranoia.patch (2.9 KB) - added by nextgens 6 years ago.

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by nextgens

comment:1 Changed 6 years ago by nextgens

Keywords: pfs tor-relay ssl tls added
Status: newneeds_review

comment:2 Changed 6 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Seems straightforward enough. Applied to master and added a changes/ file. Thanks!

comment:3 Changed 6 years ago by nickm

Keywords: 024-backport added
Milestone: Tor: 0.2.4.x-final
Resolution: implemented
Status: closedreopened

comment:4 Changed 6 years ago by nickm

Status: reopenedneeds_review

Marking for 0.2.4 backport.

comment:5 Changed 6 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Roger likes it for backport. So, cherry-picked as 01132c93fdfd634475c6d56455efdfe1cff1fe83

Note: See TracTickets for help on using tickets.