Merge branch 'maint-0.3.5' into maint-0.4.4

2 files changed, 10 insertions, 2 deletions

diff --git a/changes/ticket40390 b/changes/ticket40390
new file mode 100644
index 0000000000..b56fa4d9da
--- /dev/null
+++ b/changes/ticket40390
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, defense-in-depth):
+    - Detect a wider variety of failure conditions from the OpenSSL RNG
+      code. Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation.
+      Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index ac5f10da64..ce6f21dbb4 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -525,8 +525,8 @@ crypto_rand_unmocked(char *to, size_t n)
   /* We consider a PRNG failure non-survivable. Let's assert so that we get a
    * stack trace about where it happened.
    */
-  tor_assert(r >= 0);
-#endif /* defined(ENABLE_NSS) */
+  tor_assert(r == 1);
+#endif
 }
 
 /**