diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-05-17 08:50:01 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2021-05-17 08:50:01 -0400 |
| commit | f9a05e464de9b876f21c1fc5563ef628b9057fe8 (patch) | |
| tree | 2b5ecccf69ecfdafa85c95791b31b4380e2533a5 | |
| parent | e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f (diff) | |
| download | tor-f9a05e464de9b876f21c1fc5563ef628b9057fe8.tar.gz tor-f9a05e464de9b876f21c1fc5563ef628b9057fe8.zip | |
Assert on _all_ failures from RAND_bytes().
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
| -rw-r--r-- | src/lib/crypt_ops/crypto_rand.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c index 915fe0870d..206929d6b3 100644 --- a/src/lib/crypt_ops/crypto_rand.c +++ b/src/lib/crypt_ops/crypto_rand.c @@ -525,7 +525,7 @@ crypto_rand_unmocked(char *to, size_t n) /* We consider a PRNG failure non-survivable. Let's assert so that we get a * stack trace about where it happened. */ - tor_assert(r >= 0); + tor_assert(r == 1); #endif } |