diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:37:34 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:37:34 -0400 |
commit | c58c2d4e372a166c3b3437774ed728de12dacf04 (patch) | |
tree | e2dcbeb6834b56ef6d1f261032960fa8099996ed | |
parent | 9e5e584cb62021e347f2dc106f239906d2aa3ad2 (diff) | |
parent | 1d11675adbc40c52b0d5047c0bb6f033bde6b19a (diff) | |
download | tor-c58c2d4e372a166c3b3437774ed728de12dacf04.tar.gz tor-c58c2d4e372a166c3b3437774ed728de12dacf04.zip |
Merge branch 'maint-0.4.6' into release-0.4.6
-rw-r--r-- | changes/ticket40390 | 8 | ||||
-rw-r--r-- | src/lib/crypt_ops/crypto_rand.c | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/changes/ticket40390 b/changes/ticket40390 new file mode 100644 index 0000000000..b56fa4d9da --- /dev/null +++ b/changes/ticket40390 @@ -0,0 +1,8 @@ + o Major bugfixes (security, defense-in-depth): + - Detect a wider variety of failure conditions from the OpenSSL RNG + code. Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. + Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c index b51013efe4..83b709c623 100644 --- a/src/lib/crypt_ops/crypto_rand.c +++ b/src/lib/crypt_ops/crypto_rand.c @@ -525,8 +525,8 @@ crypto_rand_unmocked(char *to, size_t n) /* We consider a PRNG failure non-survivable. Let's assert so that we get a * stack trace about where it happened. */ - tor_assert(r >= 0); -#endif /* defined(ENABLE_NSS) */ + tor_assert(r == 1); +#endif } /** |