Assert on _all_ failures from RAND_bytes().

Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
author: Nick Mathewson <nickm@torproject.org> 2021-05-17 08:50:01 -0400
committer: Nick Mathewson <nickm@torproject.org> 2021-06-10 08:33:57 -0400
commit: c0aa9e0a1b1633d3b221199d516294e14a5db9c6 (patch)
tree: 12667fd2eb3f5c654130237b203d561c16807c39 /changes
parent: e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f (diff)
download: tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.tar.gz
tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket40390 b/changes/ticket40390
new file mode 100644
index 0000000000..b56fa4d9da
--- /dev/null
+++ b/changes/ticket40390
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, defense-in-depth):
+    - Detect a wider variety of failure conditions from the OpenSSL RNG
+      code. Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation.
+      Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
author	Nick Mathewson <nickm@torproject.org>	2021-05-17 08:50:01 -0400
committer	Nick Mathewson <nickm@torproject.org>	2021-06-10 08:33:57 -0400
commit	c0aa9e0a1b1633d3b221199d516294e14a5db9c6 (patch)
tree	12667fd2eb3f5c654130237b203d561c16807c39 /changes
parent	e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f (diff)
download	tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.tar.gz tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.zip