Assert on _all_ failures from RAND_bytes().

Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
author: Nick Mathewson <nickm@torproject.org> 2021-05-17 08:50:01 -0400
committer: Nick Mathewson <nickm@torproject.org> 2021-06-10 08:33:57 -0400
commit: c0aa9e0a1b1633d3b221199d516294e14a5db9c6 (patch)
tree: 12667fd2eb3f5c654130237b203d561c16807c39 /src/lib/crypt_ops/crypto_rand.c
parent: e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f (diff)
download: tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.tar.gz
tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index 915fe0870d..206929d6b3 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -525,7 +525,7 @@ crypto_rand_unmocked(char *to, size_t n)
   /* We consider a PRNG failure non-survivable. Let's assert so that we get a
    * stack trace about where it happened.
    */
-  tor_assert(r >= 0);
+  tor_assert(r == 1);
 #endif
 }
author	Nick Mathewson <nickm@torproject.org>	2021-05-17 08:50:01 -0400
committer	Nick Mathewson <nickm@torproject.org>	2021-06-10 08:33:57 -0400
commit	c0aa9e0a1b1633d3b221199d516294e14a5db9c6 (patch)
tree	12667fd2eb3f5c654130237b203d561c16807c39 /src/lib/crypt_ops/crypto_rand.c
parent	e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f (diff)
download	tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.tar.gz tor-c0aa9e0a1b1633d3b221199d516294e14a5db9c6.zip