commit 085bf61a351a6fce94046afe68a17eda0b133606
parent a2e500f1ffd7978d05916060f9d9ff9496d734c0
Author: Nick Mathewson <nickm@torproject.org>
Date: Thu, 10 Jun 2021 08:37:34 -0400
Merge branch 'maint-0.4.6'
Diffstat:
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/changes/ticket40390 b/changes/ticket40390
@@ -0,0 +1,8 @@
+ o Major bugfixes (security, defense-in-depth):
+ - Detect a wider variety of failure conditions from the OpenSSL RNG
+ code. Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation.
+ Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
@@ -525,8 +525,8 @@ crypto_rand_unmocked(char *to, size_t n)
/* We consider a PRNG failure non-survivable. Let's assert so that we get a
* stack trace about where it happened.
*/
- tor_assert(r >= 0);
-#endif /* defined(ENABLE_NSS) */
+ tor_assert(r == 1);
+#endif
}
/**
