tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit c0aa9e0a1b1633d3b221199d516294e14a5db9c6
parent e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f
Author: Nick Mathewson <nickm@torproject.org>
Date:   Mon, 17 May 2021 08:50:01 -0400

Assert on _all_ failures from RAND_bytes().

Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.

Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation.  Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.

Diffstat:

Achanges/ticket40390 | 8++++++++


Msrc/lib/crypt_ops/crypto_rand.c | 2+-


2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/changes/ticket40390 b/changes/ticket40390
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, defense-in-depth):
+    - Detect a wider variety of failure conditions from the OpenSSL RNG
+      code. Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation.
+      Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
@@ -525,7 +525,7 @@ crypto_rand_unmocked(char *to, size_t n)
   /* We consider a PRNG failure non-survivable. Let's assert so that we get a
    * stack trace about where it happened.
    */
-  tor_assert(r >= 0);
+  tor_assert(r == 1);
 #endif
 }