"ours" to avoid version bump.

"ours" to avoid version bump.

boklm tracked this down, and it doesn't make sense.  It caused

This change goes back to the previous LDFLAGS line.

Fixes bug 29530, where the LOG_ERR messages were occurring when
we had no configured network, and so we were failing the unit tests
because of the recently-merged #28668.

Bug not in any released Tor.

This test fails in some environments; since the code isn't used in
0.4.0, let's disable it for now.

Band-aid solution for #29534; bug not in any released Tor.

Kris Katterjohn authored 6 years ago and Nick Mathewson committed 6 years ago

malloc_options needs to be declared extern (and declaring it extern
means we need to initialize it separately)

Fixes bug 29145; bugfix on 0.2.9.3-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>

José M. Guisado authored 6 years ago and Nick Mathewson committed 6 years ago

Signed-off-by: José M. Guisado <guigom@riseup.net>

introduced in 85542ee5

next step is to fix it in torspec too

Matt Traudt authored 6 years ago and David Goulet committed 6 years ago

Closes #29508

Signed-off-by: David Goulet <dgoulet@torproject.org>

This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.

test_crypto.c is pretty big; it wouldn't hurt to split it up some
more before I start adding stuff to the PRNG tests.

This is the second part of refactoring the random-int-in-range code.

until #29298 is implemented.