Commit 7c19a4d9 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Merge branch 'maint-0.3.5' into maint-0.4.4

parents 57a41348 7fdfc2ea
o Major bugfixes (security, defense-in-depth):
- Detect a wider variety of failure conditions from the OpenSSL RNG
code. Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation.
Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
......@@ -525,8 +525,8 @@ crypto_rand_unmocked(char *to, size_t n)
/* We consider a PRNG failure non-survivable. Let's assert so that we get a
* stack trace about where it happened.
*/
tor_assert(r >= 0);
#endif /* defined(ENABLE_NSS) */
tor_assert(r == 1);
#endif
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment