[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values

Subject: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 Nov 2015 10:38:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Nov 2015 05:38:50 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17697: Add crypto_rand unit tests to check for predictable values
-----------------------------+--------------------------------
     Reporter:  teor         |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  Medium       |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor          |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+--------------------------------
 Add unit tests that check for common RNG failure modes, such as
 returning all zeroes, identical values, or incrementing values
 (OpenSSL's rand_predictable feature).

 See my branch rand-failure-modes, it's based on bug17686_v2_027 in #17686.
 https://github.com/teor2345/tor.git

 As well as doing these checks during unit tests, we could also do these
 checks every time we reseed OpenSSL's PRNG. (With an appropriately large
 buffer so that the chance of failure during normal operation is
 astronomically improbable, or at least less probable than a bit-flip in
 the return value.)

 In particular, OpenSSL's rand_predictable feature concerns me - we
 currently don't check if Tor is run against an OpenSSL with it on.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17697>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #8195 [Tor]: tor and capabilities
Next by Author: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
Previous by thread: Re: [tor-bugs] #17696 [metrics-lib]: patch for missing torperf annotaion
Next by thread: Re: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
Index(es):
- Author
- Thread