[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.3.5] Assert on _all_ failures from RAND_bytes().



commit f9a05e464de9b876f21c1fc5563ef628b9057fe8
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Mon May 17 08:50:01 2021 -0400

    Assert on _all_ failures from RAND_bytes().
    
    Previously, we would detect errors from a missing RNG
    implementation, but not failures from the RNG code itself.
    
    Fortunately, it appears those failures do not happen in practice
    when Tor is using OpenSSL's default RNG implementation.  Fixes bug
    40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
    TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
---
 src/lib/crypt_ops/crypto_rand.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index 915fe0870d..206929d6b3 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -525,7 +525,7 @@ crypto_rand_unmocked(char *to, size_t n)
   /* We consider a PRNG failure non-survivable. Let's assert so that we get a
    * stack trace about where it happened.
    */
-  tor_assert(r >= 0);
+  tor_assert(r == 1);
 #endif
 }
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits