[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17686 [Tor]: Make our openssl-RNG calling code less scary.

#17686: Make our openssl-RNG calling code less scary.
------------------------+--------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor     |    Version:
     Severity:  Normal  |   Keywords:  rng crypto
Actual Points:          |  Parent ID:
       Points:          |    Sponsor:
------------------------+--------------------------------
 crypto_rand() returns even when RAND_bytes fails.  That's bad!

 It's not actually a security bug though, since RAND_bytes can't fail given
 how we set it up.  But we should change the warning in RAND_bytes() to an
 assertion.  Then we can make crypto_rand() return void.

 Similarly, in crypto_seed_rng(), we should check RAND_status() or
 something, and flip out or assert if the openssl RNG is not fully
 initialized and seeded.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17686>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs