[tor-bugs] #17799 [Core Tor/Tor]: Hash All PRNG output before use

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 25 19:53:40 UTC 2016


#17799: Hash All PRNG output before use
-------------------------------+----------------------------------------
 Reporter:  teor               |          Owner:  nickm
     Type:  defect             |         Status:  needs_review
 Priority:  Medium             |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor       |        Version:  Tor: unspecified
 Severity:  Normal             |     Resolution:
 Keywords:  TorCoreTeam201604  |  Actual Points:
Parent ID:                     |         Points:  small/medium-remaining
 Reviewer:  asn                |        Sponsor:
-------------------------------+----------------------------------------

Comment (by nickm):

 Looking at the implementation of RAND_get_rand_method and
 RAND_set_rand_method in openssl 1.0.0 and openssl master, I am pretty
 confident that calling RAND_set_rand_method will replace
 default_RAND_meth; I've added a comment to explain why.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list