[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 10 20:09:03 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by cypherpunks):
Replying to [comment:23 nickm]:
> Better now?
Jenkins seems to be happy, so yes. Thank you.
I did a review on the `crypto_strongest_rand` function and i believe the
`out` addition and `out_len` subtraction in the `else` block can be
removed. (At first i thought this would cause a buffer overflow until i
saw the `break` statement, but it still causes an integer overflow in
`out_len`).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list