[tor-bugs] #17799 [Core Tor/Tor]: Hash All PRNG output before use

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 18 18:29:14 UTC 2016


#17799: Hash All PRNG output before use
-------------------------------+----------------------------------------
 Reporter:  teor               |          Owner:  nickm
     Type:  defect             |         Status:  needs_revision
 Priority:  Medium             |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor       |        Version:  Tor: unspecified
 Severity:  Normal             |     Resolution:
 Keywords:  TorCoreTeam201604  |  Actual Points:
Parent ID:                     |         Points:  small/medium-remaining
 Reviewer:  asn                |        Sponsor:
-------------------------------+----------------------------------------

Comment (by nickm):

 Replying to [comment:23 asn]:
 > Some small stuff, accompanying yawning's review:
 >
 > - I did not entirely understand why `sh` is a special structure inside
 `shake_prng_t`? It seems like other fields like `remaining` and `ptr` are
 only useful when combined with `sh.buf`, but then why aren't they also in
 `sh`? Would it be terrible to kill `sh`, and spill its contents into
 `shake_prng_t`? Alternatively, maybe we can replace `sh` with a more
 readable variable name?

 Added a fixup commit to explain why it's there.

 > - When we call `openssl_RAND_bytes()` we now assert that the retval is >
 0. In the past, we asserted that retval is >= 0. I don't know how exactly
 the retvals of `openssl_RAND_bytes()` work so I'm not sure if this is a
 bug or a feature.

 retval==0 is an error too; looks like that's a separate bug.  (Looking at
 the openssl code, I don't think it can happen though.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list