[tor-bugs] #17799 [Core Tor/Tor]: Hash All PRNG output before use
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 20 14:46:25 UTC 2016
#17799: Hash All PRNG output before use
-------------------------------------------------+-------------------------
Reporter: teor | Owner: nickm
Type: defect | Status:
Priority: Medium | needs_revision
Component: Core Tor/Tor | Milestone: Tor:
Severity: Normal | 0.2.9.x-final
Keywords: TorCoreTeam201605, TorCoreTeam- | Version: Tor:
postponed-201604, review-group-1 | unspecified
Parent ID: | Resolution:
Reviewer: asn | Actual Points: 5
| Points: 5
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):
* points: 2 => 5
* actualpoints: => 5
Comment:
Merged cpunk's patch as 71e55898438bcef88060d0d32fc4c6b31f2cc4aa.
Fixed double-init in b6ec4d3a8ace6b49fb433f0d8e596c683ef6abee.
Lowered mutex management in 6f12d0c3177f8aea706a3581ebf97f979a334858
Fixed a never-actually-free-it bug in
ac1b0027cdd5f261c21ff90f2648a5d2df179010
Added glass-box tests in ce71dbfbccbc8c42739f2738fa8e01e9aa294675 and
67f2154bc26917d70d57e43b7b543570395b2987.
(The glass-box tests make sure all the deterministic parts work the way we
would hope. They don't test that shake_prng_refill does exactly as it
should, because that takes feedback from external RNGs.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list