[tor-commits] [tor/release-0.3.5] fixup! Assert on _all_ failures from RAND_bytes().
nickm at torproject.org
nickm at torproject.org
Mon Jun 14 15:03:14 UTC 2021
commit ee35291a7cdbe51038cbc21ddd5605d7d11c0b94
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue May 18 08:30:47 2021 -0400
fixup! Assert on _all_ failures from RAND_bytes().
Whoops; I forgot to add the changes file. :/
---
changes/ticket40390 | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/changes/ticket40390 b/changes/ticket40390
new file mode 100644
index 0000000000..b56fa4d9da
--- /dev/null
+++ b/changes/ticket40390
@@ -0,0 +1,8 @@
+ o Major bugfixes (security, defense-in-depth):
+ - Detect a wider variety of failure conditions from the OpenSSL RNG
+ code. Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation.
+ Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
More information about the tor-commits
mailing list