| blob | b56fa4d9da35f41b3f2f5c08e655a535d93ce01b |
1 o Major bugfixes (security, defense-in-depth):
2 - Detect a wider variety of failure conditions from the OpenSSL RNG
3 code. Previously, we would detect errors from a missing RNG
4 implementation, but not failures from the RNG code itself.
5 Fortunately, it appears those failures do not happen in practice
6 when Tor is using OpenSSL's default RNG implementation.
7 Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
8 TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.