mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 15:23:27 +01:00
12 lines
583 B
Plaintext
12 lines
583 B
Plaintext
|
o Major bugfixes:
|
||
|
- Do not allow OpenSSL engines to replace the PRNG, even when
|
||
|
HardwareAccel is set. The only default builtin PRNG engine uses
|
||
|
the Intel RDRAND instruction to replace the entire PRNG, and
|
||
|
ignores all attempts to seed it with more entropy. That's
|
||
|
cryptographically stupid: the right response to a new alleged
|
||
|
entropy source is never to discard all previously used entropy
|
||
|
sources. Fixes bug 10402; works around behavior introduced in
|
||
|
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
|
||
|
and "rl1987".
|
||
|
|