Merge remote-tracking branch 'origin/maint-0.2.4'

Conflicts: src/common/crypto.c
author: Nick Mathewson <nickm@torproject.org> 2013-12-18 22:04:21 -0500
committer: Nick Mathewson <nickm@torproject.org> 2013-12-18 22:04:21 -0500
commit: 85284c33d1952711703087eb64149ef55ea775cf (patch)
tree: 5d14fb6a3fdb9e599625986ada5de994e43ab26e /changes
parent: f12d3fe9aa3d2f97eb1750e30b812358ecdd9139 (diff)
parent: dabdc339fe5abc5949f087621996672c122101b6 (diff)
download: tor-85284c33d1952711703087eb64149ef55ea775cf.tar
tor-85284c33d1952711703087eb64149ef55ea775cf.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bug10402 b/changes/bug10402
new file mode 100644
index 000000000..eac00bdc6
--- /dev/null
+++ b/changes/bug10402
@@ -0,0 +1,11 @@
+  o Major bugfixes:
+    - Do not allow OpenSSL engines to replace the PRNG, even when
+      HardwareAccel is set. The only default builtin PRNG engine uses
+      the Intel RDRAND instruction to replace the entire PRNG, and
+      ignores all attempts to seed it with more entropy. That's
+      cryptographically stupid: the right response to a new alleged
+      entropy source is never to discard all previously used entropy
+      sources. Fixes bug 10402; works around behavior introduced in
+      OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+      and "rl1987".
+
author	Nick Mathewson <nickm@torproject.org>	2013-12-18 22:04:21 -0500
committer	Nick Mathewson <nickm@torproject.org>	2013-12-18 22:04:21 -0500
commit	85284c33d1952711703087eb64149ef55ea775cf (patch)
tree	5d14fb6a3fdb9e599625986ada5de994e43ab26e /changes
parent	f12d3fe9aa3d2f97eb1750e30b812358ecdd9139 (diff)
parent	dabdc339fe5abc5949f087621996672c122101b6 (diff)
download	tor-85284c33d1952711703087eb64149ef55ea775cf.tar tor-85284c33d1952711703087eb64149ef55ea775cf.tar.gz