nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
mirror repository of the tor core protocol in case of issues
34,931 Commits 53 Branches 629 Tags 108 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
37bcc9f3d2
Go to file
George Kadianakis 37bcc9f3d2 hs-v3: Don't allow registration of an all-zeroes client auth key. 
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().

We fixed that by making sure that an all-zeroes client auth key will not be
used.

There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
2020-04-13 14:13:33 -04:00
changes hs-v3: Don't allow registration of an all-zeroes client auth key. 2020-04-13 14:13:33 -04:00
contrib Bump version to 0.4.2.7-dev 2020-03-18 12:16:11 -04:00
doc doc: Fix a manual page typo 2020-03-19 18:02:32 +10:00
m4 Print summary at the end of the configure script 2019-10-17 10:08:34 -04:00
scripts practracker: Disable practracker in git hooks 2020-03-20 17:32:57 +10:00
src hs-v3: Don't allow registration of an all-zeroes client auth key. 2020-04-13 14:13:33 -04:00
.appveyor.yml Appveyor: Copy required DLLs to test and app 2020-03-20 14:48:31 +10:00
.editorconfig Add .editorconfig to follow coding standards style 2018-06-17 19:24:40 -04:00
.gitignore Move unit-parsing code to src/lib/confmgt 2019-06-24 15:11:57 -04:00
.gitlab-ci.yml gitlab-ci: purge old job for mirroring, its unused and obsolete 2019-10-29 22:55:13 +01:00
.gitmodules Update the .gitmodules to refer to project-level tor-rust-dependencies 2018-02-21 11:53:04 -05:00
.travis.yml Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-16 20:54:34 +10:00
acinclude.m4 Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
autogen.sh Cleanup shellcheck warnings in autogen.sh 2019-01-18 13:49:30 +02:00
ChangeLog Correction to changelog from dgoulet 2020-02-10 15:02:32 -05:00
CODE_OF_CONDUCT Add CODE_OF_CONDUCT file 2018-07-05 11:22:33 +03:00
config.rust.in Make the rust tests link. 2018-07-31 19:46:00 -04:00
configure.ac Bump version to 0.4.2.7-dev 2020-03-18 12:16:11 -04:00
CONTRIBUTING improve a URL 2018-05-11 18:00:30 -04:00
Doxyfile.in Doxyfile: skip CHECK_PRINTF() 2019-12-08 22:40:00 -06:00
INSTALL Remove old instructions from INSTALL 2018-07-03 16:34:52 +03:00
LICENSE clarify that tor's license is free software 2019-08-23 21:52:33 -04:00
Makefile.am practracker: integration tests for --regen and --regen-overbroad 2020-02-03 13:11:58 -05:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README doc: Put the release timeline link in README 2017-11-08 10:44:00 -05:00
ReleaseNotes Fix a changelog typo 2020-01-30 12:56:06 -05:00
warning_flags.in Try @warning_flags to avoid bloating verbose make logs 2018-12-21 10:00:23 -05:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.

Release timeline:
         https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases