Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.
To build Tor from source:
./configure && make && make install
To build Tor from a just-cloned git repository:
sh autogen.sh && ./configure && make && make install
Home page:
https://www.torproject.org/
Download new versions:
https://www.torproject.org/download/download.html
Documentation, including links to installation and setup instructions:
https://www.torproject.org/docs/documentation.html
Making applications work with Tor:
https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
Frequently Asked Questions:
https://www.torproject.org/docs/faq.html
To get started working on Tor development:
See the doc/HACKING directory.
Release timeline:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases
Forked from
The Tor Project / Core / Tor
8120 commits behind the upstream repository.
Alexander Hansen Færøy
authored
This patch fixes an out-of-bound memory read in `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS instead of OpenSSL. The NSS library stores some length fields in bits instead of bytes, but the comparison function found in `SECITEM_ItemsAreEqual()` needs the length to be encoded in bytes. This means that for a 140-byte, DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120 bytes instead of 140 (140bytes * 8bits = 1120bits). This patch fixes the issue by converting from bits to bytes before calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to bits before we leave the function. This patch is part of the fix for TROVE-2020-001. See: https://bugs.torproject.org/33119