diff options
| author | George Kadianakis <desnacked@riseup.net> | 2020-03-30 16:09:52 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-04-13 14:13:33 -0400 |
| commit | 37bcc9f3d2f2df0335a42c9692e7d5deafc03514 (patch) | |
| tree | 5c2cba0051f3461284a08c2e2dbc93d1014202cd /src/feature/hs | |
| parent | e472737297f5924a584fc8f434aba085e89b887a (diff) | |
| download | tor-37bcc9f3d2f2df0335a42c9692e7d5deafc03514.tar.gz tor-37bcc9f3d2f2df0335a42c9692e7d5deafc03514.zip | |
hs-v3: Don't allow registration of an all-zeroes client auth key.
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().
We fixed that by making sure that an all-zeroes client auth key will not be
used.
There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
Diffstat (limited to 'src/feature/hs')
| -rw-r--r-- | src/feature/hs/hs_client.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index 3660bfa96c..d0a3a7015f 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -45,7 +45,7 @@ typedef enum { REGISTER_SUCCESS_AND_DECRYPTED, /* We failed to register these credentials, because of a bad HS address. */ REGISTER_FAIL_BAD_ADDRESS, - /* We failed to register these credentials, because of a bad HS address. */ + /* We failed to store these credentials in a persistent file on disk. */ REGISTER_FAIL_PERMANENT_STORAGE, } hs_client_register_auth_status_t; |