[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 33c4c785cde30d0b50717089346f9fc4fc9e708a
Author: Translation commit bot 
Date:   Wed Nov 14 05:17:41 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 19 ---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index 806b39ada..4895f8891 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -1640,16 +1640,21 @@ msgid ""
 "Provider or other authority is actively blocking connections to the Tor "
 "network."
 msgstr ""
+"Pluggable Transports се алатки кои Tor може да ги 
користи за да го маскира "
+"сообраќајот што го испраќа. Ова може да 
биде корисно во ситуации кога "
+"Интернет Сервис Провајдерот или друг 
авторитет актвино ги блокира "
+"поврзувањата на Tor мрежата."
 
 #: transports.page:21
 msgid ""
 "Currently there are six pluggable transports available, but more are being "
 "developed."
 msgstr ""
+"Моментално има достапни шест pluggable transports, 
но се развиваат и повеќе."
 
 #: transports.page:28
 msgid "obfs3"
-msgstr ""
+msgstr "obfs3"
 
 #: transports.page:33
 msgid ""
@@ -1657,10 +1662,14 @@ msgid ""
 "any other protocol. While still included by default, it is reccomended to "
 "use obfs4 instead, as it has several security improvements over obfs3."
 msgstr ""
+"obfs3 го прави Tor сообраќајот да изгледа по 
случаен избор, па така тој не "
+"изгледа како Tor или некој друг протокол. 
Иако е сеуште стандардно вклучен, "
+"наместо obfs3, се препорачува користење на 
obfs4, бидејќи има неколку "
+"безбедносни подобрувања во однос на obfs3."
 
 #: transports.page:43
 msgid "obfs4"
-msgstr ""
+msgstr "obfs4"
 
 #: transports.page:48
 msgid ""
@@ -1668,6 +1677,10 @@ msgid ""
 "from finding bridges by Internet scanning. obfs4 bridges are less likely to "
 "be blocked than obfs3 bridges."
 msgstr ""
+"obfs4 прави Tor сообраќајот да изгледа дека е 
по случаен избор како и obfs3,"
+" и исто така спречува цензорите да ги 
најдат мостовите со скенирање на "
+"Интеренетот. obfs4 мостовите е помалку 
веројатно да бидат блокирани отколку "
+"obfs3 мостовите."
 
 #: transports.page:57
 msgid "Scramblesuit"
@@ -1679,7 +1692,7 @@ msgstr ""
 
 #: transports.page:70
 msgid "FTE"
-msgstr ""
+msgstr "FTE"
 
 #: transports.page:75
 msgid ""

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 85a10e81784007b22b0a3156e13001fba10e476d
Author: Translation commit bot 
Date:   Wed Nov 14 04:47:30 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 51 ---
 1 file changed, 44 insertions(+), 7 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index e632d2b99..806b39ada 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -1403,6 +1403,9 @@ msgid ""
 "Increasing the level of the Security Slider will disable or partially "
 "disable certain browser features to protect against possible attacks."
 msgstr ""
+"Зголемувањето на нивото на Безбедносниот 
Лизгач ќе ги оневозможи или делумно"
+" ќе ги оневозможи одредени карактеристики 
на прелистувачот да го заштитат од"
+" можни напади."
 
 #: security-slider.page:42
 msgid "Safest"
@@ -1417,6 +1420,13 @@ msgid ""
 "disabled by default on all sites; most video and audio formats are disabled;"
 " and some fonts and icons may not display correctly."
 msgstr ""
+"на ова ниво, HTML5 видео и аудио медијата 
стануваат кликни-за-да-пуштиш "
+"преку NoScript; сите JavaScript оптимизации на 
перформансите се "
+"оневозможени; некои математички равенки 
може да не се вчитаат правилно; "
+"некои карактеристики на рендер фонтови се 
оневозможени; некои типови на "
+"слики се оневозможени; JavaScript е стандардно 
оневозможена на сите веб "
+"страни; повеќето видео и аудио формати се 
оневозможени; и некои фонтови и "
+"икони може да не бидат прикажани правилно."
 
 #: security-slider.page:53
 msgid "Safer"
@@ -1447,14 +1457,16 @@ msgid ""
 "At this level, all browser features are enabled. This is the most usable "
 "option."
 msgstr ""
+"На ова ниво, сите карактеристики на 
прелистувачот се оневозможени. Ова е "
+"најкористената опција."
 
 #: translate.page:6
 msgid "Becoming a translator for the Tor Project"
-msgstr ""
+msgstr "Станете преведувач за Tor Project"
 
 #: translate.page:10
 msgid "Becoming a Tor Translator"
-msgstr ""
+msgstr "Станете Tor преведувач"
 
 #: translate.page:12
 msgid ""
@@ -1464,20 +1476,29 @@ msgid ""
 " third-party that faciliates our translations. Below is an outline of how to"
 " sign up and begin."
 msgstr ""
+"Ако сте заинтересирани да му помогнете на 
проектот со преведување на "
+"упатството или на Tor Browser на вашиот јазик, 
вашата помош ќе биде многу "
+"ценета! За да допринесете ќе треба да се 
најавите на Transifex, 3-та страна "
+"која ги олеснува нашите преведувања. 
Подолу има прелед за тоа како да се "
+"најавите и да започнете."
 
 #: translate.page:21
 msgid "Signing up on Transifex"
-msgstr ""
+msgstr "Најавување на Transifex"
 
 #: translate.page:24
 msgid ""
 "Head over to the https://transifex.com/signup/\;>Transifex "
 "signup page."
 msgstr ""
+"Одете на https://transifex.com/signup/\;>Transifex 
страната за "
+"најава."
 
 #: translate.page:30
 msgid "Enter your information into the fields and click the 'Sign Up' button:"
 msgstr ""
+"Внесете ги вашите информации во полињата 
и кликнете нс копчето \"Најави "
+"се\":"
 
 #. This is a reference to an external file such as an image or video. When
 #. the file changes, the md5 hash will change to let you know you need to
@@ -1497,6 +1518,8 @@ msgid ""
 "Fill out the next page with your name and select \"Localization\" and "
 "\"Translator\" from the drop-down menus:"
 msgstr ""
+"Поплнете ја следната страна со вашето име 
и изберете \"Локализација\" и "
+"\"Преведувач\" од паѓачките менија:"
 
 #. This is a reference to an external file such as an image or video. When
 #. the file changes, the md5 hash will change to let you know you need to
@@ -1514,12 +1537,16 @@ msgstr ""
 #: translate.page:47
 msgid "On the next page, select 'Join an existing project' and continue."
 msgstr ""
+"На следната страна, изберете \"Придружи се 
на постоечки прект\" и "
+"продолжете."
 
 #: translate.page:52
 msgid ""
 "On the next page, select the 

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit fb2060e87003424a76389bc8a7bc73d7e7cffb89
Author: Translation commit bot 
Date:   Wed Nov 14 04:17:25 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 65 ++--
 1 file changed, 55 insertions(+), 10 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index 7cf1cdbc3..e632d2b99 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -1161,6 +1161,10 @@ msgid ""
 "JavaScript (and other scripts) that runs on individual web pages, or block "
 "it entirely."
 msgstr ""
+"Tor Browser вклучува и додаток наречен NoScript, 
достапен преку \"S\" "
+"иконата горе-лево на прозорецот. NoScript ви 
овозможува да ја контролирате "
+"JavaScript (и другите скрипти) кои што се 
стартуваат на индивидуални веб "
+"страни, или да ги блоклира засекогаш."
 
 #. This is a reference to an external file such as an image or video. When
 #. the file changes, the md5 hash will change to let you know you need to
@@ -1184,16 +1188,27 @@ msgid ""
 " many websites from displaying correctly, so Tor Browser’s default setting "
 "is to allow all websites to run scripts in \"Standard\" mode."
 msgstr ""
+"Корсиниците кои бараат висок степен на 
сигурност за нивното веб пребарување "
+"треба да го постават Tor Browser Безбедносниот Лизгачна 
\"Побезбедно\" (кој што ја "
+"оневозможува JavaScript за не-HTTPS веб страните) 
или на \"Најбезбедно\" ( "
+"кој го прави ова за сите веб страни). Како и 
да е, оневозможувањето на "
+"JavaScript ќе спречи многу од веб страните да 
се прикажат точно, па Tor "
+"Browser стандардната поставка ќе овозможи 
сите веб страни да стартуваат "
+"скрипти на мод \"Стандардно\"."
 
 #: plugins.page:59
 msgid "Browser Add-ons"
-msgstr ""
+msgstr "Додатоци на прелистувачот"
 
 #: plugins.page:60
 msgid ""
 "Tor Browser is based on Firefox, and any browser add-ons or themes that are "
 "compatible with Firefox can also be installed in Tor Browser."
 msgstr ""
+"Tor Browser е базиран на Firefox, и било кој 
додатоци за прелистувач или "
+"теми кои се компатибилни со Firefox можат да 
бидат инсталирани и на Tor "
+"Browser. "
 
 #: plugins.page:65
 msgid ""
@@ -1203,10 +1218,18 @@ msgid ""
 " privacy and security. It is strongly discouraged to install additional add-"
 "ons, and the Tor Project will not offer support for these configurations."
 msgstr ""
+"Како и да е, единствените додатоци кои што 
се тестирани за употреба со Tor "
+"Browser се оние кои се стандардно вклучени во 
него. Инсталирањето на било "
+"кои други додатоци за прелистувач можат 
да ја прекинат функционалноста на "
+"Tor Browser или да предизвикаат сериозни 
проблеми кои ќе се одразат на "
+"вашата приватност и безбедност. Строго го 
обесхрабруваме инсталирањето на "
+"дополнителни додатоци и Tor Project не нуди 
поддршка за овие конфигурации."
 
 #: secure-connections.page:8
 msgid "Learn how to protect your data using Tor Browser and HTTPS"
 msgstr ""
+"Научете како да го заштитите вашите 
податоци со користење на Tor Browser и "
+"HTTPS"
 
 #: secure-connections.page:12
 msgid "Secure Connections"
@@ -1246,64 +1269,78 @@ msgid ""
 "The following visualization shows what information is visible to "
 "eavesdroppers with and without Tor Browser and HTTPS encryption:"
 msgstr ""
+"Следната визуелеизација покажува кои 
информации се видливи за прислушувачите"
+" со и без Tor Browser и HTTPS енекрипција:"
 
 #: secure-connections.page:35
 msgid ""
 "Click the “Tor” button to see what data is visible to observers when 
you're "
 "using Tor. The button will turn green to indicate that Tor is on."
 msgstr ""
+"Кликнете на \"Tor\" копчето за да видите кои 
податоци се видливи за "
+"набљудувачите кога користите Tor. Копчето 
ќе стане зелено за да означи дека "
+"Tor е вклучен."
 
 #: 

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 1a7d99bfb2e551f441b8f91f96a9ab41f8e47aef
Author: Translation commit bot 
Date:   Wed Nov 14 03:47:33 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 46 +++---
 1 file changed, 39 insertions(+), 7 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index bdf6020db..7cf1cdbc3 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -983,7 +983,7 @@ msgstr ""
 
 #: onionsites.page:6
 msgid "Services that are only accessible using Tor"
-msgstr "Услуги кои не се достапни ако 
користите Tor"
+msgstr "Услуги кои се достапни само ако 
користите Tor"
 
 #: onionsites.page:10
 msgid "Onion Services"
@@ -994,18 +994,25 @@ msgid ""
 "Onion services (formerly known as “hidden services”) are services (like "
 "websites) that are only accessible through the Tor network."
 msgstr ""
+"Onion услуги (порано познати како \"скриени 
услуги\") се услуги (како веб "
+"страни) кои се достапни само преку Tor 
мрежата."
 
 #: onionsites.page:16
 msgid ""
 "Onion services offer several advantages over ordinary services on the non-"
 "private web:"
 msgstr ""
+"Onion услугите нудат неколку предности во 
однос на вообичаените услуги на "
+"не-приватниот веб:"
 
 #: onionsites.page:23
 msgid ""
 "An onion services’s location and IP address are hidden, making it difficult 
"
 "for adversaries to censor it or identify its operators."
 msgstr ""
+"Локацијата на onion услугите и IP адресите се 
скриени, што им прави "
+"потешкотии на противниците да ги 
цензурираат или да ги идентификуваат "
+"нивните оператори."
 
 #: onionsites.page:29
 msgid ""
@@ -1031,7 +1038,7 @@ msgstr ""
 
 #: onionsites.page:46
 msgid "How to access an onion service"
-msgstr ""
+msgstr "Како да и пристапите на onion услугата"
 
 #. This is a reference to an external file such as an image or video. When
 #. the file changes, the md5 hash will change to let you know you need to
@@ -1052,10 +1059,14 @@ msgid ""
 "service in order to connect to it. An onion address is a string of 16 (and "
 "in V3 format, 56) mostly random letters and numbers, followed by 
“.onion”."
 msgstr ""
+"Како и на секоја друга веб страна, треба да 
ја знаете афресата на onion "
+"услугата за да се поврзете со неа. Onion 
адресата е линија од 16 (и во V3 "
+"формат, 56) најчесто букви или броеви по 
случен избор, проследени од "
+"\".onion\"."
 
 #: onionsites.page:58 troubleshooting.page:10
 msgid "Troubleshooting"
-msgstr ""
+msgstr "Решавање проблеми"
 
 #: onionsites.page:59
 msgid ""
@@ -1063,6 +1074,9 @@ msgid ""
 "entered the onion address correctly: even a small mistake will stop Tor "
 "Browser from being able to reach the site."
 msgstr ""
+"Ако не можете да дојдете до onion услугата 
што ја барате, бидете сигурни "
+"дека сте ја внеле onion адресата точно: дури 
и мала грешка ќе го спречи Tor "
+"Browser да биде во можност да дојде до веб 
страната."
 
 #: onionsites.page:64
 msgid ""
@@ -1080,18 +1094,21 @@ msgid ""
 "connecting to http://3g2upl4pq6kufc4m.onion/\;>DuckDuckGo's "
 "Onion Service"
 msgstr ""
+"Исто така осигурајте се дека сте во 
можност да да и пристапите на onion "
+"услугата со поврзување на http://3g2upl4pq6kufc4m.onion/\;>DuckDuckGo's Onion Service"
 
 #: plugins.page:6
 msgid "How Tor Browser handles add-ons, plugins and JavaScript"
-msgstr ""
+msgstr "Како Tor Browser се справува со додатоци, 
приклучоци и JavaScript"
 
 #: plugins.page:10
 msgid "Plugins, add-ons and JavaScript"
-msgstr ""
+msgstr "Приклучоци, додатоци и JavaScript"
 
 #: plugins.page:13
 msgid "Flash Player"
-msgstr ""
+msgstr "Flash Player"
 
 #: plugins.page:14
 msgid ""
@@ -1102,6 +1119,13 @@ msgid ""
 "operators, or to an outside observer. For this reason, Flash is disabled by "
 "default in Tor Browser, and enabling it is not recommended."
 msgstr ""
+"Видео веб страните, како што е Vimeo имаат 
потреба од Flash Player приклучок"
+" за да прикажат видео содржина. За жал, 
овој софтвер работи независно од Tor"
+" Browser и не може лесно да се принуди да ги 
почитува 

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 51a370e791a736629ffc9095f9f1cd5023848c14
Author: Translation commit bot 
Date:   Wed Nov 14 03:17:42 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 67 
 1 file changed, 50 insertions(+), 17 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index c6874c8e4..bdf6020db 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -348,8 +348,8 @@ msgid ""
 " should try the different transports: obfs3, obfs4, ScrambleSuit, fte, meek-"
 "azure and Snowflake."
 msgstr ""
-"Ако се обидувате да ја заобиколите 
блокираната конекција за првпат, треба да"
-" се обидете со поинкави транспорти: obfs3, 
obfs4, ScrambleSuit, fte, meek-"
+"Ако се обидувате да го заобиколите 
блокираното поврзување за првпат, треба "
+"да се обидете со поинкави транспорти: obfs3, 
obfs4, ScrambleSuit, fte, meek-"
 "azure и Snowflake."
 
 #: circumvention.page:72
@@ -807,7 +807,8 @@ msgstr ""
 "страната во URL лентата. Дури и кога сте 
поврзани на две различни веб страни"
 " кои што користат иста услуга за следење 
од 3-та страна, Tor Browser ќе "
 "присили содржината да биде послужена 
преку два различни Tor круга, па така "
-"следачот нема да знае дека двете конекции 
потекнуваат од вашиот прелистувач."
+"следачот нема да знае дека двете 
поврзувања потекнуваат од вашиот "
+"прелистувач."
 
 #: managing-identities.page:38
 msgid ""
@@ -816,9 +817,10 @@ msgid ""
 "single website in separate tabs or windows, without any loss of "
 "functionality."
 msgstr ""
-"Од друга страна, сите конекции на една веб 
страна ќе бидат преку истиот Tor "
-"круг, што значи дека ќе можете да 
прелистувате различни страни не едена веб "
-"страна во одделни табои или прозорци, без 
да изгубите од функционалноста."
+"Од друга страна, сите поврзувања на една 
веб страна ќе бидат преку истиот "
+"Tor круг, што значи дека ќе можете да 
прелистувате различни страни не едена "
+"веб страна во одделни табои или прозорци, 
без да изгубите од "
+"функционалноста."
 
 #. This is a reference to an external file such as an image or video. When
 #. the file changes, the md5 hash will change to let you know you need to
@@ -887,9 +889,9 @@ msgid ""
 "See the Secure Connections page for"
 " important information on how to secure your connection when logging in."
 msgstr ""
-"Видете ја Безбедни 
Конекциистраната"
-" за важни информации за тоа како да ја 
обезбедите вашата конекција кога се "
-"логирате."
+"Видете ја Безбедни "
+"Поврзувањастраната за важни 
информации за тоа како да ја обезбедите "
+"вашата конекција кога се логирате."
 
 #: managing-identities.page:87
 msgid ""
@@ -900,7 +902,7 @@ msgid ""
 "following the site’s recommended procedure for account recovery, or "
 "contacting the operators and explaining the situation."
 msgstr ""
-"Tor Browser често прави вашата конекција како 
да доаѓа од сосема друга "
+"Tor Browser често прави вашето поврзување како 
да доаѓа од сосема друга "
 "страна на светот. Некои веб страни, како 
што се провајдерите на банките и "
 "е-поштата, можат да го интерпретираат ова 
како знак дека вашата сметка е "
 "хакирана и компромитирана, и да ја 
заклучат. Единствениот начин да го решите"
@@ -948,11 +950,11 @@ msgid ""
 msgstr ""
 "Оваа опција е корисна ако сакате да 
спречите вашата последователна "
 "прелистувачка активност да биде 
поврзувана со она што сте го правеле "
-"претходно. Одбирајќи ја опцијата ќе ги 
затвори сите ваши отворени табои и "
-"прозорцим ќе ги 

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 68cd567daa591b6f7aa7519680535f389871a57b
Author: Translation commit bot 
Date:   Wed Nov 14 02:47:32 2018 +

Update translations for tor-browser-manual
---
 mk/mk.po | 43 ++-
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/mk/mk.po b/mk/mk.po
index 56f6475bf..c6874c8e4 100644
--- a/mk/mk.po
+++ b/mk/mk.po
@@ -806,7 +806,7 @@ msgstr ""
 "Tor Browser го центрира вашето веб искуство 
околу вашата врска со веб "
 "страната во URL лентата. Дури и кога сте 
поврзани на две различни веб страни"
 " кои што користат иста услуга за следење 
од 3-та страна, Tor Browser ќе "
-"присили содржината да биде послужена 
преку две различни Tor кола, па така "
+"присили содржината да биде послужена 
преку два различни Tor круга, па така "
 "следачот нема да знае дека двете конекции 
потекнуваат од вашиот прелистувач."
 
 #: managing-identities.page:38
@@ -816,8 +816,8 @@ msgid ""
 "single website in separate tabs or windows, without any loss of "
 "functionality."
 msgstr ""
-"Од друга страна, сите конекции на една веб 
страна ќе бидат преку истото Tor "
-"коло, што значи дека ќе можете да 
прелистувате различни страни не едена веб "
+"Од друга страна, сите конекции на една веб 
страна ќе бидат преку истиот Tor "
+"круг, што значи дека ќе можете да 
прелистувате различни страни не едена веб "
 "страна во одделни табои или прозорци, без 
да изгубите од функционалноста."
 
 #. This is a reference to an external file such as an image or video. When
@@ -838,7 +838,7 @@ msgid ""
 "You can see a diagram of the circuit that Tor Browser is using for the "
 "current tab in the onion menu."
 msgstr ""
-"Можете да видите дијаграм на колото што Tor 
Browser го користи за "
+"Можете да видите дијаграм на кругот што Tor 
Browser го користи за "
 "моменталниот таб во onion менито."
 
 #: managing-identities.page:55
@@ -851,6 +851,10 @@ msgid ""
 "there may be situations in which it makes sense to use Tor with websites "
 "that require usernames, passwords, or other identifying information."
 msgstr ""
+"Иако Tor Browser е дизајниран за да му овозможи 
на корисникот целосна "
+"анонимност на веб, може да има ситуации во 
кои има смилса да користите Tor "
+"за веб страните кои бараат кориснички 
имиња, лозинки, или други информации "
+"за идентификување. "
 
 #: managing-identities.page:62
 msgid ""
@@ -861,18 +865,31 @@ msgid ""
 "you reveal to the websites you browse. Logging in using Tor Browser is also "
 "useful if the website you are trying to reach is censored on your network."
 msgstr ""
+"Ако се логирате на веб страна користејќи 
го вообичеаниот прелистувач, вие "
+"исто така ја откривате вашата IP адреса и 
вашата географска локација во "
+"процесот. Истото често е вака и кога 
испраќате е-пошта. Логирајќи се на "
+"вашата социјална мрежа или на вашата 
е-пошта сметка користејќи Tor Browser "
+"ви овозможува да изберете точно која 
информација да и ја откриете на веб "
+"страната на која прелистувате. Логирањето 
при користење на Tor Browser е "
+"исто така корисно ако веб страната која се 
обидувате да ја отворите е "
+"цензурирана на вашата мрежа."
 
 #: managing-identities.page:72
 msgid ""
 "When you log in to a website over Tor, there are several points you should "
 "bear in mind:"
 msgstr ""
+"Кога се логирате на веб страна преку Tor, 
има неколку поенти кои треба да ви"
+" бидат на памет:"
 
 #: managing-identities.page:79
 msgid ""
 "See the Secure Connections page for"
 " important information on how to secure your connection when logging in."
 msgstr ""

[tor-commits] [tor/release-0.3.5] seccomp2: Add "shutdown" to the list of permitted system calls.

[nickm]

commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea
Author: Nick Mathewson 
Date:   Mon Nov 12 08:23:58 2018 -0500

seccomp2: Add "shutdown" to the list of permitted system calls.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.
---
 changes/bug28183 | 4 
 src/common/sandbox.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/bug28183 b/changes/bug28183
new file mode 100644
index 0..8d35dcdc0
--- /dev/null
+++ b/changes/bug28183
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+- Permit the "shutdown()" system call, which is apparently
+  used by OpenSSL under some circumstances. Fixes bug 28183;
+  bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 0a972d496..3b21322d3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -205,6 +205,7 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_setrlimit
 SCMP_SYS(setrlimit),
 #endif
+SCMP_SYS(shutdown),
 #ifdef __NR_sigaltstack
 SCMP_SYS(sigaltstack),
 #endif
@@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void)
 {
 }
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'bug28183_029' into maint-0.3.5

[nickm]

commit 021187f91503814f13dd73b9ed835c20c57f945d
Merge: 6f2151be9 0e5378fee
Author: Nick Mathewson 
Date:   Tue Nov 13 16:48:21 2018 -0500

Merge branch 'bug28183_029' into maint-0.3.5

 changes/bug28183  | 4 
 src/lib/sandbox/sandbox.c | 2 ++
 2 files changed, 6 insertions(+)

diff --cc src/lib/sandbox/sandbox.c
index 48e37ba12,0..6f074bb4e
mode 100644,00..100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@@ -1,1806 -1,0 +1,1808 @@@
 +/* Copyright (c) 2001 Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file sandbox.c
 + * \brief Code to enable sandboxing.
 + **/
 +
 +#include "orconfig.h"
 +
 +#ifndef _LARGEFILE64_SOURCE
 +/**
 + * Temporarily required for O_LARGEFILE flag. Needs to be removed
 + * with the libevent fix.
 + */
 +#define _LARGEFILE64_SOURCE
 +#endif /* !defined(_LARGEFILE64_SOURCE) */
 +
 +/** Malloc mprotect limit in bytes.
 + *
 + * 28/06/2017: This value was increased from 16 MB to 20 MB after we 
introduced
 + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but
 + * liblzma have a small overhead that we need to compensate for to avoid being
 + * killed by the sandbox.
 + */
 +#define MALLOC_MP_LIM (20*1024*1024)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include "lib/sandbox/sandbox.h"
 +#include "lib/container/map.h"
 +#include "lib/err/torerr.h"
 +#include "lib/log/log.h"
 +#include "lib/cc/torint.h"
 +#include "lib/net/resolve.h"
 +#include "lib/malloc/malloc.h"
 +#include "lib/string/scanf.h"
 +
 +#include "tor_queue.h"
 +#include "ht.h"
 +#include "siphash.h"
 +
 +#define DEBUGGING_CLOSE
 +
 +#if defined(USE_LIBSECCOMP)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#ifdef HAVE_GNU_LIBC_VERSION_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV4_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_IF_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
 +#include 
 +#endif
 +
 +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
 +  defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 +#define USE_BACKTRACE
 +#define EXPOSE_CLEAN_BACKTRACE
 +#include "lib/err/backtrace.h"
 +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */
 +
 +#ifdef USE_BACKTRACE
 +#include 
 +#endif
 +
 +/**
 + * Linux 32 bit definitions
 + */
 +#if defined(__i386__)
 +
 +#define REG_SYSCALL REG_EAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +/**
 + * Linux 64 bit definitions
 + */
 +#elif defined(__x86_64__)
 +
 +#define REG_SYSCALL REG_RAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +#elif defined(__arm__)
 +
 +#define M_SYSCALL arm_r7
 +
 +#elif defined(__aarch64__) && defined(__LP64__)
 +
 +#define REG_SYSCALL 8
 +#define M_SYSCALL regs[REG_SYSCALL]
 +
 +#endif /* defined(__i386__) || ... */
 +
 +/**Determines if at least one sandbox is active.*/
 +static int sandbox_active = 0;
 +/** Holds the parameter list configuration for the sandbox.*/
 +static sandbox_cfg_t *filter_dynamic = NULL;
 +
 +#undef SCMP_CMP
 +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
 +#define SCMP_CMP_STR(a,b,c) \
 +  ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0})
 +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)})
 +/* We use a wrapper here because these masked comparisons seem to be pretty
 + * verbose. Also, it's important to cast to scmp_datum_t before negating the
 + * mask, since otherwise the negation might get applied to a 32 bit value, and
 + * the high bits of the value might get masked out improperly. */
 +#define SCMP_CMP_MASKED(a,b,c) \
 +  SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c))
 +
 +/** Variable used for storing all syscall numbers that will be allowed with 
the
 + * stage 1 general Tor sandbox.
 + */
 +static int filter_nopar_gen[] = {
 +SCMP_SYS(access),
 +SCMP_SYS(brk),
 +SCMP_SYS(clock_gettime),
 +SCMP_SYS(close),
 +SCMP_SYS(clone),
 +SCMP_SYS(epoll_create),
 +SCMP_SYS(epoll_wait),
 +#ifdef __NR_epoll_pwait
 +SCMP_SYS(epoll_pwait),
 +#endif
 +#ifdef HAVE_EVENTFD
 +SCMP_SYS(eventfd2),
 +#endif
 +#ifdef HAVE_PIPE2
 +SCMP_SYS(pipe2),
 +#endif
 +#ifdef HAVE_PIPE
 +SCMP_SYS(pipe),
 +#endif
 +#ifdef __NR_fchmod
 +SCMP_SYS(fchmod),
 +#endif
 +SCMP_SYS(fcntl),
 +SCMP_SYS(fstat),
 +#ifdef __NR_fstat64
 +SCMP_SYS(fstat64),
 +#endif
 +SCMP_SYS(futex),
 +SCMP_SYS(getdents),
 +SCMP_SYS(getdents64),
 +SCMP_SYS(getegid),
 +#ifdef __NR_getegid32
 +SCMP_SYS(getegid32),
 +#endif
 +SCMP_SYS(geteuid),
 +#ifdef __NR_geteuid32
 +SCMP_SYS(geteuid32),
 +#endif
 +SCMP_SYS(getgid),
 +#ifdef __NR_getgid32
 +

[tor-commits] [tor/master] seccomp2: Add "shutdown" to the list of permitted system calls.

[nickm]

commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea
Author: Nick Mathewson 
Date:   Mon Nov 12 08:23:58 2018 -0500

seccomp2: Add "shutdown" to the list of permitted system calls.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.
---
 changes/bug28183 | 4 
 src/common/sandbox.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/bug28183 b/changes/bug28183
new file mode 100644
index 0..8d35dcdc0
--- /dev/null
+++ b/changes/bug28183
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+- Permit the "shutdown()" system call, which is apparently
+  used by OpenSSL under some circumstances. Fixes bug 28183;
+  bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 0a972d496..3b21322d3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -205,6 +205,7 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_setrlimit
 SCMP_SYS(setrlimit),
 #endif
+SCMP_SYS(shutdown),
 #ifdef __NR_sigaltstack
 SCMP_SYS(sigaltstack),
 #endif
@@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void)
 {
 }
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5

[nickm]

commit c45e2f805f7d9cf1ab5b9e1c4a2e75654b62ff9d
Merge: a5f3a67a8 021187f91
Author: Nick Mathewson 
Date:   Tue Nov 13 16:48:26 2018 -0500

Merge branch 'maint-0.3.5' into release-0.3.5

 changes/bug28183  | 4 
 src/lib/sandbox/sandbox.c | 2 ++
 2 files changed, 6 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.5'

[nickm]

commit a6a7a1f3edd93bb3d9b328e6124e0912cdc94c7b
Merge: 342f2b187 021187f91
Author: Nick Mathewson 
Date:   Tue Nov 13 16:48:26 2018 -0500

Merge branch 'maint-0.3.5'

 changes/bug28183  | 4 
 src/lib/sandbox/sandbox.c | 2 ++
 2 files changed, 6 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug28183_029' into maint-0.3.5

[nickm]

commit 021187f91503814f13dd73b9ed835c20c57f945d
Merge: 6f2151be9 0e5378fee
Author: Nick Mathewson 
Date:   Tue Nov 13 16:48:21 2018 -0500

Merge branch 'bug28183_029' into maint-0.3.5

 changes/bug28183  | 4 
 src/lib/sandbox/sandbox.c | 2 ++
 2 files changed, 6 insertions(+)

diff --cc src/lib/sandbox/sandbox.c
index 48e37ba12,0..6f074bb4e
mode 100644,00..100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@@ -1,1806 -1,0 +1,1808 @@@
 +/* Copyright (c) 2001 Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file sandbox.c
 + * \brief Code to enable sandboxing.
 + **/
 +
 +#include "orconfig.h"
 +
 +#ifndef _LARGEFILE64_SOURCE
 +/**
 + * Temporarily required for O_LARGEFILE flag. Needs to be removed
 + * with the libevent fix.
 + */
 +#define _LARGEFILE64_SOURCE
 +#endif /* !defined(_LARGEFILE64_SOURCE) */
 +
 +/** Malloc mprotect limit in bytes.
 + *
 + * 28/06/2017: This value was increased from 16 MB to 20 MB after we 
introduced
 + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but
 + * liblzma have a small overhead that we need to compensate for to avoid being
 + * killed by the sandbox.
 + */
 +#define MALLOC_MP_LIM (20*1024*1024)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include "lib/sandbox/sandbox.h"
 +#include "lib/container/map.h"
 +#include "lib/err/torerr.h"
 +#include "lib/log/log.h"
 +#include "lib/cc/torint.h"
 +#include "lib/net/resolve.h"
 +#include "lib/malloc/malloc.h"
 +#include "lib/string/scanf.h"
 +
 +#include "tor_queue.h"
 +#include "ht.h"
 +#include "siphash.h"
 +
 +#define DEBUGGING_CLOSE
 +
 +#if defined(USE_LIBSECCOMP)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#ifdef HAVE_GNU_LIBC_VERSION_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV4_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_IF_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
 +#include 
 +#endif
 +
 +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
 +  defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 +#define USE_BACKTRACE
 +#define EXPOSE_CLEAN_BACKTRACE
 +#include "lib/err/backtrace.h"
 +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */
 +
 +#ifdef USE_BACKTRACE
 +#include 
 +#endif
 +
 +/**
 + * Linux 32 bit definitions
 + */
 +#if defined(__i386__)
 +
 +#define REG_SYSCALL REG_EAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +/**
 + * Linux 64 bit definitions
 + */
 +#elif defined(__x86_64__)
 +
 +#define REG_SYSCALL REG_RAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +#elif defined(__arm__)
 +
 +#define M_SYSCALL arm_r7
 +
 +#elif defined(__aarch64__) && defined(__LP64__)
 +
 +#define REG_SYSCALL 8
 +#define M_SYSCALL regs[REG_SYSCALL]
 +
 +#endif /* defined(__i386__) || ... */
 +
 +/**Determines if at least one sandbox is active.*/
 +static int sandbox_active = 0;
 +/** Holds the parameter list configuration for the sandbox.*/
 +static sandbox_cfg_t *filter_dynamic = NULL;
 +
 +#undef SCMP_CMP
 +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
 +#define SCMP_CMP_STR(a,b,c) \
 +  ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0})
 +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)})
 +/* We use a wrapper here because these masked comparisons seem to be pretty
 + * verbose. Also, it's important to cast to scmp_datum_t before negating the
 + * mask, since otherwise the negation might get applied to a 32 bit value, and
 + * the high bits of the value might get masked out improperly. */
 +#define SCMP_CMP_MASKED(a,b,c) \
 +  SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c))
 +
 +/** Variable used for storing all syscall numbers that will be allowed with 
the
 + * stage 1 general Tor sandbox.
 + */
 +static int filter_nopar_gen[] = {
 +SCMP_SYS(access),
 +SCMP_SYS(brk),
 +SCMP_SYS(clock_gettime),
 +SCMP_SYS(close),
 +SCMP_SYS(clone),
 +SCMP_SYS(epoll_create),
 +SCMP_SYS(epoll_wait),
 +#ifdef __NR_epoll_pwait
 +SCMP_SYS(epoll_pwait),
 +#endif
 +#ifdef HAVE_EVENTFD
 +SCMP_SYS(eventfd2),
 +#endif
 +#ifdef HAVE_PIPE2
 +SCMP_SYS(pipe2),
 +#endif
 +#ifdef HAVE_PIPE
 +SCMP_SYS(pipe),
 +#endif
 +#ifdef __NR_fchmod
 +SCMP_SYS(fchmod),
 +#endif
 +SCMP_SYS(fcntl),
 +SCMP_SYS(fstat),
 +#ifdef __NR_fstat64
 +SCMP_SYS(fstat64),
 +#endif
 +SCMP_SYS(futex),
 +SCMP_SYS(getdents),
 +SCMP_SYS(getdents64),
 +SCMP_SYS(getegid),
 +#ifdef __NR_getegid32
 +SCMP_SYS(getegid32),
 +#endif
 +SCMP_SYS(geteuid),
 +#ifdef __NR_geteuid32
 +SCMP_SYS(geteuid32),
 +#endif
 +SCMP_SYS(getgid),
 +#ifdef __NR_getgid32
 +

[tor-commits] [tor/maint-0.3.5] seccomp2: Add "shutdown" to the list of permitted system calls.

[nickm]

commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea
Author: Nick Mathewson 
Date:   Mon Nov 12 08:23:58 2018 -0500

seccomp2: Add "shutdown" to the list of permitted system calls.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.
---
 changes/bug28183 | 4 
 src/common/sandbox.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/bug28183 b/changes/bug28183
new file mode 100644
index 0..8d35dcdc0
--- /dev/null
+++ b/changes/bug28183
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+- Permit the "shutdown()" system call, which is apparently
+  used by OpenSSL under some circumstances. Fixes bug 28183;
+  bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 0a972d496..3b21322d3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -205,6 +205,7 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_setrlimit
 SCMP_SYS(setrlimit),
 #endif
+SCMP_SYS(shutdown),
 #ifdef __NR_sigaltstack
 SCMP_SYS(sigaltstack),
 #endif
@@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void)
 {
 }
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.5] Merge branch 'bug28183_029' into maint-0.3.5

[nickm]

commit 021187f91503814f13dd73b9ed835c20c57f945d
Merge: 6f2151be9 0e5378fee
Author: Nick Mathewson 
Date:   Tue Nov 13 16:48:21 2018 -0500

Merge branch 'bug28183_029' into maint-0.3.5

 changes/bug28183  | 4 
 src/lib/sandbox/sandbox.c | 2 ++
 2 files changed, 6 insertions(+)

diff --cc src/lib/sandbox/sandbox.c
index 48e37ba12,0..6f074bb4e
mode 100644,00..100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@@ -1,1806 -1,0 +1,1808 @@@
 +/* Copyright (c) 2001 Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file sandbox.c
 + * \brief Code to enable sandboxing.
 + **/
 +
 +#include "orconfig.h"
 +
 +#ifndef _LARGEFILE64_SOURCE
 +/**
 + * Temporarily required for O_LARGEFILE flag. Needs to be removed
 + * with the libevent fix.
 + */
 +#define _LARGEFILE64_SOURCE
 +#endif /* !defined(_LARGEFILE64_SOURCE) */
 +
 +/** Malloc mprotect limit in bytes.
 + *
 + * 28/06/2017: This value was increased from 16 MB to 20 MB after we 
introduced
 + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but
 + * liblzma have a small overhead that we need to compensate for to avoid being
 + * killed by the sandbox.
 + */
 +#define MALLOC_MP_LIM (20*1024*1024)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include "lib/sandbox/sandbox.h"
 +#include "lib/container/map.h"
 +#include "lib/err/torerr.h"
 +#include "lib/log/log.h"
 +#include "lib/cc/torint.h"
 +#include "lib/net/resolve.h"
 +#include "lib/malloc/malloc.h"
 +#include "lib/string/scanf.h"
 +
 +#include "tor_queue.h"
 +#include "ht.h"
 +#include "siphash.h"
 +
 +#define DEBUGGING_CLOSE
 +
 +#if defined(USE_LIBSECCOMP)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +#ifdef HAVE_GNU_LIBC_VERSION_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV4_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_IF_H
 +#include 
 +#endif
 +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
 +#include 
 +#endif
 +
 +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
 +  defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 +#define USE_BACKTRACE
 +#define EXPOSE_CLEAN_BACKTRACE
 +#include "lib/err/backtrace.h"
 +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */
 +
 +#ifdef USE_BACKTRACE
 +#include 
 +#endif
 +
 +/**
 + * Linux 32 bit definitions
 + */
 +#if defined(__i386__)
 +
 +#define REG_SYSCALL REG_EAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +/**
 + * Linux 64 bit definitions
 + */
 +#elif defined(__x86_64__)
 +
 +#define REG_SYSCALL REG_RAX
 +#define M_SYSCALL gregs[REG_SYSCALL]
 +
 +#elif defined(__arm__)
 +
 +#define M_SYSCALL arm_r7
 +
 +#elif defined(__aarch64__) && defined(__LP64__)
 +
 +#define REG_SYSCALL 8
 +#define M_SYSCALL regs[REG_SYSCALL]
 +
 +#endif /* defined(__i386__) || ... */
 +
 +/**Determines if at least one sandbox is active.*/
 +static int sandbox_active = 0;
 +/** Holds the parameter list configuration for the sandbox.*/
 +static sandbox_cfg_t *filter_dynamic = NULL;
 +
 +#undef SCMP_CMP
 +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
 +#define SCMP_CMP_STR(a,b,c) \
 +  ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0})
 +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)})
 +/* We use a wrapper here because these masked comparisons seem to be pretty
 + * verbose. Also, it's important to cast to scmp_datum_t before negating the
 + * mask, since otherwise the negation might get applied to a 32 bit value, and
 + * the high bits of the value might get masked out improperly. */
 +#define SCMP_CMP_MASKED(a,b,c) \
 +  SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c))
 +
 +/** Variable used for storing all syscall numbers that will be allowed with 
the
 + * stage 1 general Tor sandbox.
 + */
 +static int filter_nopar_gen[] = {
 +SCMP_SYS(access),
 +SCMP_SYS(brk),
 +SCMP_SYS(clock_gettime),
 +SCMP_SYS(close),
 +SCMP_SYS(clone),
 +SCMP_SYS(epoll_create),
 +SCMP_SYS(epoll_wait),
 +#ifdef __NR_epoll_pwait
 +SCMP_SYS(epoll_pwait),
 +#endif
 +#ifdef HAVE_EVENTFD
 +SCMP_SYS(eventfd2),
 +#endif
 +#ifdef HAVE_PIPE2
 +SCMP_SYS(pipe2),
 +#endif
 +#ifdef HAVE_PIPE
 +SCMP_SYS(pipe),
 +#endif
 +#ifdef __NR_fchmod
 +SCMP_SYS(fchmod),
 +#endif
 +SCMP_SYS(fcntl),
 +SCMP_SYS(fstat),
 +#ifdef __NR_fstat64
 +SCMP_SYS(fstat64),
 +#endif
 +SCMP_SYS(futex),
 +SCMP_SYS(getdents),
 +SCMP_SYS(getdents64),
 +SCMP_SYS(getegid),
 +#ifdef __NR_getegid32
 +SCMP_SYS(getegid32),
 +#endif
 +SCMP_SYS(geteuid),
 +#ifdef __NR_geteuid32
 +SCMP_SYS(geteuid32),
 +#endif
 +SCMP_SYS(getgid),
 +#ifdef __NR_getgid32
 +

[tor-commits] [translation/tails-onioncircuits] Update translations for tails-onioncircuits

[translation]

commit 266f0b0f8c87f290e0fe6eb9f98f35ed7b97fcee
Author: Translation commit bot 
Date:   Tue Nov 13 20:16:38 2018 +

Update translations for tails-onioncircuits
---
 fr/onioncircuits.pot | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fr/onioncircuits.pot b/fr/onioncircuits.pot
index 811179758..350a15652 100644
--- a/fr/onioncircuits.pot
+++ b/fr/onioncircuits.pot
@@ -11,10 +11,10 @@
 # Thomas Chauchefoin , 2016
 msgid ""
 msgstr ""
-"Project-Id-Version: The Tor Project\n"
+"Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-08-03 13:00+\n"
-"PO-Revision-Date: 2018-09-20 21:32+\n"
+"PO-Revision-Date: 2018-11-13 20:05+\n"
 "Last-Translator: AO \n"
 "Language-Team: French 
(http://www.transifex.com/otf/torproject/language/fr/)\n"
 "MIME-Version: 1.0\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-onioncircuits_completed] Update translations for tails-onioncircuits_completed

[translation]

commit 87ab3433d2f4466e47119c66dbbb739e76a4cd2c
Author: Translation commit bot 
Date:   Tue Nov 13 20:16:44 2018 +

Update translations for tails-onioncircuits_completed
---
 fr/onioncircuits.pot | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fr/onioncircuits.pot b/fr/onioncircuits.pot
index 811179758..350a15652 100644
--- a/fr/onioncircuits.pot
+++ b/fr/onioncircuits.pot
@@ -11,10 +11,10 @@
 # Thomas Chauchefoin , 2016
 msgid ""
 msgstr ""
-"Project-Id-Version: The Tor Project\n"
+"Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-08-03 13:00+\n"
-"PO-Revision-Date: 2018-09-20 21:32+\n"
+"PO-Revision-Date: 2018-11-13 20:05+\n"
 "Last-Translator: AO \n"
 "Language-Team: French 
(http://www.transifex.com/otf/torproject/language/fr/)\n"
 "MIME-Version: 1.0\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/support-portal] Update translations for support-portal

[translation]

commit 3e072776db8e82fe1f05429e08b3d3fdec19c91c
Author: Translation commit bot 
Date:   Tue Nov 13 17:19:11 2018 +

Update translations for support-portal
---
 contents+ka.po | 28 ++--
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/contents+ka.po b/contents+ka.po
index 9231cc0cb..e26e99e5e 100644
--- a/contents+ka.po
+++ b/contents+ka.po
@@ -301,8 +301,8 @@ msgid ""
 "Many exit nodes are configured to block certain types of file sharing "
 "traffic, such as BitTorrent."
 msgstr ""
-"გამსვლელი წერტილების 
უმეტესობაზე, ფაილების 
გასაზიარებელი გარკვეული 
სახის "
-"მონაცემთა მიმოცვლა 
შეზღუდულია, როგორიცაა BitTorrent."
+"გამსვლელი კვანძების 
უმეტესობაზე, ფაილების 
გასაზიარებელი გარკვეული 
სახის "
+"მონაცემთა მიმოცვლა 
შეზღუდულია, მათ შორის BitTorrent."
 
 #: http//localhost/censorship/censorship-4/
 #: (content/censorship/censorship-4/contents+en.lrquestion.seo_slug)
@@ -384,6 +384,8 @@ msgid ""
 "If you run Tor Browser and another browser at the same time, it won't affect"
 " Tor's performance or privacy properties."
 msgstr ""
+"თუ Tor-ბრაუზერის 
გამოყენებისას სხვა ბრაუზერ
საც გამოიყენებთ, ეს არ 
იმოქმედებს"
+" Tor-ის წარმადობაზე ან უსაფრ
თხოებაზე."
 
 #: http//localhost/faq/faq-2/
 #: (content/faq/faq-2/contents+en.lrquestion.description)
@@ -535,6 +537,7 @@ msgid ""
 "Sorry, but there is currently no official support for running Tor Browser on"
 " *BSD."
 msgstr ""
+"სამწუხაროდ ოფიციალურად არაა 
მხარდაჭერილი Tor-ბრაუზერის 
გამოყენება *BSD-ზე."
 
 #: http//localhost/https/https-1/
 #: (content/https/https-1/contents+en.lrquestion.description)
@@ -688,7 +691,7 @@ msgstr "ოპერატორები"
 #: http//localhost/tbb/tbb-17/
 #: (content/tbb/tbb-17/contents+en.lrquestion.title)
 msgid "Is it safe to run Tor Browser and another browser at the same time?"
-msgstr ""
+msgstr "უსაფრთხოა Tor-ბრაუზერისა და 
სხვა ბრაუზერის ერთდროულად 
გამოყენება?"
 
 #: http//localhost/gettor/gettor-1/
 #: (content/gettor/gettor-1/contents+en.lrquestion.description)
@@ -799,7 +802,7 @@ msgstr ""
 #: http//localhost/tbb/tbb-18/
 #: (content/tbb/tbb-18/contents+en.lrquestion.title)
 msgid "Is there support for *BSD?"
-msgstr ""
+msgstr "მხარდაჭერილია *BSD?"
 
 #: http//localhost/tbb/tbb-19/
 #: (content/tbb/tbb-19/contents+en.lrquestion.title)
@@ -1448,6 +1451,8 @@ msgid ""
 "The rest of your circuit changes with every new website you visit, and all "
 "together these relays provide the full privacy protections of Tor."
 msgstr ""
+"დანარჩენი წრედი იცვლება 
თითოეული მონახულებული 
საიტისთვის და ყველა ეს "
+"გადამცემი უზრუნველყოფს პირ
ადი მონაცემების სრულყოფილ 
დაცვას Tor-ში."
 
 #: http//localhost/tbb/tbb-2/
 #: (content/tbb/tbb-2/contents+en.lrquestion.seo_slug)
@@ -1711,6 +1716,8 @@ msgid ""
 "It is a fast and stable relay that remains the first one in your circuit for"
 " 2-3 months in order to protect against a known anonymity-breaking attack."
 msgstr ""
+"იგი წარმოადგენს უსწარაფეს 
და მდგრად გადამცემს, რომელიც რ
ჩება პირველ ადგილას "
+"თქვენს წრედში 2-3 თვით, ცნობილი 
შეტევებისგან თავის 
დასაცავად."
 
 #: http//localhost/tbb/tbb-42/
 #: (content/tbb/tbb-42/contents+en.lrquestion.seo_slug)
@@ -2137,7 +2144,7 @@ msgstr ""
 #: http//localhost/tbb/tbb-2/
 #: (content/tbb/tbb-2/contents+en.lrquestion.description)
 msgid "That is normal Tor behavior."
-msgstr ""
+msgstr "ეს ბუნებრივია Tor-ისთვის."
 
 #: http//localhost/tbb/tbb-28/
 #: (content/tbb/tbb-28/contents+en.lrquestion.description)
@@ -3055,6 +3062,11 @@ msgid ""
 "users.cs.umn.edu/~hoppernj/single_guard.pdf\">paper on entry "
 "guards."
 msgstr ""
+"ვრცლად, მცველი 

[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed

[translation]

commit 673f38d7c684ad2d42cd2a3f43200a6322fb471e
Author: Translation commit bot 
Date:   Tue Nov 13 17:16:58 2018 +

Update translations for tails-persistence-setup_completed
---
 sv/sv.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sv/sv.po b/sv/sv.po
index 34f16216e..92a8dcdc2 100644
--- a/sv/sv.po
+++ b/sv/sv.po
@@ -18,8 +18,8 @@ msgstr ""
 "Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: Tails developers \n"
 "POT-Creation-Date: 2018-11-01 12:21+0100\n"
-"PO-Revision-Date: 2018-11-07 09:41+\n"
-"Last-Translator: Jonatan Nyberg\n"
+"PO-Revision-Date: 2018-11-13 17:09+\n"
+"Last-Translator: Chessax Nemeth \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup

[translation]

commit 899b4f1b07103a86f67b37c1f1cb69da0505ab88
Author: Translation commit bot 
Date:   Tue Nov 13 17:16:53 2018 +

Update translations for tails-persistence-setup
---
 sv/sv.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sv/sv.po b/sv/sv.po
index 34f16216e..92a8dcdc2 100644
--- a/sv/sv.po
+++ b/sv/sv.po
@@ -18,8 +18,8 @@ msgstr ""
 "Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: Tails developers \n"
 "POT-Creation-Date: 2018-11-01 12:21+0100\n"
-"PO-Revision-Date: 2018-11-07 09:41+\n"
-"Last-Translator: Jonatan Nyberg\n"
+"PO-Revision-Date: 2018-11-13 17:09+\n"
+"Last-Translator: Chessax Nemeth \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed

[translation]

commit 565ebb828ee92a241d7f9e20684c818e003afbbb
Author: Translation commit bot 
Date:   Tue Nov 13 17:15:44 2018 +

Update translations for https_everywhere_completed
---
 sv/https-everywhere.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sv/https-everywhere.dtd b/sv/https-everywhere.dtd
index cdaf92f0d..6e78ede44 100644
--- a/sv/https-everywhere.dtd
+++ b/sv/https-everywhere.dtd
@@ -23,7 +23,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/https_everywhere] Update translations for https_everywhere

[translation]

commit 6c609aef7d51615ce81d66fddc9a93477a93ef55
Author: Translation commit bot 
Date:   Tue Nov 13 17:15:38 2018 +

Update translations for https_everywhere
---
 sv/https-everywhere.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sv/https-everywhere.dtd b/sv/https-everywhere.dtd
index cdaf92f0d..6e78ede44 100644
--- a/sv/https-everywhere.dtd
+++ b/sv/https-everywhere.dtd
@@ -23,7 +23,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/support-portal] Update translations for support-portal

[translation]

commit e628b01689401e07ed80b33577e267bbaf60a81b
Author: Translation commit bot 
Date:   Tue Nov 13 16:49:34 2018 +

Update translations for support-portal
---
 contents+ka.po | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/contents+ka.po b/contents+ka.po
index e88b77d6a..9231cc0cb 100644
--- a/contents+ka.po
+++ b/contents+ka.po
@@ -627,7 +627,7 @@ msgstr ""
 #: http//localhost/tbb/tbb-13/
 #: (content/tbb/tbb-13/contents+en.lrquestion.description)
 msgid "They need to be configured separately to use Tor."
-msgstr ""
+msgstr "მათი გამართვა ცალკეა 
საჭირო Tor-ის გამოსაყენებლად."
 
 #: http//localhost/tbb/ (content/tbb/contents+en.lrtopic.seo_slug)
 msgid "tor-browser"
@@ -3170,6 +3170,8 @@ msgid ""
 "have their connections routed over the Tor network, and will not be "
 "protected."
 msgstr ""
+"სისტემაში არსებული სხვა 
ნებისმიერი პროგრამის (მათ შორ
ის სხვა ბრაუზერების) "
+"კავშირი არ იყენებს Tor-ქსელს, 
შესაბამისად არაა დაცული."
 
 #: http//localhost/operators/operators-6/
 #: (content/operators/operators-6/contents+en.lrquestion.description)
@@ -3494,7 +3496,7 @@ msgstr ""
 #: http//localhost/tbb/tbb-16/
 #: (content/tbb/tbb-16/contents+en.lrquestion.title)
 msgid "Can I pick which country I'm exiting from?"
-msgstr ""
+msgstr "შემიძლია ინტერნეტში 
გასასვლელი ქვეყნის არჩევა?"
 
 #: http//localhost/misc/misc-12/
 #: (content/misc/misc-12/contents+en.lrquestion.seo_slug)
@@ -3655,6 +3657,10 @@ msgid ""
 "operating system which you can start on almost any computer from "
 "a USB stick or a DVD."
 msgstr ""
+"თუ გსურთ ყველა სახის ინფორ
მაციის მიმოცვლა ხდებოდეს 
Tor-ქსელის გავლით, "
+"გაეცანით https://tails.boum.org/\;>Tails-ის პირდაპირ "
+"გასაშვებ სისტემას, რ
ომელიც ნებისმიერ კომპიუტერ
ზე შეგიძლიათ "
+"პირდაპირ გაუშვათ USB-მეხსიერ
ებიდან ან DVD-დისკიდან."
 
 #: http//localhost/tbb/ (content/tbb/contents+en.lrtopic.title)
 msgid "Tor Browser"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable"

[dgoulet]

commit ec93385cb235a9aafc7bd3bd83a440b3f35ff6fd
Author: Neel Chauhan 
Date:   Tue Nov 13 10:33:51 2018 -0500

Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" 
should be "usable"
---
 src/feature/rend/rendcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/feature/rend/rendcache.c b/src/feature/rend/rendcache.c
index 848386b97..b851e7195 100644
--- a/src/feature/rend/rendcache.c
+++ b/src/feature/rend/rendcache.c
@@ -45,7 +45,7 @@ STATIC digestmap_t *rend_cache_v2_dir = NULL;
  * looked up in this cache and if present, it is discarded from the fetched
  * descriptor. At the end, all IP(s) in the cache, for a specific service
  * ID, that were NOT present in the descriptor are removed from this cache.
- * Which means that if at least one IP was not in this cache, thus usuable,
+ * Which means that if at least one IP was not in this cache, thus usable,
  * it's considered a new descriptor so we keep it. Else, if all IPs were in
  * this cache, we discard the descriptor as it's considered unusable.
  *



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'tor-github/pr/501'

[dgoulet]

commit 342f2b187351f8a41fc0337499c05fb3a673610f
Merge: 8fb318860 ec93385cb
Author: David Goulet 
Date:   Tue Nov 13 10:48:23 2018 -0500

Merge branch 'tor-github/pr/501'

 src/feature/rend/rendcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-aboutdialogdtd_completed] Update translations for torbutton-aboutdialogdtd_completed

[translation]

commit ffca6904eac62413899385ac3d7bdd092b09a18a
Author: Translation commit bot 
Date:   Tue Nov 13 15:48:35 2018 +

Update translations for torbutton-aboutdialogdtd_completed
---
 en-US/aboutdialog.dtd | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/en-US/aboutdialog.dtd b/en-US/aboutdialog.dtd
new file mode 100644
index 0..5099ad74b
--- /dev/null
+++ b/en-US/aboutdialog.dtd
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-abouttbupdatedtd] Update translations for torbutton-abouttbupdatedtd

[translation]

commit 640cb2d4e247f9840684259e25169f16f2fa44fe
Author: Translation commit bot 
Date:   Tue Nov 13 15:48:40 2018 +

Update translations for torbutton-abouttbupdatedtd
---
 en-US/abouttbupdate.dtd | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/en-US/abouttbupdate.dtd b/en-US/abouttbupdate.dtd
new file mode 100644
index 0..f7b3f2ed8
--- /dev/null
+++ b/en-US/abouttbupdate.dtd
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-abouttbupdatedtd_completed] Update translations for torbutton-abouttbupdatedtd_completed

[translation]

commit e11d71352e11654bbbc246bc038d6d79730c87fa
Author: Translation commit bot 
Date:   Tue Nov 13 15:48:46 2018 +

Update translations for torbutton-abouttbupdatedtd_completed
---
 en-US/abouttbupdate.dtd | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/en-US/abouttbupdate.dtd b/en-US/abouttbupdate.dtd
new file mode 100644
index 0..f7b3f2ed8
--- /dev/null
+++ b/en-US/abouttbupdate.dtd
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-branddtd_completed] Update translations for torbutton-branddtd_completed

[translation]

commit b597130e7bef88d367949dcc1d18aed0850cceb5
Author: Translation commit bot 
Date:   Tue Nov 13 15:48:08 2018 +

Update translations for torbutton-branddtd_completed
---
 ast/brand.dtd   |  8 
 az/brand.dtd|  8 
 cy/brand.dtd|  8 
 {en => en-US}/brand.dtd |  0
 eo/brand.dtd|  8 
 es_CL/brand.dtd |  8 
 fr_CA/brand.dtd | 15 ---
 km/brand.dtd|  8 
 ko_KR/brand.dtd |  8 
 nn/brand.dtd|  8 
 pa/brand.dtd|  8 
 si_LK/brand.dtd |  8 
 sl/brand.dtd|  8 
 tl_PH/brand.dtd | 14 --
 14 files changed, 117 deletions(-)

diff --git a/ast/brand.dtd b/ast/brand.dtd
deleted file mode 100644
index c72c0d938..0
--- a/ast/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/az/brand.dtd b/az/brand.dtd
deleted file mode 100644
index 304b117e0..0
--- a/az/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/cy/brand.dtd b/cy/brand.dtd
deleted file mode 100644
index e90ab3c02..0
--- a/cy/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/en/brand.dtd b/en-US/brand.dtd
similarity index 100%
rename from en/brand.dtd
rename to en-US/brand.dtd
diff --git a/eo/brand.dtd b/eo/brand.dtd
deleted file mode 100644
index 78e190df5..0
--- a/eo/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/es_CL/brand.dtd b/es_CL/brand.dtd
deleted file mode 100644
index 421743256..0
--- a/es_CL/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/fr_CA/brand.dtd b/fr_CA/brand.dtd
deleted file mode 100644
index 923c0071c..0
--- a/fr_CA/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/km/brand.dtd b/km/brand.dtd
deleted file mode 100644
index b38d7b2d6..0
--- a/km/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/ko_KR/brand.dtd b/ko_KR/brand.dtd
deleted file mode 100644
index 0cce49840..0
--- a/ko_KR/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/nn/brand.dtd b/nn/brand.dtd
deleted file mode 100644
index 3ac910342..0
--- a/nn/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/pa/brand.dtd b/pa/brand.dtd
deleted file mode 100644
index b2a6c2da2..0
--- a/pa/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/si_LK/brand.dtd b/si_LK/brand.dtd
deleted file mode 100644
index 4f43a94d8..0
--- a/si_LK/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/sl/brand.dtd b/sl/brand.dtd
deleted file mode 100644
index feee0dff6..0
--- a/sl/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/tl_PH/brand.dtd b/tl_PH/brand.dtd
deleted file mode 100644
index 3a3b43985..0
--- a/tl_PH/brand.dtd
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-branddtd] Update translations for torbutton-branddtd

[translation]

commit 4ec9eddce6ac4e7d2f922166bcf5c3f21de09781
Author: Translation commit bot 
Date:   Tue Nov 13 15:48:03 2018 +

Update translations for torbutton-branddtd
---
 af_ZA/brand.dtd  |  8 
 ak/brand.dtd | 15 ---
 am_ET/brand.dtd  | 15 ---
 ar_AA/brand.dtd  | 15 ---
 ba/brand.dtd | 15 ---
 bal/brand.dtd| 15 ---
 bg_BG/brand.dtd  |  8 
 bn_IN/brand.dtd  | 15 ---
 brx/brand.dtd| 15 ---
 ca_ES/brand.dtd  |  8 
 ceb/brand.dtd| 15 ---
 co/brand.dtd | 15 ---
 cs_CZ/brand.dtd  | 15 ---
 csb/brand.dtd| 15 ---
 cv/brand.dtd | 15 ---
 cy_GB/brand.dtd  | 15 ---
 da_DK/brand.dtd  | 15 ---
 el_GR/brand.dtd  |  8 
 {ady => en-US}/brand.dtd |  0
 en/brand.dtd | 15 ---
 es_NI/brand.dtd  |  8 
 fr_CA/brand.dtd  | 15 ---
 gun/brand.dtd| 15 ---
 ha/brand.dtd | 15 ---
 hy_AM/brand.dtd  | 15 ---
 jbo/brand.dtd| 15 ---
 kw/brand.dtd | 15 ---
 ms/brand.dtd |  8 
 nds/brand.dtd| 15 ---
 pl_PL/brand.dtd  |  8 
 sa/brand.dtd | 15 ---
 scn/brand.dtd| 15 ---
 si/brand.dtd | 15 ---
 sq_AL/brand.dtd  | 15 ---
 su/brand.dtd | 15 ---
 sv_SE/brand.dtd  |  8 
 sw/brand.dtd | 15 ---
 szl/brand.dtd| 15 ---
 te_IN/brand.dtd  | 15 ---
 tl_PH/brand.dtd  | 15 ---
 tzm/brand.dtd| 15 ---
 ve/brand.dtd | 15 ---
 wa/brand.dtd | 15 ---
 wo/brand.dtd | 15 ---
 yo/brand.dtd | 15 ---
 zh/brand.dtd |  8 
 zh_CN.GB2312/brand.dtd   |  8 
 zu/brand.dtd | 15 ---
 48 files changed, 635 deletions(-)

diff --git a/af_ZA/brand.dtd b/af_ZA/brand.dtd
deleted file mode 100644
index 76e405d58..0
--- a/af_ZA/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/ak/brand.dtd b/ak/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/ak/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/am_ET/brand.dtd b/am_ET/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/am_ET/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/ar_AA/brand.dtd b/ar_AA/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/ar_AA/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/ba/brand.dtd b/ba/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/ba/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/bal/brand.dtd b/bal/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/bal/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/bg_BG/brand.dtd b/bg_BG/brand.dtd
deleted file mode 100644
index 76e405d58..0
--- a/bg_BG/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/bn_IN/brand.dtd b/bn_IN/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/bn_IN/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/brx/brand.dtd b/brx/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/brx/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/ca_ES/brand.dtd b/ca_ES/brand.dtd
deleted file mode 100644
index e34f480e1..0
--- a/ca_ES/brand.dtd
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
diff --git a/ceb/brand.dtd b/ceb/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/ceb/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/co/brand.dtd b/co/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/co/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/cs_CZ/brand.dtd b/cs_CZ/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/cs_CZ/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/csb/brand.dtd b/csb/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/csb/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/cv/brand.dtd b/cv/brand.dtd
deleted file mode 100644
index 3df1a084c..0
--- a/cv/brand.dtd
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/cy_GB/brand.dtd b/cy_GB/brand.dtd
deleted 

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5

[dgoulet]

commit a5f3a67a828fe5d121b456a09710e85362245d42
Merge: 51d944482 6f2151be9
Author: David Goulet 
Date:   Tue Nov 13 10:43:02 2018 -0500

Merge branch 'maint-0.3.5' into release-0.3.5

 changes/bug27841   | 7 +++
 src/feature/hs/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] At intro points, don't close circuits on NACKs

[dgoulet]

commit f89f14802e938c7abcd2a6387f64d442cefe72c2
Author: Neel Chauhan 
Date:   Tue Nov 6 17:04:08 2018 -0500

At intro points, don't close circuits on NACKs
---
 changes/bug27841   | 7 +++
 src/or/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/changes/bug27841 b/changes/bug27841
new file mode 100644
index 0..9cd1da727
--- /dev/null
+++ b/changes/bug27841
@@ -0,0 +1,7 @@
+  o Minor bugfixes (onion services):
+- On an intro point for a version 3 onion service, we do not close
+  an introduction circuit on an NACK. This lets the client decide
+  whether to reuse the circuit or discard it. Previously, we closed
+  intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha.
+  Patch by Neel Chaunan
+
diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c
index 9eaf57251..a622c62dd 100644
--- a/src/or/hs_intropoint.c
+++ b/src/or/hs_intropoint.c
@@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t 
*request,
 /* Circuit has been closed on failure of transmission. */
 goto done;
   }
-  if (status != HS_INTRO_ACK_STATUS_SUCCESS) {
-/* We just sent a NACK that is a non success status code so close the
- * circuit because it's not useful to keep it open. Remember, a client can
- * only send one INTRODUCE1 cell on a circuit. */
-circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL);
-  }
  done:
   trn_cell_introduce1_free(parsed_cell);
   return ret;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'tor-github/pr/487' into maint-0.3.5

[dgoulet]

commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4
Merge: ae4c94bb6 f89f14802
Author: David Goulet 
Date:   Tue Nov 13 10:37:25 2018 -0500

Merge branch 'tor-github/pr/487' into maint-0.3.5

 changes/bug27841   | 7 +++
 src/feature/hs/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --cc src/feature/hs/hs_intropoint.c
index c716447c9,0..2ea53af6a
mode 100644,00..100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@@ -1,614 -1,0 +1,608 @@@
 +/* Copyright (c) 2016-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file hs_intropoint.c
 + * \brief Implement next generation introductions point functionality
 + **/
 +
 +#define HS_INTROPOINT_PRIVATE
 +
 +#include "core/or/or.h"
 +#include "app/config/config.h"
 +#include "core/or/circuitlist.h"
 +#include "core/or/circuituse.h"
 +#include "core/or/relay.h"
 +#include "feature/rend/rendmid.h"
 +#include "feature/stats/rephist.h"
 +#include "lib/crypt_ops/crypto_format.h"
 +
 +/* Trunnel */
 +#include "trunnel/ed25519_cert.h"
 +#include "trunnel/hs/cell_common.h"
 +#include "trunnel/hs/cell_establish_intro.h"
 +#include "trunnel/hs/cell_introduce1.h"
 +
 +#include "feature/hs/hs_circuitmap.h"
 +#include "feature/hs/hs_descriptor.h"
 +#include "feature/hs/hs_intropoint.h"
 +#include "feature/hs/hs_common.h"
 +
 +#include "core/or/or_circuit_st.h"
 +
 +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using
 + * the given cell_type from cell and place it in
 + * auth_key_out. */
 +STATIC void
 +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
 +   unsigned int cell_type, const void *cell)
 +{
 +  size_t auth_key_len;
 +  const uint8_t *key_array;
 +
 +  tor_assert(auth_key_out);
 +  tor_assert(cell);
 +
 +  switch (cell_type) {
 +  case RELAY_COMMAND_ESTABLISH_INTRO:
 +  {
 +const trn_cell_establish_intro_t *c_cell = cell;
 +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell);
 +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell);
 +break;
 +  }
 +  case RELAY_COMMAND_INTRODUCE1:
 +  {
 +const trn_cell_introduce1_t *c_cell = cell;
 +key_array = trn_cell_introduce1_getconstarray_auth_key(cell);
 +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell);
 +break;
 +  }
 +  default:
 +/* Getting here is really bad as it means we got a unknown cell type from
 + * this file where every call has an hardcoded value. */
 +tor_assert_unreached(); /* LCOV_EXCL_LINE */
 +  }
 +  tor_assert(key_array);
 +  tor_assert(auth_key_len == sizeof(auth_key_out->pubkey));
 +  memcpy(auth_key_out->pubkey, key_array, auth_key_len);
 +}
 +
 +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC,
 + *  given circuit_key_material. Return 0 on success else -1 on error. 
*/
 +STATIC int
 +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
 +const uint8_t *circuit_key_material,
 +size_t circuit_key_material_len)
 +{
 +  /* We only reach this function if the first byte of the cell is 0x02 which
 +   * means that auth_key_type is of ed25519 type, hence this check should
 +   * always pass. See hs_intro_received_establish_intro().  */
 +  if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
 +return -1;
 +  }
 +
 +  /* Make sure the auth key length is of the right size for this type. For
 +   * EXTRA safety, we check both the size of the array and the length which
 +   * must be the same. Safety first!*/
 +  if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
 +  trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
 +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 +   "ESTABLISH_INTRO auth key length is invalid");
 +return -1;
 +  }
 +
 +  const uint8_t *msg = cell->start_cell;
 +
 +  /* Verify the sig */
 +  {
 +ed25519_signature_t sig_struct;
 +const uint8_t *sig_array =
 +  trn_cell_establish_intro_getconstarray_sig(cell);
 +
 +/* Make sure the signature length is of the right size. For EXTRA safety,
 + * we check both the size of the array and the length which must be the
 + * same. Safety first!*/
 +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
 +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) 
{
 +  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 + "ESTABLISH_INTRO sig len is invalid");
 +  return -1;
 +}
 +/* We are now sure that sig_len is of the right size. */
 +memcpy(sig_struct.sig, sig_array, cell->sig_len);
 +
 +ed25519_public_key_t auth_key;
 +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell);
 +
 +const size_t sig_msg_len = cell->end_sig_fields - msg;
 +int sig_mismatch = ed25519_checksig_prefixed(_struct,
 +  

[tor-commits] [tor/maint-0.3.5] Merge branch 'tor-github/pr/487' into maint-0.3.5

[dgoulet]

commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4
Merge: ae4c94bb6 f89f14802
Author: David Goulet 
Date:   Tue Nov 13 10:37:25 2018 -0500

Merge branch 'tor-github/pr/487' into maint-0.3.5

 changes/bug27841   | 7 +++
 src/feature/hs/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --cc src/feature/hs/hs_intropoint.c
index c716447c9,0..2ea53af6a
mode 100644,00..100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@@ -1,614 -1,0 +1,608 @@@
 +/* Copyright (c) 2016-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file hs_intropoint.c
 + * \brief Implement next generation introductions point functionality
 + **/
 +
 +#define HS_INTROPOINT_PRIVATE
 +
 +#include "core/or/or.h"
 +#include "app/config/config.h"
 +#include "core/or/circuitlist.h"
 +#include "core/or/circuituse.h"
 +#include "core/or/relay.h"
 +#include "feature/rend/rendmid.h"
 +#include "feature/stats/rephist.h"
 +#include "lib/crypt_ops/crypto_format.h"
 +
 +/* Trunnel */
 +#include "trunnel/ed25519_cert.h"
 +#include "trunnel/hs/cell_common.h"
 +#include "trunnel/hs/cell_establish_intro.h"
 +#include "trunnel/hs/cell_introduce1.h"
 +
 +#include "feature/hs/hs_circuitmap.h"
 +#include "feature/hs/hs_descriptor.h"
 +#include "feature/hs/hs_intropoint.h"
 +#include "feature/hs/hs_common.h"
 +
 +#include "core/or/or_circuit_st.h"
 +
 +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using
 + * the given cell_type from cell and place it in
 + * auth_key_out. */
 +STATIC void
 +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
 +   unsigned int cell_type, const void *cell)
 +{
 +  size_t auth_key_len;
 +  const uint8_t *key_array;
 +
 +  tor_assert(auth_key_out);
 +  tor_assert(cell);
 +
 +  switch (cell_type) {
 +  case RELAY_COMMAND_ESTABLISH_INTRO:
 +  {
 +const trn_cell_establish_intro_t *c_cell = cell;
 +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell);
 +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell);
 +break;
 +  }
 +  case RELAY_COMMAND_INTRODUCE1:
 +  {
 +const trn_cell_introduce1_t *c_cell = cell;
 +key_array = trn_cell_introduce1_getconstarray_auth_key(cell);
 +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell);
 +break;
 +  }
 +  default:
 +/* Getting here is really bad as it means we got a unknown cell type from
 + * this file where every call has an hardcoded value. */
 +tor_assert_unreached(); /* LCOV_EXCL_LINE */
 +  }
 +  tor_assert(key_array);
 +  tor_assert(auth_key_len == sizeof(auth_key_out->pubkey));
 +  memcpy(auth_key_out->pubkey, key_array, auth_key_len);
 +}
 +
 +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC,
 + *  given circuit_key_material. Return 0 on success else -1 on error. 
*/
 +STATIC int
 +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
 +const uint8_t *circuit_key_material,
 +size_t circuit_key_material_len)
 +{
 +  /* We only reach this function if the first byte of the cell is 0x02 which
 +   * means that auth_key_type is of ed25519 type, hence this check should
 +   * always pass. See hs_intro_received_establish_intro().  */
 +  if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
 +return -1;
 +  }
 +
 +  /* Make sure the auth key length is of the right size for this type. For
 +   * EXTRA safety, we check both the size of the array and the length which
 +   * must be the same. Safety first!*/
 +  if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
 +  trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
 +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 +   "ESTABLISH_INTRO auth key length is invalid");
 +return -1;
 +  }
 +
 +  const uint8_t *msg = cell->start_cell;
 +
 +  /* Verify the sig */
 +  {
 +ed25519_signature_t sig_struct;
 +const uint8_t *sig_array =
 +  trn_cell_establish_intro_getconstarray_sig(cell);
 +
 +/* Make sure the signature length is of the right size. For EXTRA safety,
 + * we check both the size of the array and the length which must be the
 + * same. Safety first!*/
 +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
 +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) 
{
 +  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 + "ESTABLISH_INTRO sig len is invalid");
 +  return -1;
 +}
 +/* We are now sure that sig_len is of the right size. */
 +memcpy(sig_struct.sig, sig_array, cell->sig_len);
 +
 +ed25519_public_key_t auth_key;
 +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell);
 +
 +const size_t sig_msg_len = cell->end_sig_fields - msg;
 +int sig_mismatch = ed25519_checksig_prefixed(_struct,
 +  

[tor-commits] [tor/master] Merge branch 'tor-github/pr/487' into maint-0.3.5

[dgoulet]

commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4
Merge: ae4c94bb6 f89f14802
Author: David Goulet 
Date:   Tue Nov 13 10:37:25 2018 -0500

Merge branch 'tor-github/pr/487' into maint-0.3.5

 changes/bug27841   | 7 +++
 src/feature/hs/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --cc src/feature/hs/hs_intropoint.c
index c716447c9,0..2ea53af6a
mode 100644,00..100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@@ -1,614 -1,0 +1,608 @@@
 +/* Copyright (c) 2016-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file hs_intropoint.c
 + * \brief Implement next generation introductions point functionality
 + **/
 +
 +#define HS_INTROPOINT_PRIVATE
 +
 +#include "core/or/or.h"
 +#include "app/config/config.h"
 +#include "core/or/circuitlist.h"
 +#include "core/or/circuituse.h"
 +#include "core/or/relay.h"
 +#include "feature/rend/rendmid.h"
 +#include "feature/stats/rephist.h"
 +#include "lib/crypt_ops/crypto_format.h"
 +
 +/* Trunnel */
 +#include "trunnel/ed25519_cert.h"
 +#include "trunnel/hs/cell_common.h"
 +#include "trunnel/hs/cell_establish_intro.h"
 +#include "trunnel/hs/cell_introduce1.h"
 +
 +#include "feature/hs/hs_circuitmap.h"
 +#include "feature/hs/hs_descriptor.h"
 +#include "feature/hs/hs_intropoint.h"
 +#include "feature/hs/hs_common.h"
 +
 +#include "core/or/or_circuit_st.h"
 +
 +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using
 + * the given cell_type from cell and place it in
 + * auth_key_out. */
 +STATIC void
 +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
 +   unsigned int cell_type, const void *cell)
 +{
 +  size_t auth_key_len;
 +  const uint8_t *key_array;
 +
 +  tor_assert(auth_key_out);
 +  tor_assert(cell);
 +
 +  switch (cell_type) {
 +  case RELAY_COMMAND_ESTABLISH_INTRO:
 +  {
 +const trn_cell_establish_intro_t *c_cell = cell;
 +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell);
 +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell);
 +break;
 +  }
 +  case RELAY_COMMAND_INTRODUCE1:
 +  {
 +const trn_cell_introduce1_t *c_cell = cell;
 +key_array = trn_cell_introduce1_getconstarray_auth_key(cell);
 +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell);
 +break;
 +  }
 +  default:
 +/* Getting here is really bad as it means we got a unknown cell type from
 + * this file where every call has an hardcoded value. */
 +tor_assert_unreached(); /* LCOV_EXCL_LINE */
 +  }
 +  tor_assert(key_array);
 +  tor_assert(auth_key_len == sizeof(auth_key_out->pubkey));
 +  memcpy(auth_key_out->pubkey, key_array, auth_key_len);
 +}
 +
 +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC,
 + *  given circuit_key_material. Return 0 on success else -1 on error. 
*/
 +STATIC int
 +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
 +const uint8_t *circuit_key_material,
 +size_t circuit_key_material_len)
 +{
 +  /* We only reach this function if the first byte of the cell is 0x02 which
 +   * means that auth_key_type is of ed25519 type, hence this check should
 +   * always pass. See hs_intro_received_establish_intro().  */
 +  if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
 +return -1;
 +  }
 +
 +  /* Make sure the auth key length is of the right size for this type. For
 +   * EXTRA safety, we check both the size of the array and the length which
 +   * must be the same. Safety first!*/
 +  if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
 +  trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
 +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 +   "ESTABLISH_INTRO auth key length is invalid");
 +return -1;
 +  }
 +
 +  const uint8_t *msg = cell->start_cell;
 +
 +  /* Verify the sig */
 +  {
 +ed25519_signature_t sig_struct;
 +const uint8_t *sig_array =
 +  trn_cell_establish_intro_getconstarray_sig(cell);
 +
 +/* Make sure the signature length is of the right size. For EXTRA safety,
 + * we check both the size of the array and the length which must be the
 + * same. Safety first!*/
 +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
 +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) 
{
 +  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 + "ESTABLISH_INTRO sig len is invalid");
 +  return -1;
 +}
 +/* We are now sure that sig_len is of the right size. */
 +memcpy(sig_struct.sig, sig_array, cell->sig_len);
 +
 +ed25519_public_key_t auth_key;
 +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell);
 +
 +const size_t sig_msg_len = cell->end_sig_fields - msg;
 +int sig_mismatch = ed25519_checksig_prefixed(_struct,
 +  

[tor-commits] [tor/maint-0.3.5] At intro points, don't close circuits on NACKs

[dgoulet]

commit f89f14802e938c7abcd2a6387f64d442cefe72c2
Author: Neel Chauhan 
Date:   Tue Nov 6 17:04:08 2018 -0500

At intro points, don't close circuits on NACKs
---
 changes/bug27841   | 7 +++
 src/or/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/changes/bug27841 b/changes/bug27841
new file mode 100644
index 0..9cd1da727
--- /dev/null
+++ b/changes/bug27841
@@ -0,0 +1,7 @@
+  o Minor bugfixes (onion services):
+- On an intro point for a version 3 onion service, we do not close
+  an introduction circuit on an NACK. This lets the client decide
+  whether to reuse the circuit or discard it. Previously, we closed
+  intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha.
+  Patch by Neel Chaunan
+
diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c
index 9eaf57251..a622c62dd 100644
--- a/src/or/hs_intropoint.c
+++ b/src/or/hs_intropoint.c
@@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t 
*request,
 /* Circuit has been closed on failure of transmission. */
 goto done;
   }
-  if (status != HS_INTRO_ACK_STATUS_SUCCESS) {
-/* We just sent a NACK that is a non success status code so close the
- * circuit because it's not useful to keep it open. Remember, a client can
- * only send one INTRODUCE1 cell on a circuit. */
-circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL);
-  }
  done:
   trn_cell_introduce1_free(parsed_cell);
   return ret;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] At intro points, don't close circuits on NACKs

[dgoulet]

commit f89f14802e938c7abcd2a6387f64d442cefe72c2
Author: Neel Chauhan 
Date:   Tue Nov 6 17:04:08 2018 -0500

At intro points, don't close circuits on NACKs
---
 changes/bug27841   | 7 +++
 src/or/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/changes/bug27841 b/changes/bug27841
new file mode 100644
index 0..9cd1da727
--- /dev/null
+++ b/changes/bug27841
@@ -0,0 +1,7 @@
+  o Minor bugfixes (onion services):
+- On an intro point for a version 3 onion service, we do not close
+  an introduction circuit on an NACK. This lets the client decide
+  whether to reuse the circuit or discard it. Previously, we closed
+  intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha.
+  Patch by Neel Chaunan
+
diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c
index 9eaf57251..a622c62dd 100644
--- a/src/or/hs_intropoint.c
+++ b/src/or/hs_intropoint.c
@@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t 
*request,
 /* Circuit has been closed on failure of transmission. */
 goto done;
   }
-  if (status != HS_INTRO_ACK_STATUS_SUCCESS) {
-/* We just sent a NACK that is a non success status code so close the
- * circuit because it's not useful to keep it open. Remember, a client can
- * only send one INTRODUCE1 cell on a circuit. */
-circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL);
-  }
  done:
   trn_cell_introduce1_free(parsed_cell);
   return ret;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.5'

[dgoulet]

commit 8fb318860ecd399a59b830920e4aa21607a7b3ce
Merge: d000e798a 6f2151be9
Author: David Goulet 
Date:   Tue Nov 13 10:43:03 2018 -0500

Merge branch 'maint-0.3.5'

 changes/bug27841   | 7 +++
 src/feature/hs/hs_intropoint.c | 6 --
 2 files changed, 7 insertions(+), 6 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd

[translation]

commit 866df22aaabc795db73b2512226f1ad924fc0a4b
Author: Translation commit bot 
Date:   Tue Nov 13 15:18:18 2018 +

Update translations for torbutton-torbuttondtd
---
 ko/torbutton.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd
index c4d6183e9..b23701b2e 100644
--- a/ko/torbutton.dtd
+++ b/ko/torbutton.dtd
@@ -39,7 +39,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttondtd_completed] Update translations for torbutton-torbuttondtd_completed

[translation]

commit 12280bdfb270a9ce862d6d8a1f74a77ae4dc114f
Author: Translation commit bot 
Date:   Tue Nov 13 15:18:24 2018 +

Update translations for torbutton-torbuttondtd_completed
---
 ko/torbutton.dtd | 51 +++
 1 file changed, 51 insertions(+)

diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd
new file mode 100644
index 0..b23701b2e
--- /dev/null
+++ b/ko/torbutton.dtd
@@ -0,0 +1,51 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd

[translation]

commit 5e7db9a6a3e2230cfe114c30ed7390d6e8280713
Author: Translation commit bot 
Date:   Tue Nov 13 14:48:21 2018 +

Update translations for torbutton-torbuttondtd
---
 ko/torbutton.dtd | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd
index 90aa46013..c4d6183e9 100644
--- a/ko/torbutton.dtd
+++ b/ko/torbutton.dtd
@@ -34,18 +34,18 @@
 
 
 
-
+
 
-
-
+
+
 
 
-
+
 
-
+
 
-
-
+
+
 
 
-
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd

[translation]

commit cdb0fc76eb1fcacef59a2084d50c04084d0da1b1
Author: Translation commit bot 
Date:   Tue Nov 13 14:18:15 2018 +

Update translations for torbutton-torbuttondtd
---
 ko/torbutton.dtd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd
index 5daf9f140..90aa46013 100644
--- a/ko/torbutton.dtd
+++ b/ko/torbutton.dtd
@@ -35,10 +35,10 @@
 
 
 
-
+
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual

[translation]

commit 223b198b9d300f3aa72bc2d95460b8645dcdbe58
Author: Translation commit bot 
Date:   Tue Nov 13 14:17:38 2018 +

Update translations for tor-browser-manual
---
 ko/ko.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ko/ko.po b/ko/ko.po
index 109126e43..ac0c5eecb 100644
--- a/ko/ko.po
+++ b/ko/ko.po
@@ -6,15 +6,15 @@
 # jshyun , 2016
 # Dr.what , 2016
 # snotree , 2017
-# Philipp Sauter , 2018
 # SEPT , 2018
+# Philipp Sauter , 2018
 # 
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "POT-Creation-Date: 2018-09-07 16:48-0500\n"
 "PO-Revision-Date: 2016-12-07 01:01+\n"
-"Last-Translator: SEPT , 2018\n"
+"Last-Translator: Philipp Sauter , 2018\n"
 "Language-Team: Korean (https://www.transifex.com/otf/teams/1519/ko/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -1072,7 +1072,7 @@ msgstr ""
 
 #: security-slider.page:42
 msgid "Safest"
-msgstr ""
+msgstr "제일 안전합니다"
 
 #: security-slider.page:43
 msgid ""
@@ -1086,7 +1086,7 @@ msgstr ""
 
 #: security-slider.page:53
 msgid "Safer"
-msgstr ""
+msgstr "더 안전합니다"
 
 #: security-slider.page:54
 msgid ""

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3

[nickm]

commit 15c99be9637fd6c3dfc9f45a24fd06054dffd140
Merge: c079be8c7 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:28 2018 -0500

Merge branch 'maint-0.3.3' into release-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.5'

[nickm]

commit d000e798acce374225ead0bd074169ad611bf001
Merge: d1e9285b1 ae4c94bb6
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.5'

 changes/bug28413| 4 
 src/lib/crypt_ops/aes_openssl.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.4] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4

[nickm]

commit 42be1c668b9f8ec255afb307054e6388f478e837
Merge: 1fce9d129 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.3' into maint-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.4] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.3' into maint-0.3.4

[nickm]

commit 42be1c668b9f8ec255afb307054e6388f478e837
Merge: 1fce9d129 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.3' into maint-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.4' into release-0.3.4

[nickm]

commit 6b2c1d62a5bb590f35779dd26ced00d41938cdb5
Merge: 73378e9ac 42be1c668
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.4' into release-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.4' into maint-0.3.5

[nickm]

commit ae4c94bb6468078ba16de481991e781e1b486340
Merge: 896d0ebb9 42be1c668
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.4' into maint-0.3.5

 changes/bug28413| 4 
 src/lib/crypt_ops/aes_openssl.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --cc src/lib/crypt_ops/aes_openssl.c
index f2990fc06,0..ac275af33
mode 100644,00..100644
--- a/src/lib/crypt_ops/aes_openssl.c
+++ b/src/lib/crypt_ops/aes_openssl.c
@@@ -1,410 -1,0 +1,410 @@@
 +/* Copyright (c) 2001, Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file aes_openssl.c
 + * \brief Use OpenSSL to implement AES_CTR.
 + **/
 +
 +#include "orconfig.h"
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/crypt_ops/crypto_util.h"
 +#include "lib/log/util_bug.h"
 +#include "lib/arch/bytes.h"
 +
 +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/
 +  #include 
 +  #include 
 +#endif
 +
 +#include "lib/crypt_ops/compat_openssl.h"
 +#include 
 +#include "lib/crypt_ops/crypto_openssl_mgt.h"
 +
 +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
 +#error "We require OpenSSL >= 1.0.0"
 +#endif
 +
 +DISABLE_GCC_WARNING(redundant-decls)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +ENABLE_GCC_WARNING(redundant-decls)
 +
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/log/log.h"
 +#include "lib/ctime/di_ops.h"
 +
 +#ifdef ANDROID
 +/* Android's OpenSSL seems to have removed all of its Engine support. */
 +#define DISABLE_ENGINES
 +#endif
 +
 +/* We have five strategies for implementing AES counter mode.
 + *
 + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate().
 + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation
 + * can use bit-sliced or vectorized AES or AESNI as appropriate.
 + *
 + * Otherwise: Pick the best possible AES block implementation that OpenSSL
 + * gives us, and the best possible counter-mode implementation, and combine
 + * them.
 + */
 +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
 +
 +/* With newer OpenSSL versions, the older fallback modes don't compile.  So
 + * don't use them, even if we lack specific acceleration. */
 +
 +#define USE_EVP_AES_CTR
 +
 +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
 +  (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
 +   defined(__x86_64) || defined(__x86_64__) ||  \
 +   defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
 +
 +#define USE_EVP_AES_CTR
 +
 +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */
 +
 +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
 + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
 + *
 + * If there's any hardware acceleration in play, we want to be using EVP_* so
 + * we can get it.  Otherwise, we'll want AES_*, which seems to be about 5%
 + * faster than indirecting through the EVP layer.
 + */
 +
 +/* We have 2 strategies for getting a plug-in counter mode: use our own, or
 + * use OpenSSL's.
 + *
 + * Here we have a counter mode that's faster than the one shipping with
 + * OpenSSL pre-1.0 (by about 10%!).  But OpenSSL 1.0.0 added a counter mode
 + * implementation faster than the one here (by about 7%).  So we pick which
 + * one to used based on the Openssl version above.  (OpenSSL 1.0.0a fixed a
 + * critical bug in that counter mode implementation, so we need to test to
 + * make sure that we have a fixed version.)
 + */
 +
 +#ifdef USE_EVP_AES_CTR
 +
 +/* We don't actually define the struct here. */
 +
 +aes_cnt_cipher_t *
 +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 +{
 +  EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-   const EVP_CIPHER *c;
++  const EVP_CIPHER *c = NULL;
 +  switch (key_bits) {
 +case 128: c = EVP_aes_128_ctr(); break;
 +case 192: c = EVP_aes_192_ctr(); break;
 +case 256: c = EVP_aes_256_ctr(); break;
- default: tor_assert(0); // LCOV_EXCL_LINE
++default: tor_assert_unreached(); // LCOV_EXCL_LINE
 +  }
 +  EVP_EncryptInit(cipher, c, key, iv);
 +  return (aes_cnt_cipher_t *) cipher;
 +}
 +void
 +aes_cipher_free_(aes_cnt_cipher_t *cipher_)
 +{
 +  if (!cipher_)
 +return;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +#ifdef OPENSSL_1_1_API
 +  EVP_CIPHER_CTX_reset(cipher);
 +#else
 +  EVP_CIPHER_CTX_cleanup(cipher);
 +#endif
 +  EVP_CIPHER_CTX_free(cipher);
 +}
 +void
 +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len)
 +{
 +  int outl;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +
 +  tor_assert(len < INT_MAX);
 +
 +  EVP_EncryptUpdate(cipher, (unsigned char*)data,
 +, (unsigned char*)data, (int)len);
 +}
 

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.4' into maint-0.3.5

[nickm]

commit ae4c94bb6468078ba16de481991e781e1b486340
Merge: 896d0ebb9 42be1c668
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.4' into maint-0.3.5

 changes/bug28413| 4 
 src/lib/crypt_ops/aes_openssl.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --cc src/lib/crypt_ops/aes_openssl.c
index f2990fc06,0..ac275af33
mode 100644,00..100644
--- a/src/lib/crypt_ops/aes_openssl.c
+++ b/src/lib/crypt_ops/aes_openssl.c
@@@ -1,410 -1,0 +1,410 @@@
 +/* Copyright (c) 2001, Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file aes_openssl.c
 + * \brief Use OpenSSL to implement AES_CTR.
 + **/
 +
 +#include "orconfig.h"
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/crypt_ops/crypto_util.h"
 +#include "lib/log/util_bug.h"
 +#include "lib/arch/bytes.h"
 +
 +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/
 +  #include 
 +  #include 
 +#endif
 +
 +#include "lib/crypt_ops/compat_openssl.h"
 +#include 
 +#include "lib/crypt_ops/crypto_openssl_mgt.h"
 +
 +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
 +#error "We require OpenSSL >= 1.0.0"
 +#endif
 +
 +DISABLE_GCC_WARNING(redundant-decls)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +ENABLE_GCC_WARNING(redundant-decls)
 +
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/log/log.h"
 +#include "lib/ctime/di_ops.h"
 +
 +#ifdef ANDROID
 +/* Android's OpenSSL seems to have removed all of its Engine support. */
 +#define DISABLE_ENGINES
 +#endif
 +
 +/* We have five strategies for implementing AES counter mode.
 + *
 + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate().
 + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation
 + * can use bit-sliced or vectorized AES or AESNI as appropriate.
 + *
 + * Otherwise: Pick the best possible AES block implementation that OpenSSL
 + * gives us, and the best possible counter-mode implementation, and combine
 + * them.
 + */
 +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
 +
 +/* With newer OpenSSL versions, the older fallback modes don't compile.  So
 + * don't use them, even if we lack specific acceleration. */
 +
 +#define USE_EVP_AES_CTR
 +
 +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
 +  (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
 +   defined(__x86_64) || defined(__x86_64__) ||  \
 +   defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
 +
 +#define USE_EVP_AES_CTR
 +
 +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */
 +
 +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
 + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
 + *
 + * If there's any hardware acceleration in play, we want to be using EVP_* so
 + * we can get it.  Otherwise, we'll want AES_*, which seems to be about 5%
 + * faster than indirecting through the EVP layer.
 + */
 +
 +/* We have 2 strategies for getting a plug-in counter mode: use our own, or
 + * use OpenSSL's.
 + *
 + * Here we have a counter mode that's faster than the one shipping with
 + * OpenSSL pre-1.0 (by about 10%!).  But OpenSSL 1.0.0 added a counter mode
 + * implementation faster than the one here (by about 7%).  So we pick which
 + * one to used based on the Openssl version above.  (OpenSSL 1.0.0a fixed a
 + * critical bug in that counter mode implementation, so we need to test to
 + * make sure that we have a fixed version.)
 + */
 +
 +#ifdef USE_EVP_AES_CTR
 +
 +/* We don't actually define the struct here. */
 +
 +aes_cnt_cipher_t *
 +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 +{
 +  EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-   const EVP_CIPHER *c;
++  const EVP_CIPHER *c = NULL;
 +  switch (key_bits) {
 +case 128: c = EVP_aes_128_ctr(); break;
 +case 192: c = EVP_aes_192_ctr(); break;
 +case 256: c = EVP_aes_256_ctr(); break;
- default: tor_assert(0); // LCOV_EXCL_LINE
++default: tor_assert_unreached(); // LCOV_EXCL_LINE
 +  }
 +  EVP_EncryptInit(cipher, c, key, iv);
 +  return (aes_cnt_cipher_t *) cipher;
 +}
 +void
 +aes_cipher_free_(aes_cnt_cipher_t *cipher_)
 +{
 +  if (!cipher_)
 +return;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +#ifdef OPENSSL_1_1_API
 +  EVP_CIPHER_CTX_reset(cipher);
 +#else
 +  EVP_CIPHER_CTX_cleanup(cipher);
 +#endif
 +  EVP_CIPHER_CTX_free(cipher);
 +}
 +void
 +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len)
 +{
 +  int outl;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +
 +  tor_assert(len < INT_MAX);
 +
 +  EVP_EncryptUpdate(cipher, (unsigned char*)data,
 +, (unsigned char*)data, (int)len);
 +}
 

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

[nickm]

commit 7651775b8f4ce00b36735fbc0dc64102b4bbac87
Merge: 79443fd82 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:54 2018 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5

[nickm]

commit 51d9444823b95eeec60ae8e45d63017323016978
Merge: c97c2c690 ae4c94bb6
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.5' into release-0.3.5

 changes/bug28413| 4 
 src/lib/crypt_ops/aes_openssl.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.3' into maint-0.3.4

[nickm]

commit 42be1c668b9f8ec255afb307054e6388f478e837
Merge: 1fce9d129 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.3' into maint-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.3.4' into maint-0.3.5

[nickm]

commit ae4c94bb6468078ba16de481991e781e1b486340
Merge: 896d0ebb9 42be1c668
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.4' into maint-0.3.5

 changes/bug28413| 4 
 src/lib/crypt_ops/aes_openssl.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --cc src/lib/crypt_ops/aes_openssl.c
index f2990fc06,0..ac275af33
mode 100644,00..100644
--- a/src/lib/crypt_ops/aes_openssl.c
+++ b/src/lib/crypt_ops/aes_openssl.c
@@@ -1,410 -1,0 +1,410 @@@
 +/* Copyright (c) 2001, Matej Pfajfar.
 + * Copyright (c) 2001-2004, Roger Dingledine.
 + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 + * Copyright (c) 2007-2018, The Tor Project, Inc. */
 +/* See LICENSE for licensing information */
 +
 +/**
 + * \file aes_openssl.c
 + * \brief Use OpenSSL to implement AES_CTR.
 + **/
 +
 +#include "orconfig.h"
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/crypt_ops/crypto_util.h"
 +#include "lib/log/util_bug.h"
 +#include "lib/arch/bytes.h"
 +
 +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/
 +  #include 
 +  #include 
 +#endif
 +
 +#include "lib/crypt_ops/compat_openssl.h"
 +#include 
 +#include "lib/crypt_ops/crypto_openssl_mgt.h"
 +
 +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
 +#error "We require OpenSSL >= 1.0.0"
 +#endif
 +
 +DISABLE_GCC_WARNING(redundant-decls)
 +
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +#include 
 +
 +ENABLE_GCC_WARNING(redundant-decls)
 +
 +#include "lib/crypt_ops/aes.h"
 +#include "lib/log/log.h"
 +#include "lib/ctime/di_ops.h"
 +
 +#ifdef ANDROID
 +/* Android's OpenSSL seems to have removed all of its Engine support. */
 +#define DISABLE_ENGINES
 +#endif
 +
 +/* We have five strategies for implementing AES counter mode.
 + *
 + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate().
 + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation
 + * can use bit-sliced or vectorized AES or AESNI as appropriate.
 + *
 + * Otherwise: Pick the best possible AES block implementation that OpenSSL
 + * gives us, and the best possible counter-mode implementation, and combine
 + * them.
 + */
 +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
 +
 +/* With newer OpenSSL versions, the older fallback modes don't compile.  So
 + * don't use them, even if we lack specific acceleration. */
 +
 +#define USE_EVP_AES_CTR
 +
 +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
 +  (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
 +   defined(__x86_64) || defined(__x86_64__) ||  \
 +   defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
 +
 +#define USE_EVP_AES_CTR
 +
 +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */
 +
 +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
 + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
 + *
 + * If there's any hardware acceleration in play, we want to be using EVP_* so
 + * we can get it.  Otherwise, we'll want AES_*, which seems to be about 5%
 + * faster than indirecting through the EVP layer.
 + */
 +
 +/* We have 2 strategies for getting a plug-in counter mode: use our own, or
 + * use OpenSSL's.
 + *
 + * Here we have a counter mode that's faster than the one shipping with
 + * OpenSSL pre-1.0 (by about 10%!).  But OpenSSL 1.0.0 added a counter mode
 + * implementation faster than the one here (by about 7%).  So we pick which
 + * one to used based on the Openssl version above.  (OpenSSL 1.0.0a fixed a
 + * critical bug in that counter mode implementation, so we need to test to
 + * make sure that we have a fixed version.)
 + */
 +
 +#ifdef USE_EVP_AES_CTR
 +
 +/* We don't actually define the struct here. */
 +
 +aes_cnt_cipher_t *
 +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 +{
 +  EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-   const EVP_CIPHER *c;
++  const EVP_CIPHER *c = NULL;
 +  switch (key_bits) {
 +case 128: c = EVP_aes_128_ctr(); break;
 +case 192: c = EVP_aes_192_ctr(); break;
 +case 256: c = EVP_aes_256_ctr(); break;
- default: tor_assert(0); // LCOV_EXCL_LINE
++default: tor_assert_unreached(); // LCOV_EXCL_LINE
 +  }
 +  EVP_EncryptInit(cipher, c, key, iv);
 +  return (aes_cnt_cipher_t *) cipher;
 +}
 +void
 +aes_cipher_free_(aes_cnt_cipher_t *cipher_)
 +{
 +  if (!cipher_)
 +return;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +#ifdef OPENSSL_1_1_API
 +  EVP_CIPHER_CTX_reset(cipher);
 +#else
 +  EVP_CIPHER_CTX_cleanup(cipher);
 +#endif
 +  EVP_CIPHER_CTX_free(cipher);
 +}
 +void
 +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len)
 +{
 +  int outl;
 +  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 +
 +  tor_assert(len < INT_MAX);
 +
 +  EVP_EncryptUpdate(cipher, (unsigned char*)data,
 +, (unsigned char*)data, (int)len);
 +}
 

[tor-commits] [tor/maint-0.3.5] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.5] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4

[nickm]

commit 42be1c668b9f8ec255afb307054e6388f478e837
Merge: 1fce9d129 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.3' into maint-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.4] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Merge branch 'maint-0.2.9' into maint-0.3.3

[nickm]

commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58
Merge: 93b6d4137 7f042cbc0
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:17 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.3

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --cc src/common/aes.c
index 5d0841dfa,8ab2d2fc6..4d4a2d773
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co
memcpy(cipher->ctr_buf.buf, iv, 16);
  }
  
 -#endif
 +#endif /* defined(USE_EVP_AES_CTR) */
- 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.3.3' into maint-0.3.4

[nickm]

commit 42be1c668b9f8ec255afb307054e6388f478e837
Merge: 1fce9d129 54d1a2d80
Author: Nick Mathewson 
Date:   Tue Nov 13 08:27:29 2018 -0500

Merge branch 'maint-0.3.3' into maint-0.3.4

 changes/bug28413 | 4 
 src/common/aes.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.4] Merge branch 'bug28413_029' into maint-0.2.9

[nickm]

commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983
Merge: 46796623f 1a11702a9
Author: Nick Mathewson 
Date:   Tue Nov 13 08:26:51 2018 -0500

Merge branch 'bug28413_029' into maint-0.2.9

 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Fix a compiler warning in aes.c.

[nickm]

commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef
Author: Nick Mathewson 
Date:   Mon Nov 12 15:39:28 2018 -0500

Fix a compiler warning in aes.c.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
---
 changes/bug28413 | 4 
 src/common/aes.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/changes/bug28413 b/changes/bug28413
new file mode 100644
index 0..4c88bea7e
--- /dev/null
+++ b/changes/bug28413
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- Initialize a variable in aes_new_cipher(), since some compilers
+  cannot tell that we always initialize it before use. Fixes bug 28413;
+  bugfix on 0.2.9.3-alpha.
diff --git a/src/common/aes.c b/src/common/aes.c
index 35c2d1e3a..8ab2d2fc6 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -99,12 +99,12 @@ aes_cnt_cipher_t *
 aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
 {
   EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
-  const EVP_CIPHER *c;
+  const EVP_CIPHER *c = NULL;
   switch (key_bits) {
 case 128: c = EVP_aes_128_ctr(); break;
 case 192: c = EVP_aes_192_ctr(); break;
 case 256: c = EVP_aes_256_ctr(); break;
-default: tor_assert(0); // LCOV_EXCL_LINE
+default: tor_assert_unreached(); // LCOV_EXCL_LINE
   }
   EVP_EncryptInit(cipher, c, key, iv);
   return (aes_cnt_cipher_t *) cipher;
@@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
 }
 
 #endif
-



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits