[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 33c4c785cde30d0b50717089346f9fc4fc9e708a Author: Translation commit bot Date: Wed Nov 14 05:17:41 2018 + Update translations for tor-browser-manual --- mk/mk.po | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index 806b39ada..4895f8891 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -1640,16 +1640,21 @@ msgid "" "Provider or other authority is actively blocking connections to the Tor " "network." msgstr "" +"Pluggable Transports Ñе алаÑки кои Tor може да ги коÑиÑÑи за да го маÑкиÑа " +"ÑообÑаÑаÑÐ¾Ñ ÑÑо го иÑпÑаÑа. Ðва може да биде коÑиÑно во ÑиÑÑаÑии кога " +"ÐнÑеÑÐ½ÐµÑ Ð¡ÐµÑÐ²Ð¸Ñ ÐÑоваÑдеÑÐ¾Ñ Ð¸Ð»Ð¸ дÑÑг авÑоÑиÑÐµÑ Ð°ÐºÑвино ги блокиÑа " +"повÑзÑваÑаÑа на Tor мÑежаÑа." #: transports.page:21 msgid "" "Currently there are six pluggable transports available, but more are being " "developed." msgstr "" +"ÐоменÑално има доÑÑапни ÑеÑÑ pluggable transports, но Ñе ÑÐ°Ð·Ð²Ð¸Ð²Ð°Ð°Ñ Ð¸ повеÑе." #: transports.page:28 msgid "obfs3" -msgstr "" +msgstr "obfs3" #: transports.page:33 msgid "" @@ -1657,10 +1662,14 @@ msgid "" "any other protocol. While still included by default, it is reccomended to " "use obfs4 instead, as it has several security improvements over obfs3." msgstr "" +"obfs3 го пÑави Tor ÑообÑаÑаÑÐ¾Ñ Ð´Ð° изгледа по ÑлÑÑаен избоÑ, па Ñака ÑÐ¾Ñ Ð½Ðµ " +"изгледа како Tor или Ð½ÐµÐºÐ¾Ñ Ð´ÑÑг пÑоÑокол. Ðако е ÑеÑÑÑе ÑÑандаÑдно вклÑÑен, " +"намеÑÑо obfs3, Ñе пÑепоÑаÑÑва коÑиÑÑеÑе на obfs4, бидеÑÑи има Ð½ÐµÐºÐ¾Ð»ÐºÑ " +"безбедноÑни подобÑÑваÑа во Ð¾Ð´Ð½Ð¾Ñ Ð½Ð° obfs3." #: transports.page:43 msgid "obfs4" -msgstr "" +msgstr "obfs4" #: transports.page:48 msgid "" @@ -1668,6 +1677,10 @@ msgid "" "from finding bridges by Internet scanning. obfs4 bridges are less likely to " "be blocked than obfs3 bridges." msgstr "" +"obfs4 пÑави Tor ÑообÑаÑаÑÐ¾Ñ Ð´Ð° изгледа дека е по ÑлÑÑаен Ð¸Ð·Ð±Ð¾Ñ ÐºÐ°ÐºÐ¾ и obfs3," +" и иÑÑо Ñака ÑпÑеÑÑва ÑензоÑиÑе да ги наÑÐ´Ð°Ñ Ð¼Ð¾ÑÑовиÑе Ñо ÑкениÑаÑе на " +"ÐнÑеÑенеÑоÑ. obfs4 моÑÑовиÑе е Ð¿Ð¾Ð¼Ð°Ð»ÐºÑ Ð²ÐµÑоÑаÑно да Ð±Ð¸Ð´Ð°Ñ Ð±Ð»Ð¾ÐºÐ¸Ñани оÑÐºÐ¾Ð»ÐºÑ " +"obfs3 моÑÑовиÑе." #: transports.page:57 msgid "Scramblesuit" @@ -1679,7 +1692,7 @@ msgstr "" #: transports.page:70 msgid "FTE" -msgstr "" +msgstr "FTE" #: transports.page:75 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 85a10e81784007b22b0a3156e13001fba10e476d Author: Translation commit bot Date: Wed Nov 14 04:47:30 2018 + Update translations for tor-browser-manual --- mk/mk.po | 51 --- 1 file changed, 44 insertions(+), 7 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index e632d2b99..806b39ada 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -1403,6 +1403,9 @@ msgid "" "Increasing the level of the Security Slider will disable or partially " "disable certain browser features to protect against possible attacks." msgstr "" +"ÐголемÑваÑеÑо на нивоÑо на ÐезбедноÑÐ½Ð¸Ð¾Ñ ÐÐ¸Ð·Ð³Ð°Ñ Ñе ги оневозможи или делÑмно" +" Ñе ги оневозможи одÑедени каÑакÑеÑиÑÑики на пÑелиÑÑÑваÑÐ¾Ñ Ð´Ð° го заÑÑиÑÐ°Ñ Ð¾Ð´" +" можни напади." #: security-slider.page:42 msgid "Safest" @@ -1417,6 +1420,13 @@ msgid "" "disabled by default on all sites; most video and audio formats are disabled;" " and some fonts and icons may not display correctly." msgstr "" +"на ова ниво, HTML5 видео и аÑдио медиÑаÑа ÑÑанÑÐ²Ð°Ð°Ñ ÐºÐ»Ð¸ÐºÐ½Ð¸-за-да-пÑÑÑÐ¸Ñ " +"пÑÐµÐºÑ NoScript; ÑиÑе JavaScript опÑимизаÑии на пеÑÑоÑманÑиÑе Ñе " +"оневозможени; некои маÑемаÑиÑки Ñавенки може да не Ñе вÑиÑÐ°Ð°Ñ Ð¿Ñавилно; " +"некои каÑакÑеÑиÑÑики на ÑÐµÐ½Ð´ÐµÑ ÑонÑови Ñе оневозможени; некои Ñипови на " +"Ñлики Ñе оневозможени; JavaScript е ÑÑандаÑдно оневозможена на ÑиÑе веб " +"ÑÑÑани; повеÑеÑо видео и аÑдио ÑоÑмаÑи Ñе оневозможени; и некои ÑонÑови и " +"икони може да не Ð±Ð¸Ð´Ð°Ñ Ð¿Ñикажани пÑавилно." #: security-slider.page:53 msgid "Safer" @@ -1447,14 +1457,16 @@ msgid "" "At this level, all browser features are enabled. This is the most usable " "option." msgstr "" +"Ðа ова ниво, ÑиÑе каÑакÑеÑиÑÑики на пÑелиÑÑÑваÑÐ¾Ñ Ñе оневозможени. Ðва е " +"наÑкоÑиÑÑенаÑа опÑиÑа." #: translate.page:6 msgid "Becoming a translator for the Tor Project" -msgstr "" +msgstr "СÑанеÑе пÑеведÑÐ²Ð°Ñ Ð·Ð° Tor Project" #: translate.page:10 msgid "Becoming a Tor Translator" -msgstr "" +msgstr "СÑанеÑе Tor пÑеведÑваÑ" #: translate.page:12 msgid "" @@ -1464,20 +1476,29 @@ msgid "" " third-party that faciliates our translations. Below is an outline of how to" " sign up and begin." msgstr "" +"Ðко ÑÑе заинÑеÑеÑиÑани да Ð¼Ñ Ð¿Ð¾Ð¼Ð¾Ð³Ð½ÐµÑе на пÑоекÑÐ¾Ñ Ñо пÑеведÑваÑе на " +"ÑпаÑÑÑвоÑо или на Tor Browser на ваÑÐ¸Ð¾Ñ Ñазик, ваÑаÑа Ð¿Ð¾Ð¼Ð¾Ñ Ñе биде Ð¼Ð½Ð¾Ð³Ñ " +"ÑенеÑа! Ðа да допÑинеÑеÑе Ñе ÑÑеба да Ñе наÑавиÑе на Transifex, 3-Ñа ÑÑÑана " +"коÑа ги олеÑнÑва наÑиÑе пÑеведÑваÑа. ÐÐ¾Ð´Ð¾Ð»Ñ Ð¸Ð¼Ð° пÑелед за Ñоа како да Ñе " +"наÑавиÑе и да запоÑнеÑе." #: translate.page:21 msgid "Signing up on Transifex" -msgstr "" +msgstr "ÐаÑавÑваÑе на Transifex" #: translate.page:24 msgid "" "Head over to the https://transifex.com/signup/\;>Transifex " "signup page." msgstr "" +"ÐдеÑе на https://transifex.com/signup/\;>Transifex ÑÑÑанаÑа за " +"наÑава." #: translate.page:30 msgid "Enter your information into the fields and click the 'Sign Up' button:" msgstr "" +"ÐнеÑеÑе ги ваÑиÑе инÑоÑмаÑии во полиÑаÑа и кликнеÑе Ð½Ñ ÐºÐ¾Ð¿ÑеÑо \"ÐаÑави " +"Ñе\":" #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -1497,6 +1518,8 @@ msgid "" "Fill out the next page with your name and select \"Localization\" and " "\"Translator\" from the drop-down menus:" msgstr "" +"ÐоплнеÑе Ñа ÑледнаÑа ÑÑÑана Ñо ваÑеÑо име и избеÑеÑе \"ÐокализаÑиÑа\" и " +"\"ÐÑеведÑваÑ\" од паÑаÑкиÑе мениÑа:" #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -1514,12 +1537,16 @@ msgstr "" #: translate.page:47 msgid "On the next page, select 'Join an existing project' and continue." msgstr "" +"Ðа ÑледнаÑа ÑÑÑана, избеÑеÑе \"ÐÑидÑÑжи Ñе на поÑÑоеÑки пÑекÑ\" и " +"пÑодолжеÑе." #: translate.page:52 msgid "" "On the next page, select the
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit fb2060e87003424a76389bc8a7bc73d7e7cffb89 Author: Translation commit bot Date: Wed Nov 14 04:17:25 2018 + Update translations for tor-browser-manual --- mk/mk.po | 65 ++-- 1 file changed, 55 insertions(+), 10 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index 7cf1cdbc3..e632d2b99 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -1161,6 +1161,10 @@ msgid "" "JavaScript (and other scripts) that runs on individual web pages, or block " "it entirely." msgstr "" +"Tor Browser вклÑÑÑва и додаÑок наÑеÑен NoScript, доÑÑапен пÑÐµÐºÑ \"S\" " +"иконаÑа гоÑе-лево на пÑозоÑеÑоÑ. NoScript ви овозможÑва да Ñа конÑÑолиÑаÑе " +"JavaScript (и дÑÑгиÑе ÑкÑипÑи) кои ÑÑо Ñе ÑÑаÑÑÑÐ²Ð°Ð°Ñ Ð½Ð° индивидÑални веб " +"ÑÑÑани, или да ги блоклиÑа заÑекогаÑ." #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -1184,16 +1188,27 @@ msgid "" " many websites from displaying correctly, so Tor Browserâs default setting " "is to allow all websites to run scripts in \"Standard\" mode." msgstr "" +"ÐоÑÑиниÑиÑе кои баÑÐ°Ð°Ñ Ð²Ð¸Ñок ÑÑепен на ÑигÑÑноÑÑ Ð·Ð° нивноÑо веб пÑебаÑÑваÑе " +"ÑÑеба да го поÑÑÐ°Ð²Ð°Ñ Tor Browser ÐезбедноÑÐ½Ð¸Ð¾Ñ ÐизгаÑна \"Ðобезбедно\" (ÐºÐ¾Ñ ÑÑо Ñа " +"оневозможÑва JavaScript за не-HTTPS веб ÑÑÑаниÑе) или на \"ÐаÑбезбедно\" ( " +"ÐºÐ¾Ñ Ð³Ð¾ пÑави ова за ÑиÑе веб ÑÑÑани). Ðако и да е, оневозможÑваÑеÑо на " +"JavaScript Ñе ÑпÑеÑи Ð¼Ð½Ð¾Ð³Ñ Ð¾Ð´ веб ÑÑÑаниÑе да Ñе пÑÐ¸ÐºÐ°Ð¶Ð°Ñ ÑоÑно, па Tor " +"Browser ÑÑандаÑднаÑа поÑÑавка Ñе овозможи ÑиÑе веб ÑÑÑани да ÑÑаÑÑÑÐ²Ð°Ð°Ñ " +"ÑкÑипÑи на мод \"СÑандаÑдно\"." #: plugins.page:59 msgid "Browser Add-ons" -msgstr "" +msgstr "ÐодаÑоÑи на пÑелиÑÑÑваÑоÑ" #: plugins.page:60 msgid "" "Tor Browser is based on Firefox, and any browser add-ons or themes that are " "compatible with Firefox can also be installed in Tor Browser." msgstr "" +"Tor Browser е базиÑан на Firefox, и било ÐºÐ¾Ñ Ð´Ð¾Ð´Ð°ÑоÑи за пÑелиÑÑÑÐ²Ð°Ñ Ð¸Ð»Ð¸ " +"Ñеми кои Ñе компаÑибилни Ñо Firefox Ð¼Ð¾Ð¶Ð°Ñ Ð´Ð° Ð±Ð¸Ð´Ð°Ñ Ð¸Ð½ÑÑалиÑани и на Tor " +"Browser. " #: plugins.page:65 msgid "" @@ -1203,10 +1218,18 @@ msgid "" " privacy and security. It is strongly discouraged to install additional add-" "ons, and the Tor Project will not offer support for these configurations." msgstr "" +"Ðако и да е, единÑÑвениÑе додаÑоÑи кои ÑÑо Ñе ÑеÑÑиÑани за ÑпоÑÑеба Ñо Tor " +"Browser Ñе оние кои Ñе ÑÑандаÑдно вклÑÑени во него. ÐнÑÑалиÑаÑеÑо на било " +"кои дÑÑги додаÑоÑи за пÑелиÑÑÑÐ²Ð°Ñ Ð¼Ð¾Ð¶Ð°Ñ Ð´Ð° Ñа пÑÐµÐºÐ¸Ð½Ð°Ñ ÑÑнкÑионалноÑÑа на " +"Tor Browser или да пÑÐµÐ´Ð¸Ð·Ð²Ð¸ÐºÐ°Ð°Ñ ÑеÑиозни пÑоблеми кои Ñе Ñе одÑÐ°Ð·Ð°Ñ Ð½Ð° " +"ваÑаÑа пÑиваÑноÑÑ Ð¸ безбедноÑÑ. СÑÑого го обеÑÑ ÑабÑÑваме инÑÑалиÑаÑеÑо на " +"дополниÑелни додаÑоÑи и Tor Project не нÑди поддÑÑка за овие конÑигÑÑаÑии." #: secure-connections.page:8 msgid "Learn how to protect your data using Tor Browser and HTTPS" msgstr "" +"ÐаÑÑеÑе како да го заÑÑиÑиÑе ваÑиÑе подаÑоÑи Ñо коÑиÑÑеÑе на Tor Browser и " +"HTTPS" #: secure-connections.page:12 msgid "Secure Connections" @@ -1246,64 +1269,78 @@ msgid "" "The following visualization shows what information is visible to " "eavesdroppers with and without Tor Browser and HTTPS encryption:" msgstr "" +"СледнаÑа визÑелеизаÑиÑа покажÑва кои инÑоÑмаÑии Ñе видливи за пÑиÑлÑÑÑваÑиÑе" +" Ñо и без Tor Browser и HTTPS енекÑипÑиÑа:" #: secure-connections.page:35 msgid "" "Click the âTorâ button to see what data is visible to observers when you're " "using Tor. The button will turn green to indicate that Tor is on." msgstr "" +"ÐликнеÑе на \"Tor\" копÑеÑо за да видиÑе кои подаÑоÑи Ñе видливи за " +"набÑÑдÑваÑиÑе кога коÑиÑÑиÑе Tor. ÐопÑеÑо Ñе ÑÑане зелено за да ознаÑи дека " +"Tor е вклÑÑен." #:
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 1a7d99bfb2e551f441b8f91f96a9ab41f8e47aef Author: Translation commit bot Date: Wed Nov 14 03:47:33 2018 + Update translations for tor-browser-manual --- mk/mk.po | 46 +++--- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index bdf6020db..7cf1cdbc3 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -983,7 +983,7 @@ msgstr "" #: onionsites.page:6 msgid "Services that are only accessible using Tor" -msgstr "УÑлÑги кои не Ñе доÑÑапни ако коÑиÑÑиÑе Tor" +msgstr "УÑлÑги кои Ñе доÑÑапни Ñамо ако коÑиÑÑиÑе Tor" #: onionsites.page:10 msgid "Onion Services" @@ -994,18 +994,25 @@ msgid "" "Onion services (formerly known as âhidden servicesâ) are services (like " "websites) that are only accessible through the Tor network." msgstr "" +"Onion ÑÑлÑги (поÑано познаÑи како \"ÑкÑиени ÑÑлÑги\") Ñе ÑÑлÑги (како веб " +"ÑÑÑани) кои Ñе доÑÑапни Ñамо пÑÐµÐºÑ Tor мÑежаÑа." #: onionsites.page:16 msgid "" "Onion services offer several advantages over ordinary services on the non-" "private web:" msgstr "" +"Onion ÑÑлÑгиÑе нÑÐ´Ð°Ñ Ð½ÐµÐºÐ¾Ð»ÐºÑ Ð¿ÑедноÑÑи во Ð¾Ð´Ð½Ð¾Ñ Ð½Ð° вообиÑаениÑе ÑÑлÑги на " +"не-пÑиваÑÐ½Ð¸Ð¾Ñ Ð²ÐµÐ±:" #: onionsites.page:23 msgid "" "An onion servicesâs location and IP address are hidden, making it difficult " "for adversaries to censor it or identify its operators." msgstr "" +"ÐокаÑиÑаÑа на onion ÑÑлÑгиÑе и IP адÑеÑиÑе Ñе ÑкÑиени, ÑÑо им пÑави " +"поÑеÑкоÑии на пÑоÑивниÑиÑе да ги ÑензÑÑиÑÐ°Ð°Ñ Ð¸Ð»Ð¸ да ги иденÑиÑикÑÐ²Ð°Ð°Ñ " +"нивниÑе опеÑаÑоÑи." #: onionsites.page:29 msgid "" @@ -1031,7 +1038,7 @@ msgstr "" #: onionsites.page:46 msgid "How to access an onion service" -msgstr "" +msgstr "Ðако да и пÑиÑÑапиÑе на onion ÑÑлÑгаÑа" #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -1052,10 +1059,14 @@ msgid "" "service in order to connect to it. An onion address is a string of 16 (and " "in V3 format, 56) mostly random letters and numbers, followed by â.onionâ." msgstr "" +"Ðако и на ÑекоÑа дÑÑга веб ÑÑÑана, ÑÑеба да Ñа знаеÑе аÑÑеÑаÑа на onion " +"ÑÑлÑгаÑа за да Ñе повÑзеÑе Ñо неа. Onion адÑеÑаÑа е линиÑа од 16 (и во V3 " +"ÑоÑмаÑ, 56) наÑÑеÑÑо бÑкви или бÑоеви по ÑлÑÑен избоÑ, пÑоÑледени од " +"\".onion\"." #: onionsites.page:58 troubleshooting.page:10 msgid "Troubleshooting" -msgstr "" +msgstr "РеÑаваÑе пÑоблеми" #: onionsites.page:59 msgid "" @@ -1063,6 +1074,9 @@ msgid "" "entered the onion address correctly: even a small mistake will stop Tor " "Browser from being able to reach the site." msgstr "" +"Ðко не можеÑе да доÑдеÑе до onion ÑÑлÑгаÑа ÑÑо Ñа баÑаÑе, бидеÑе ÑигÑÑни " +"дека ÑÑе Ñа внеле onion адÑеÑаÑа ÑоÑно: дÑÑи и мала гÑеÑка Ñе го ÑпÑеÑи Tor " +"Browser да биде во можноÑÑ Ð´Ð° доÑде до веб ÑÑÑанаÑа." #: onionsites.page:64 msgid "" @@ -1080,18 +1094,21 @@ msgid "" "connecting to http://3g2upl4pq6kufc4m.onion/\;>DuckDuckGo's " "Onion Service" msgstr "" +"ÐÑÑо Ñака оÑигÑÑаÑÑе Ñе дека ÑÑе во можноÑÑ Ð´Ð° да и пÑиÑÑапиÑе на onion " +"ÑÑлÑгаÑа Ñо повÑзÑваÑе на http://3g2upl4pq6kufc4m.onion/\;>DuckDuckGo's Onion Service" #: plugins.page:6 msgid "How Tor Browser handles add-ons, plugins and JavaScript" -msgstr "" +msgstr "Ðако Tor Browser Ñе ÑпÑавÑва Ñо додаÑоÑи, пÑиклÑÑоÑи и JavaScript" #: plugins.page:10 msgid "Plugins, add-ons and JavaScript" -msgstr "" +msgstr "ÐÑиклÑÑоÑи, додаÑоÑи и JavaScript" #: plugins.page:13 msgid "Flash Player" -msgstr "" +msgstr "Flash Player" #: plugins.page:14 msgid "" @@ -1102,6 +1119,13 @@ msgid "" "operators, or to an outside observer. For this reason, Flash is disabled by " "default in Tor Browser, and enabling it is not recommended." msgstr "" +"Ðидео веб ÑÑÑаниÑе, како ÑÑо е Vimeo Ð¸Ð¼Ð°Ð°Ñ Ð¿Ð¾ÑÑеба од Flash Player пÑиклÑÑок" +" за да пÑÐ¸ÐºÐ°Ð¶Ð°Ñ Ð²Ð¸Ð´ÐµÐ¾ ÑодÑжина. Ðа жал, Ð¾Ð²Ð¾Ñ ÑоÑÑÐ²ÐµÑ ÑабоÑи незавиÑно од Tor" +" Browser и не може леÑно да Ñе пÑинÑди да ги поÑиÑÑва
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 51a370e791a736629ffc9095f9f1cd5023848c14 Author: Translation commit bot Date: Wed Nov 14 03:17:42 2018 + Update translations for tor-browser-manual --- mk/mk.po | 67 1 file changed, 50 insertions(+), 17 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index c6874c8e4..bdf6020db 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -348,8 +348,8 @@ msgid "" " should try the different transports: obfs3, obfs4, ScrambleSuit, fte, meek-" "azure and Snowflake." msgstr "" -"Ðко Ñе обидÑваÑе да Ñа заобиколиÑе блокиÑанаÑа конекÑиÑа за пÑвпаÑ, ÑÑеба да" -" Ñе обидеÑе Ñо поинкави ÑÑанÑпоÑÑи: obfs3, obfs4, ScrambleSuit, fte, meek-" +"Ðко Ñе обидÑваÑе да го заобиколиÑе блокиÑаноÑо повÑзÑваÑе за пÑвпаÑ, ÑÑеба " +"да Ñе обидеÑе Ñо поинкави ÑÑанÑпоÑÑи: obfs3, obfs4, ScrambleSuit, fte, meek-" "azure и Snowflake." #: circumvention.page:72 @@ -807,7 +807,8 @@ msgstr "" "ÑÑÑанаÑа во URL ленÑаÑа. ÐÑÑи и кога ÑÑе повÑзани на две ÑазлиÑни веб ÑÑÑани" " кои ÑÑо коÑиÑÑÐ°Ñ Ð¸ÑÑа ÑÑлÑга за ÑледеÑе од 3-Ñа ÑÑÑана, Tor Browser Ñе " "пÑиÑили ÑодÑжинаÑа да биде поÑлÑжена пÑÐµÐºÑ Ð´Ð²Ð° ÑазлиÑни Tor кÑÑга, па Ñака " -"ÑледаÑÐ¾Ñ Ð½ÐµÐ¼Ð° да знае дека двеÑе конекÑии поÑекнÑÐ²Ð°Ð°Ñ Ð¾Ð´ ваÑÐ¸Ð¾Ñ Ð¿ÑелиÑÑÑваÑ." +"ÑледаÑÐ¾Ñ Ð½ÐµÐ¼Ð° да знае дека двеÑе повÑзÑваÑа поÑекнÑÐ²Ð°Ð°Ñ Ð¾Ð´ ваÑÐ¸Ð¾Ñ " +"пÑелиÑÑÑваÑ." #: managing-identities.page:38 msgid "" @@ -816,9 +817,10 @@ msgid "" "single website in separate tabs or windows, without any loss of " "functionality." msgstr "" -"Ðд дÑÑга ÑÑÑана, ÑиÑе конекÑии на една веб ÑÑÑана Ñе Ð±Ð¸Ð´Ð°Ñ Ð¿ÑÐµÐºÑ Ð¸ÑÑÐ¸Ð¾Ñ Tor " -"кÑÑг, ÑÑо знаÑи дека Ñе можеÑе да пÑелиÑÑÑваÑе ÑазлиÑни ÑÑÑани не едена веб " -"ÑÑÑана во одделни Ñабои или пÑозоÑÑи, без да изгÑбиÑе од ÑÑнкÑионалноÑÑа." +"Ðд дÑÑга ÑÑÑана, ÑиÑе повÑзÑваÑа на една веб ÑÑÑана Ñе Ð±Ð¸Ð´Ð°Ñ Ð¿ÑÐµÐºÑ Ð¸ÑÑÐ¸Ð¾Ñ " +"Tor кÑÑг, ÑÑо знаÑи дека Ñе можеÑе да пÑелиÑÑÑваÑе ÑазлиÑни ÑÑÑани не едена " +"веб ÑÑÑана во одделни Ñабои или пÑозоÑÑи, без да изгÑбиÑе од " +"ÑÑнкÑионалноÑÑа." #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -887,9 +889,9 @@ msgid "" "See the Secure Connections page for" " important information on how to secure your connection when logging in." msgstr "" -"ÐидеÑе Ñа Ðезбедни ÐонекÑииÑÑÑанаÑа" -" за важни инÑоÑмаÑии за Ñоа како да Ñа обезбедиÑе ваÑаÑа конекÑиÑа кога Ñе " -"логиÑаÑе." +"ÐидеÑе Ñа Ðезбедни " +"ÐовÑзÑваÑаÑÑÑанаÑа за важни инÑоÑмаÑии за Ñоа како да Ñа обезбедиÑе " +"ваÑаÑа конекÑиÑа кога Ñе логиÑаÑе." #: managing-identities.page:87 msgid "" @@ -900,7 +902,7 @@ msgid "" "following the siteâs recommended procedure for account recovery, or " "contacting the operators and explaining the situation." msgstr "" -"Tor Browser ÑеÑÑо пÑави ваÑаÑа конекÑиÑа како да доаÑа од ÑоÑема дÑÑга " +"Tor Browser ÑеÑÑо пÑави ваÑеÑо повÑзÑваÑе како да доаÑа од ÑоÑема дÑÑга " "ÑÑÑана на ÑвеÑоÑ. Ðекои веб ÑÑÑани, како ÑÑо Ñе пÑоваÑдеÑиÑе на банкиÑе и " "е-поÑÑаÑа, Ð¼Ð¾Ð¶Ð°Ñ Ð´Ð° го инÑеÑпÑеÑиÑÐ°Ð°Ñ Ð¾Ð²Ð° како знак дека ваÑаÑа ÑмеÑка е " "Ñ Ð°ÐºÐ¸Ñана и компÑомиÑиÑана, и да Ñа заклÑÑаÑ. ÐдинÑÑÐ²ÐµÐ½Ð¸Ð¾Ñ Ð½Ð°Ñин да го ÑеÑиÑе" @@ -948,11 +950,11 @@ msgid "" msgstr "" "Ðваа опÑиÑа е коÑиÑна ако ÑакаÑе да ÑпÑеÑиÑе ваÑаÑа поÑледоваÑелна " "пÑелиÑÑÑваÑка акÑивноÑÑ Ð´Ð° биде повÑзÑвана Ñо она ÑÑо ÑÑе го пÑавеле " -"пÑеÑÑ Ð¾Ð´Ð½Ð¾. ÐдбиÑаÑÑи Ñа опÑиÑаÑа Ñе ги заÑвоÑи ÑиÑе ваÑи оÑвоÑени Ñабои и " -"пÑозоÑÑим Ñе ги
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 68cd567daa591b6f7aa7519680535f389871a57b Author: Translation commit bot Date: Wed Nov 14 02:47:32 2018 + Update translations for tor-browser-manual --- mk/mk.po | 43 ++- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/mk/mk.po b/mk/mk.po index 56f6475bf..c6874c8e4 100644 --- a/mk/mk.po +++ b/mk/mk.po @@ -806,7 +806,7 @@ msgstr "" "Tor Browser го ÑенÑÑиÑа ваÑеÑо веб иÑкÑÑÑво Ð¾ÐºÐ¾Ð»Ñ Ð²Ð°ÑаÑа вÑÑка Ñо веб " "ÑÑÑанаÑа во URL ленÑаÑа. ÐÑÑи и кога ÑÑе повÑзани на две ÑазлиÑни веб ÑÑÑани" " кои ÑÑо коÑиÑÑÐ°Ñ Ð¸ÑÑа ÑÑлÑга за ÑледеÑе од 3-Ñа ÑÑÑана, Tor Browser Ñе " -"пÑиÑили ÑодÑжинаÑа да биде поÑлÑжена пÑÐµÐºÑ Ð´Ð²Ðµ ÑазлиÑни Tor кола, па Ñака " +"пÑиÑили ÑодÑжинаÑа да биде поÑлÑжена пÑÐµÐºÑ Ð´Ð²Ð° ÑазлиÑни Tor кÑÑга, па Ñака " "ÑледаÑÐ¾Ñ Ð½ÐµÐ¼Ð° да знае дека двеÑе конекÑии поÑекнÑÐ²Ð°Ð°Ñ Ð¾Ð´ ваÑÐ¸Ð¾Ñ Ð¿ÑелиÑÑÑваÑ." #: managing-identities.page:38 @@ -816,8 +816,8 @@ msgid "" "single website in separate tabs or windows, without any loss of " "functionality." msgstr "" -"Ðд дÑÑга ÑÑÑана, ÑиÑе конекÑии на една веб ÑÑÑана Ñе Ð±Ð¸Ð´Ð°Ñ Ð¿ÑÐµÐºÑ Ð¸ÑÑоÑо Tor " -"коло, ÑÑо знаÑи дека Ñе можеÑе да пÑелиÑÑÑваÑе ÑазлиÑни ÑÑÑани не едена веб " +"Ðд дÑÑга ÑÑÑана, ÑиÑе конекÑии на една веб ÑÑÑана Ñе Ð±Ð¸Ð´Ð°Ñ Ð¿ÑÐµÐºÑ Ð¸ÑÑÐ¸Ð¾Ñ Tor " +"кÑÑг, ÑÑо знаÑи дека Ñе можеÑе да пÑелиÑÑÑваÑе ÑазлиÑни ÑÑÑани не едена веб " "ÑÑÑана во одделни Ñабои или пÑозоÑÑи, без да изгÑбиÑе од ÑÑнкÑионалноÑÑа." #. This is a reference to an external file such as an image or video. When @@ -838,7 +838,7 @@ msgid "" "You can see a diagram of the circuit that Tor Browser is using for the " "current tab in the onion menu." msgstr "" -"ÐожеÑе да видиÑе диÑагÑам на колоÑо ÑÑо Tor Browser го коÑиÑÑи за " +"ÐожеÑе да видиÑе диÑагÑам на кÑÑÐ³Ð¾Ñ ÑÑо Tor Browser го коÑиÑÑи за " "моменÑÐ°Ð»Ð½Ð¸Ð¾Ñ Ñаб во onion мениÑо." #: managing-identities.page:55 @@ -851,6 +851,10 @@ msgid "" "there may be situations in which it makes sense to use Tor with websites " "that require usernames, passwords, or other identifying information." msgstr "" +"Ðако Tor Browser е дизаÑниÑан за да Ð¼Ñ Ð¾Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð¸ на коÑиÑÐ½Ð¸ÐºÐ¾Ñ ÑелоÑна " +"анонимноÑÑ Ð½Ð° веб, може да има ÑиÑÑаÑии во кои има ÑмилÑа да коÑиÑÑиÑе Tor " +"за веб ÑÑÑаниÑе кои баÑÐ°Ð°Ñ ÐºÐ¾ÑиÑниÑки имиÑа, лозинки, или дÑÑги инÑоÑмаÑии " +"за иденÑиÑикÑваÑе. " #: managing-identities.page:62 msgid "" @@ -861,18 +865,31 @@ msgid "" "you reveal to the websites you browse. Logging in using Tor Browser is also " "useful if the website you are trying to reach is censored on your network." msgstr "" +"Ðко Ñе логиÑаÑе на веб ÑÑÑана коÑиÑÑеÑÑи го вообиÑÐµÐ°Ð½Ð¸Ð¾Ñ Ð¿ÑелиÑÑÑваÑ, вие " +"иÑÑо Ñака Ñа оÑкÑиваÑе ваÑаÑа IP адÑеÑа и ваÑаÑа геогÑаÑÑка локаÑиÑа во " +"пÑоÑеÑоÑ. ÐÑÑоÑо ÑеÑÑо е вака и кога иÑпÑаÑаÑе е-поÑÑа. ÐогиÑаÑÑи Ñе на " +"ваÑаÑа ÑоÑиÑална мÑежа или на ваÑаÑа е-поÑÑа ÑмеÑка коÑиÑÑеÑÑи Tor Browser " +"ви овозможÑва да избеÑеÑе ÑоÑно коÑа инÑоÑмаÑиÑа да и Ñа оÑкÑиеÑе на веб " +"ÑÑÑанаÑа на коÑа пÑелиÑÑÑваÑе. ÐогиÑаÑеÑо пÑи коÑиÑÑеÑе на Tor Browser е " +"иÑÑо Ñака коÑиÑно ако веб ÑÑÑанаÑа коÑа Ñе обидÑваÑе да Ñа оÑвоÑиÑе е " +"ÑензÑÑиÑана на ваÑаÑа мÑежа." #: managing-identities.page:72 msgid "" "When you log in to a website over Tor, there are several points you should " "bear in mind:" msgstr "" +"Ðога Ñе логиÑаÑе на веб ÑÑÑана пÑÐµÐºÑ Tor, има Ð½ÐµÐºÐ¾Ð»ÐºÑ Ð¿Ð¾ÐµÐ½Ñи кои ÑÑеба да ви" +" Ð±Ð¸Ð´Ð°Ñ Ð½Ð° памеÑ:" #: managing-identities.page:79 msgid "" "See the Secure Connections page for" " important information on how to secure your connection when logging in." msgstr ""
[tor-commits] [tor/release-0.3.5] seccomp2: Add "shutdown" to the list of permitted system calls.
commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea Author: Nick Mathewson Date: Mon Nov 12 08:23:58 2018 -0500 seccomp2: Add "shutdown" to the list of permitted system calls. We don't use this syscall, but openssl apparently does. (This syscall puts a socket into a half-closed state. Don't worry: It doesn't shut down the system or anything.) Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was introduced. --- changes/bug28183 | 4 src/common/sandbox.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/changes/bug28183 b/changes/bug28183 new file mode 100644 index 0..8d35dcdc0 --- /dev/null +++ b/changes/bug28183 @@ -0,0 +1,4 @@ + o Minor bugfixes (Linux seccomp2 sandbox): +- Permit the "shutdown()" system call, which is apparently + used by OpenSSL under some circumstances. Fixes bug 28183; + bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 0a972d496..3b21322d3 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -205,6 +205,7 @@ static int filter_nopar_gen[] = { #ifdef __NR_setrlimit SCMP_SYS(setrlimit), #endif +SCMP_SYS(shutdown), #ifdef __NR_sigaltstack SCMP_SYS(sigaltstack), #endif @@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void) { } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'bug28183_029' into maint-0.3.5
commit 021187f91503814f13dd73b9ed835c20c57f945d Merge: 6f2151be9 0e5378fee Author: Nick Mathewson Date: Tue Nov 13 16:48:21 2018 -0500 Merge branch 'bug28183_029' into maint-0.3.5 changes/bug28183 | 4 src/lib/sandbox/sandbox.c | 2 ++ 2 files changed, 6 insertions(+) diff --cc src/lib/sandbox/sandbox.c index 48e37ba12,0..6f074bb4e mode 100644,00..100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@@ -1,1806 -1,0 +1,1808 @@@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sandbox.c + * \brief Code to enable sandboxing. + **/ + +#include "orconfig.h" + +#ifndef _LARGEFILE64_SOURCE +/** + * Temporarily required for O_LARGEFILE flag. Needs to be removed + * with the libevent fix. + */ +#define _LARGEFILE64_SOURCE +#endif /* !defined(_LARGEFILE64_SOURCE) */ + +/** Malloc mprotect limit in bytes. + * + * 28/06/2017: This value was increased from 16 MB to 20 MB after we introduced + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but + * liblzma have a small overhead that we need to compensate for to avoid being + * killed by the sandbox. + */ +#define MALLOC_MP_LIM (20*1024*1024) + +#include +#include +#include +#include + +#include "lib/sandbox/sandbox.h" +#include "lib/container/map.h" +#include "lib/err/torerr.h" +#include "lib/log/log.h" +#include "lib/cc/torint.h" +#include "lib/net/resolve.h" +#include "lib/malloc/malloc.h" +#include "lib/string/scanf.h" + +#include "tor_queue.h" +#include "ht.h" +#include "siphash.h" + +#define DEBUGGING_CLOSE + +#if defined(USE_LIBSECCOMP) + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV4_H +#include +#endif +#ifdef HAVE_LINUX_IF_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H +#include +#endif + +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ + defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) +#define USE_BACKTRACE +#define EXPOSE_CLEAN_BACKTRACE +#include "lib/err/backtrace.h" +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */ + +#ifdef USE_BACKTRACE +#include +#endif + +/** + * Linux 32 bit definitions + */ +#if defined(__i386__) + +#define REG_SYSCALL REG_EAX +#define M_SYSCALL gregs[REG_SYSCALL] + +/** + * Linux 64 bit definitions + */ +#elif defined(__x86_64__) + +#define REG_SYSCALL REG_RAX +#define M_SYSCALL gregs[REG_SYSCALL] + +#elif defined(__arm__) + +#define M_SYSCALL arm_r7 + +#elif defined(__aarch64__) && defined(__LP64__) + +#define REG_SYSCALL 8 +#define M_SYSCALL regs[REG_SYSCALL] + +#endif /* defined(__i386__) || ... */ + +/**Determines if at least one sandbox is active.*/ +static int sandbox_active = 0; +/** Holds the parameter list configuration for the sandbox.*/ +static sandbox_cfg_t *filter_dynamic = NULL; + +#undef SCMP_CMP +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0}) +#define SCMP_CMP_STR(a,b,c) \ + ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0}) +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)}) +/* We use a wrapper here because these masked comparisons seem to be pretty + * verbose. Also, it's important to cast to scmp_datum_t before negating the + * mask, since otherwise the negation might get applied to a 32 bit value, and + * the high bits of the value might get masked out improperly. */ +#define SCMP_CMP_MASKED(a,b,c) \ + SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c)) + +/** Variable used for storing all syscall numbers that will be allowed with the + * stage 1 general Tor sandbox. + */ +static int filter_nopar_gen[] = { +SCMP_SYS(access), +SCMP_SYS(brk), +SCMP_SYS(clock_gettime), +SCMP_SYS(close), +SCMP_SYS(clone), +SCMP_SYS(epoll_create), +SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif +#ifdef HAVE_EVENTFD +SCMP_SYS(eventfd2), +#endif +#ifdef HAVE_PIPE2 +SCMP_SYS(pipe2), +#endif +#ifdef HAVE_PIPE +SCMP_SYS(pipe), +#endif +#ifdef __NR_fchmod +SCMP_SYS(fchmod), +#endif +SCMP_SYS(fcntl), +SCMP_SYS(fstat), +#ifdef __NR_fstat64 +SCMP_SYS(fstat64), +#endif +SCMP_SYS(futex), +SCMP_SYS(getdents), +SCMP_SYS(getdents64), +SCMP_SYS(getegid), +#ifdef __NR_getegid32 +SCMP_SYS(getegid32), +#endif +SCMP_SYS(geteuid), +#ifdef __NR_geteuid32 +SCMP_SYS(geteuid32), +#endif +SCMP_SYS(getgid), +#ifdef __NR_getgid32 +
[tor-commits] [tor/master] seccomp2: Add "shutdown" to the list of permitted system calls.
commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea Author: Nick Mathewson Date: Mon Nov 12 08:23:58 2018 -0500 seccomp2: Add "shutdown" to the list of permitted system calls. We don't use this syscall, but openssl apparently does. (This syscall puts a socket into a half-closed state. Don't worry: It doesn't shut down the system or anything.) Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was introduced. --- changes/bug28183 | 4 src/common/sandbox.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/changes/bug28183 b/changes/bug28183 new file mode 100644 index 0..8d35dcdc0 --- /dev/null +++ b/changes/bug28183 @@ -0,0 +1,4 @@ + o Minor bugfixes (Linux seccomp2 sandbox): +- Permit the "shutdown()" system call, which is apparently + used by OpenSSL under some circumstances. Fixes bug 28183; + bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 0a972d496..3b21322d3 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -205,6 +205,7 @@ static int filter_nopar_gen[] = { #ifdef __NR_setrlimit SCMP_SYS(setrlimit), #endif +SCMP_SYS(shutdown), #ifdef __NR_sigaltstack SCMP_SYS(sigaltstack), #endif @@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void) { } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5
commit c45e2f805f7d9cf1ab5b9e1c4a2e75654b62ff9d Merge: a5f3a67a8 021187f91 Author: Nick Mathewson Date: Tue Nov 13 16:48:26 2018 -0500 Merge branch 'maint-0.3.5' into release-0.3.5 changes/bug28183 | 4 src/lib/sandbox/sandbox.c | 2 ++ 2 files changed, 6 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.5'
commit a6a7a1f3edd93bb3d9b328e6124e0912cdc94c7b Merge: 342f2b187 021187f91 Author: Nick Mathewson Date: Tue Nov 13 16:48:26 2018 -0500 Merge branch 'maint-0.3.5' changes/bug28183 | 4 src/lib/sandbox/sandbox.c | 2 ++ 2 files changed, 6 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug28183_029' into maint-0.3.5
commit 021187f91503814f13dd73b9ed835c20c57f945d Merge: 6f2151be9 0e5378fee Author: Nick Mathewson Date: Tue Nov 13 16:48:21 2018 -0500 Merge branch 'bug28183_029' into maint-0.3.5 changes/bug28183 | 4 src/lib/sandbox/sandbox.c | 2 ++ 2 files changed, 6 insertions(+) diff --cc src/lib/sandbox/sandbox.c index 48e37ba12,0..6f074bb4e mode 100644,00..100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@@ -1,1806 -1,0 +1,1808 @@@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sandbox.c + * \brief Code to enable sandboxing. + **/ + +#include "orconfig.h" + +#ifndef _LARGEFILE64_SOURCE +/** + * Temporarily required for O_LARGEFILE flag. Needs to be removed + * with the libevent fix. + */ +#define _LARGEFILE64_SOURCE +#endif /* !defined(_LARGEFILE64_SOURCE) */ + +/** Malloc mprotect limit in bytes. + * + * 28/06/2017: This value was increased from 16 MB to 20 MB after we introduced + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but + * liblzma have a small overhead that we need to compensate for to avoid being + * killed by the sandbox. + */ +#define MALLOC_MP_LIM (20*1024*1024) + +#include +#include +#include +#include + +#include "lib/sandbox/sandbox.h" +#include "lib/container/map.h" +#include "lib/err/torerr.h" +#include "lib/log/log.h" +#include "lib/cc/torint.h" +#include "lib/net/resolve.h" +#include "lib/malloc/malloc.h" +#include "lib/string/scanf.h" + +#include "tor_queue.h" +#include "ht.h" +#include "siphash.h" + +#define DEBUGGING_CLOSE + +#if defined(USE_LIBSECCOMP) + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV4_H +#include +#endif +#ifdef HAVE_LINUX_IF_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H +#include +#endif + +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ + defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) +#define USE_BACKTRACE +#define EXPOSE_CLEAN_BACKTRACE +#include "lib/err/backtrace.h" +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */ + +#ifdef USE_BACKTRACE +#include +#endif + +/** + * Linux 32 bit definitions + */ +#if defined(__i386__) + +#define REG_SYSCALL REG_EAX +#define M_SYSCALL gregs[REG_SYSCALL] + +/** + * Linux 64 bit definitions + */ +#elif defined(__x86_64__) + +#define REG_SYSCALL REG_RAX +#define M_SYSCALL gregs[REG_SYSCALL] + +#elif defined(__arm__) + +#define M_SYSCALL arm_r7 + +#elif defined(__aarch64__) && defined(__LP64__) + +#define REG_SYSCALL 8 +#define M_SYSCALL regs[REG_SYSCALL] + +#endif /* defined(__i386__) || ... */ + +/**Determines if at least one sandbox is active.*/ +static int sandbox_active = 0; +/** Holds the parameter list configuration for the sandbox.*/ +static sandbox_cfg_t *filter_dynamic = NULL; + +#undef SCMP_CMP +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0}) +#define SCMP_CMP_STR(a,b,c) \ + ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0}) +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)}) +/* We use a wrapper here because these masked comparisons seem to be pretty + * verbose. Also, it's important to cast to scmp_datum_t before negating the + * mask, since otherwise the negation might get applied to a 32 bit value, and + * the high bits of the value might get masked out improperly. */ +#define SCMP_CMP_MASKED(a,b,c) \ + SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c)) + +/** Variable used for storing all syscall numbers that will be allowed with the + * stage 1 general Tor sandbox. + */ +static int filter_nopar_gen[] = { +SCMP_SYS(access), +SCMP_SYS(brk), +SCMP_SYS(clock_gettime), +SCMP_SYS(close), +SCMP_SYS(clone), +SCMP_SYS(epoll_create), +SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif +#ifdef HAVE_EVENTFD +SCMP_SYS(eventfd2), +#endif +#ifdef HAVE_PIPE2 +SCMP_SYS(pipe2), +#endif +#ifdef HAVE_PIPE +SCMP_SYS(pipe), +#endif +#ifdef __NR_fchmod +SCMP_SYS(fchmod), +#endif +SCMP_SYS(fcntl), +SCMP_SYS(fstat), +#ifdef __NR_fstat64 +SCMP_SYS(fstat64), +#endif +SCMP_SYS(futex), +SCMP_SYS(getdents), +SCMP_SYS(getdents64), +SCMP_SYS(getegid), +#ifdef __NR_getegid32 +SCMP_SYS(getegid32), +#endif +SCMP_SYS(geteuid), +#ifdef __NR_geteuid32 +SCMP_SYS(geteuid32), +#endif +SCMP_SYS(getgid), +#ifdef __NR_getgid32 +
[tor-commits] [tor/maint-0.3.5] seccomp2: Add "shutdown" to the list of permitted system calls.
commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea Author: Nick Mathewson Date: Mon Nov 12 08:23:58 2018 -0500 seccomp2: Add "shutdown" to the list of permitted system calls. We don't use this syscall, but openssl apparently does. (This syscall puts a socket into a half-closed state. Don't worry: It doesn't shut down the system or anything.) Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was introduced. --- changes/bug28183 | 4 src/common/sandbox.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/changes/bug28183 b/changes/bug28183 new file mode 100644 index 0..8d35dcdc0 --- /dev/null +++ b/changes/bug28183 @@ -0,0 +1,4 @@ + o Minor bugfixes (Linux seccomp2 sandbox): +- Permit the "shutdown()" system call, which is apparently + used by OpenSSL under some circumstances. Fixes bug 28183; + bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 0a972d496..3b21322d3 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -205,6 +205,7 @@ static int filter_nopar_gen[] = { #ifdef __NR_setrlimit SCMP_SYS(setrlimit), #endif +SCMP_SYS(shutdown), #ifdef __NR_sigaltstack SCMP_SYS(sigaltstack), #endif @@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void) { } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Merge branch 'bug28183_029' into maint-0.3.5
commit 021187f91503814f13dd73b9ed835c20c57f945d Merge: 6f2151be9 0e5378fee Author: Nick Mathewson Date: Tue Nov 13 16:48:21 2018 -0500 Merge branch 'bug28183_029' into maint-0.3.5 changes/bug28183 | 4 src/lib/sandbox/sandbox.c | 2 ++ 2 files changed, 6 insertions(+) diff --cc src/lib/sandbox/sandbox.c index 48e37ba12,0..6f074bb4e mode 100644,00..100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@@ -1,1806 -1,0 +1,1808 @@@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sandbox.c + * \brief Code to enable sandboxing. + **/ + +#include "orconfig.h" + +#ifndef _LARGEFILE64_SOURCE +/** + * Temporarily required for O_LARGEFILE flag. Needs to be removed + * with the libevent fix. + */ +#define _LARGEFILE64_SOURCE +#endif /* !defined(_LARGEFILE64_SOURCE) */ + +/** Malloc mprotect limit in bytes. + * + * 28/06/2017: This value was increased from 16 MB to 20 MB after we introduced + * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but + * liblzma have a small overhead that we need to compensate for to avoid being + * killed by the sandbox. + */ +#define MALLOC_MP_LIM (20*1024*1024) + +#include +#include +#include +#include + +#include "lib/sandbox/sandbox.h" +#include "lib/container/map.h" +#include "lib/err/torerr.h" +#include "lib/log/log.h" +#include "lib/cc/torint.h" +#include "lib/net/resolve.h" +#include "lib/malloc/malloc.h" +#include "lib/string/scanf.h" + +#include "tor_queue.h" +#include "ht.h" +#include "siphash.h" + +#define DEBUGGING_CLOSE + +#if defined(USE_LIBSECCOMP) + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV4_H +#include +#endif +#ifdef HAVE_LINUX_IF_H +#include +#endif +#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H +#include +#endif + +#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ + defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) +#define USE_BACKTRACE +#define EXPOSE_CLEAN_BACKTRACE +#include "lib/err/backtrace.h" +#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */ + +#ifdef USE_BACKTRACE +#include +#endif + +/** + * Linux 32 bit definitions + */ +#if defined(__i386__) + +#define REG_SYSCALL REG_EAX +#define M_SYSCALL gregs[REG_SYSCALL] + +/** + * Linux 64 bit definitions + */ +#elif defined(__x86_64__) + +#define REG_SYSCALL REG_RAX +#define M_SYSCALL gregs[REG_SYSCALL] + +#elif defined(__arm__) + +#define M_SYSCALL arm_r7 + +#elif defined(__aarch64__) && defined(__LP64__) + +#define REG_SYSCALL 8 +#define M_SYSCALL regs[REG_SYSCALL] + +#endif /* defined(__i386__) || ... */ + +/**Determines if at least one sandbox is active.*/ +static int sandbox_active = 0; +/** Holds the parameter list configuration for the sandbox.*/ +static sandbox_cfg_t *filter_dynamic = NULL; + +#undef SCMP_CMP +#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0}) +#define SCMP_CMP_STR(a,b,c) \ + ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0}) +#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)}) +/* We use a wrapper here because these masked comparisons seem to be pretty + * verbose. Also, it's important to cast to scmp_datum_t before negating the + * mask, since otherwise the negation might get applied to a 32 bit value, and + * the high bits of the value might get masked out improperly. */ +#define SCMP_CMP_MASKED(a,b,c) \ + SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c)) + +/** Variable used for storing all syscall numbers that will be allowed with the + * stage 1 general Tor sandbox. + */ +static int filter_nopar_gen[] = { +SCMP_SYS(access), +SCMP_SYS(brk), +SCMP_SYS(clock_gettime), +SCMP_SYS(close), +SCMP_SYS(clone), +SCMP_SYS(epoll_create), +SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif +#ifdef HAVE_EVENTFD +SCMP_SYS(eventfd2), +#endif +#ifdef HAVE_PIPE2 +SCMP_SYS(pipe2), +#endif +#ifdef HAVE_PIPE +SCMP_SYS(pipe), +#endif +#ifdef __NR_fchmod +SCMP_SYS(fchmod), +#endif +SCMP_SYS(fcntl), +SCMP_SYS(fstat), +#ifdef __NR_fstat64 +SCMP_SYS(fstat64), +#endif +SCMP_SYS(futex), +SCMP_SYS(getdents), +SCMP_SYS(getdents64), +SCMP_SYS(getegid), +#ifdef __NR_getegid32 +SCMP_SYS(getegid32), +#endif +SCMP_SYS(geteuid), +#ifdef __NR_geteuid32 +SCMP_SYS(geteuid32), +#endif +SCMP_SYS(getgid), +#ifdef __NR_getgid32 +
[tor-commits] [translation/tails-onioncircuits] Update translations for tails-onioncircuits
commit 266f0b0f8c87f290e0fe6eb9f98f35ed7b97fcee Author: Translation commit bot Date: Tue Nov 13 20:16:38 2018 + Update translations for tails-onioncircuits --- fr/onioncircuits.pot | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fr/onioncircuits.pot b/fr/onioncircuits.pot index 811179758..350a15652 100644 --- a/fr/onioncircuits.pot +++ b/fr/onioncircuits.pot @@ -11,10 +11,10 @@ # Thomas Chauchefoin , 2016 msgid "" msgstr "" -"Project-Id-Version: The Tor Project\n" +"Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-08-03 13:00+\n" -"PO-Revision-Date: 2018-09-20 21:32+\n" +"PO-Revision-Date: 2018-11-13 20:05+\n" "Last-Translator: AO \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-onioncircuits_completed] Update translations for tails-onioncircuits_completed
commit 87ab3433d2f4466e47119c66dbbb739e76a4cd2c Author: Translation commit bot Date: Tue Nov 13 20:16:44 2018 + Update translations for tails-onioncircuits_completed --- fr/onioncircuits.pot | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fr/onioncircuits.pot b/fr/onioncircuits.pot index 811179758..350a15652 100644 --- a/fr/onioncircuits.pot +++ b/fr/onioncircuits.pot @@ -11,10 +11,10 @@ # Thomas Chauchefoin , 2016 msgid "" msgstr "" -"Project-Id-Version: The Tor Project\n" +"Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-08-03 13:00+\n" -"PO-Revision-Date: 2018-09-20 21:32+\n" +"PO-Revision-Date: 2018-11-13 20:05+\n" "Last-Translator: AO \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 3e072776db8e82fe1f05429e08b3d3fdec19c91c Author: Translation commit bot Date: Tue Nov 13 17:19:11 2018 + Update translations for support-portal --- contents+ka.po | 28 ++-- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/contents+ka.po b/contents+ka.po index 9231cc0cb..e26e99e5e 100644 --- a/contents+ka.po +++ b/contents+ka.po @@ -301,8 +301,8 @@ msgid "" "Many exit nodes are configured to block certain types of file sharing " "traffic, such as BitTorrent." msgstr "" -"áááá¡ááááá á¬áá á¢áááááá¡ á£ááá¢áá¡ááááá, á¤ááááááá¡ ááá¡ááááá ááááá ááá áááá£áá á¡áá®áá¡ " -"áááááªáááá áááááªááá á¨ááá¦á£áá£ááá, á áááá ááªáá BitTorrent." +"áááá¡ááááá ááááá«áááá¡ á£ááá¢áá¡ááááá, á¤ááááááá¡ ááá¡ááááá ááááá ááá áááá£áá á¡áá®áá¡ " +"áááááªáááá áááááªááá á¨ááá¦á£áá£ááá, ááá á¨áá áá¡ BitTorrent." #: http//localhost/censorship/censorship-4/ #: (content/censorship/censorship-4/contents+en.lrquestion.seo_slug) @@ -384,6 +384,8 @@ msgid "" "If you run Tor Browser and another browser at the same time, it won't affect" " Tor's performance or privacy properties." msgstr "" +"áᣠTor-áá áá£ááá áá¡ ááááá§áááááá¡áá¡ á¡á®áá áá áá£ááá á¡á᪠áááááá§ááááá, áá¡ áá áááá¥áááááá¡" +" Tor-áá¡ á¬áá áááááááá áá á£á¡áá¤á áá®áááááá." #: http//localhost/faq/faq-2/ #: (content/faq/faq-2/contents+en.lrquestion.description) @@ -535,6 +537,7 @@ msgid "" "Sorry, but there is currently no official support for running Tor Browser on" " *BSD." msgstr "" +"á¡ááá¬á£á®áá áá áá¤ááªáááá£á áá áá áá áá®áá ááááá ááá Tor-áá áá£ááá áá¡ ááááá§ááááá *BSD-áá." #: http//localhost/https/https-1/ #: (content/https/https-1/contents+en.lrquestion.description) @@ -688,7 +691,7 @@ msgstr "áááá áá¢áá ááá" #: http//localhost/tbb/tbb-17/ #: (content/tbb/tbb-17/contents+en.lrquestion.title) msgid "Is it safe to run Tor Browser and another browser at the same time?" -msgstr "" +msgstr "á£á¡áá¤á áá®áá Tor-áá áá£ááá áá¡á áá á¡á®áá áá áá£ááá áá¡ áá ááá áá£ááá ááááá§ááááá?" #: http//localhost/gettor/gettor-1/ #: (content/gettor/gettor-1/contents+en.lrquestion.description) @@ -799,7 +802,7 @@ msgstr "" #: http//localhost/tbb/tbb-18/ #: (content/tbb/tbb-18/contents+en.lrquestion.title) msgid "Is there support for *BSD?" -msgstr "" +msgstr "áá®áá ááááá áááá *BSD?" #: http//localhost/tbb/tbb-19/ #: (content/tbb/tbb-19/contents+en.lrquestion.title) @@ -1448,6 +1451,8 @@ msgid "" "The rest of your circuit changes with every new website you visit, and all " "together these relays provide the full privacy protections of Tor." msgstr "" +"ááááá á©ááá á¬á ááá ááªááááá áááááá£áá ááááá®á£áááá£áá á¡ááá¢áá¡áááá¡ áá á§áááá áá¡ " +"ááááááªááá á£áá á£ááááá§áá¤á¡ ááá ááá áááááªáááááá¡ á¡á á£áá§áá¤áá áááªááá¡ Tor-á¨á." #: http//localhost/tbb/tbb-2/ #: (content/tbb/tbb-2/contents+en.lrquestion.seo_slug) @@ -1711,6 +1716,8 @@ msgid "" "It is a fast and stable relay that remains the first one in your circuit for" " 2-3 months in order to protect against a known anonymity-breaking attack." msgstr "" +"ááá á¬áá áááááááá¡ á£á¡á¬áá áá¤áá¡ áá áááá áá ááááááªááá¡, á ááááá᪠á á©ááá ááá ááá ááááááá¡ " +"áá¥áááá¡ á¬á ááá¨á 2-3 áááá, áªáááááá á¨áá¢áááááá¡ááá ááááá¡ ááá¡ááªáááá." #: http//localhost/tbb/tbb-42/ #: (content/tbb/tbb-42/contents+en.lrquestion.seo_slug) @@ -2137,7 +2144,7 @@ msgstr "" #: http//localhost/tbb/tbb-2/ #: (content/tbb/tbb-2/contents+en.lrquestion.description) msgid "That is normal Tor behavior." -msgstr "" +msgstr "áá¡ áá£áááá áááá Tor-áá¡áááá¡." #: http//localhost/tbb/tbb-28/ #: (content/tbb/tbb-28/contents+en.lrquestion.description) @@ -3055,6 +3062,11 @@ msgid "" "users.cs.umn.edu/~hoppernj/single_guard.pdf\">paper on entry " "guards." msgstr "" +"áá áªááá, ááªáááá
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit 673f38d7c684ad2d42cd2a3f43200a6322fb471e Author: Translation commit bot Date: Tue Nov 13 17:16:58 2018 + Update translations for tails-persistence-setup_completed --- sv/sv.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sv/sv.po b/sv/sv.po index 34f16216e..92a8dcdc2 100644 --- a/sv/sv.po +++ b/sv/sv.po @@ -18,8 +18,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2018-11-01 12:21+0100\n" -"PO-Revision-Date: 2018-11-07 09:41+\n" -"Last-Translator: Jonatan Nyberg\n" +"PO-Revision-Date: 2018-11-13 17:09+\n" +"Last-Translator: Chessax Nemeth \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 899b4f1b07103a86f67b37c1f1cb69da0505ab88 Author: Translation commit bot Date: Tue Nov 13 17:16:53 2018 + Update translations for tails-persistence-setup --- sv/sv.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sv/sv.po b/sv/sv.po index 34f16216e..92a8dcdc2 100644 --- a/sv/sv.po +++ b/sv/sv.po @@ -18,8 +18,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2018-11-01 12:21+0100\n" -"PO-Revision-Date: 2018-11-07 09:41+\n" -"Last-Translator: Jonatan Nyberg\n" +"PO-Revision-Date: 2018-11-13 17:09+\n" +"Last-Translator: Chessax Nemeth \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed
commit 565ebb828ee92a241d7f9e20684c818e003afbbb Author: Translation commit bot Date: Tue Nov 13 17:15:44 2018 + Update translations for https_everywhere_completed --- sv/https-everywhere.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sv/https-everywhere.dtd b/sv/https-everywhere.dtd index cdaf92f0d..6e78ede44 100644 --- a/sv/https-everywhere.dtd +++ b/sv/https-everywhere.dtd @@ -23,7 +23,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] Update translations for https_everywhere
commit 6c609aef7d51615ce81d66fddc9a93477a93ef55 Author: Translation commit bot Date: Tue Nov 13 17:15:38 2018 + Update translations for https_everywhere --- sv/https-everywhere.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sv/https-everywhere.dtd b/sv/https-everywhere.dtd index cdaf92f0d..6e78ede44 100644 --- a/sv/https-everywhere.dtd +++ b/sv/https-everywhere.dtd @@ -23,7 +23,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit e628b01689401e07ed80b33577e267bbaf60a81b Author: Translation commit bot Date: Tue Nov 13 16:49:34 2018 + Update translations for support-portal --- contents+ka.po | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/contents+ka.po b/contents+ka.po index e88b77d6a..9231cc0cb 100644 --- a/contents+ka.po +++ b/contents+ka.po @@ -627,7 +627,7 @@ msgstr "" #: http//localhost/tbb/tbb-13/ #: (content/tbb/tbb-13/contents+en.lrquestion.description) msgid "They need to be configured separately to use Tor." -msgstr "" +msgstr "áááá ááááá ááá áªááááá á¡áááá á Tor-áá¡ ááááá¡áá§ááááááá." #: http//localhost/tbb/ (content/tbb/contents+en.lrtopic.seo_slug) msgid "tor-browser" @@ -3170,6 +3170,8 @@ msgid "" "have their connections routed over the Tor network, and will not be " "protected." msgstr "" +"á¡áá¡á¢áááá¨á áá á¡ááá£áá á¡á®áá ááááá¡áááá á áá ááá áááá¡ (ááá á¨áá áá¡ á¡á®áá áá áá£ááá áááá¡) " +"áááá¨áá á áá áá§ááááá¡ Tor-á¥á¡ááá¡, á¨áá¡áááááá¡áá áá áá áááªá£áá." #: http//localhost/operators/operators-6/ #: (content/operators/operators-6/contents+en.lrquestion.description) @@ -3494,7 +3496,7 @@ msgstr "" #: http//localhost/tbb/tbb-16/ #: (content/tbb/tbb-16/contents+en.lrquestion.title) msgid "Can I pick which country I'm exiting from?" -msgstr "" +msgstr "á¨áááá«ááá ááá¢áá ááá¢á¨á ááá¡áá¡ááááá á¥ááá§ááá¡ áá á©ááá?" #: http//localhost/misc/misc-12/ #: (content/misc/misc-12/contents+en.lrquestion.seo_slug) @@ -3655,6 +3657,10 @@ msgid "" "operating system which you can start on almost any computer from " "a USB stick or a DVD." msgstr "" +"áᣠáá¡á£á á á§áááá á¡áá®áá¡ ááá¤áá áááªááá¡ áááááªááá á®ááááááá¡ Tor-á¥á¡áááá¡ áááááá, " +"ááááªáááá https://tails.boum.org/\;>Tails-áá¡ ááá ááááá " +"ááá¡áá¨ááá á¡áá¡á¢áááá¡, á ááááá᪠ááááá¡áááá áááááá£á¢áá áá á¨áááá«áááá " +"ááá ááááá ááá£á¨ááá USB-ááá®á¡ááá áááááá áá DVD-ááá¡ááááá." #: http//localhost/tbb/ (content/tbb/contents+en.lrtopic.title) msgid "Tor Browser" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable"
commit ec93385cb235a9aafc7bd3bd83a440b3f35ff6fd Author: Neel Chauhan Date: Tue Nov 13 10:33:51 2018 -0500 Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable" --- src/feature/rend/rendcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature/rend/rendcache.c b/src/feature/rend/rendcache.c index 848386b97..b851e7195 100644 --- a/src/feature/rend/rendcache.c +++ b/src/feature/rend/rendcache.c @@ -45,7 +45,7 @@ STATIC digestmap_t *rend_cache_v2_dir = NULL; * looked up in this cache and if present, it is discarded from the fetched * descriptor. At the end, all IP(s) in the cache, for a specific service * ID, that were NOT present in the descriptor are removed from this cache. - * Which means that if at least one IP was not in this cache, thus usuable, + * Which means that if at least one IP was not in this cache, thus usable, * it's considered a new descriptor so we keep it. Else, if all IPs were in * this cache, we discard the descriptor as it's considered unusable. * ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'tor-github/pr/501'
commit 342f2b187351f8a41fc0337499c05fb3a673610f Merge: 8fb318860 ec93385cb Author: David Goulet Date: Tue Nov 13 10:48:23 2018 -0500 Merge branch 'tor-github/pr/501' src/feature/rend/rendcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-aboutdialogdtd_completed] Update translations for torbutton-aboutdialogdtd_completed
commit ffca6904eac62413899385ac3d7bdd092b09a18a Author: Translation commit bot Date: Tue Nov 13 15:48:35 2018 + Update translations for torbutton-aboutdialogdtd_completed --- en-US/aboutdialog.dtd | 19 +++ 1 file changed, 19 insertions(+) diff --git a/en-US/aboutdialog.dtd b/en-US/aboutdialog.dtd new file mode 100644 index 0..5099ad74b --- /dev/null +++ b/en-US/aboutdialog.dtd @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] Update translations for torbutton-abouttbupdatedtd
commit 640cb2d4e247f9840684259e25169f16f2fa44fe Author: Translation commit bot Date: Tue Nov 13 15:48:40 2018 + Update translations for torbutton-abouttbupdatedtd --- en-US/abouttbupdate.dtd | 10 ++ 1 file changed, 10 insertions(+) diff --git a/en-US/abouttbupdate.dtd b/en-US/abouttbupdate.dtd new file mode 100644 index 0..f7b3f2ed8 --- /dev/null +++ b/en-US/abouttbupdate.dtd @@ -0,0 +1,10 @@ + + + + + + + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd_completed] Update translations for torbutton-abouttbupdatedtd_completed
commit e11d71352e11654bbbc246bc038d6d79730c87fa Author: Translation commit bot Date: Tue Nov 13 15:48:46 2018 + Update translations for torbutton-abouttbupdatedtd_completed --- en-US/abouttbupdate.dtd | 10 ++ 1 file changed, 10 insertions(+) diff --git a/en-US/abouttbupdate.dtd b/en-US/abouttbupdate.dtd new file mode 100644 index 0..f7b3f2ed8 --- /dev/null +++ b/en-US/abouttbupdate.dtd @@ -0,0 +1,10 @@ + + + + + + + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-branddtd_completed] Update translations for torbutton-branddtd_completed
commit b597130e7bef88d367949dcc1d18aed0850cceb5 Author: Translation commit bot Date: Tue Nov 13 15:48:08 2018 + Update translations for torbutton-branddtd_completed --- ast/brand.dtd | 8 az/brand.dtd| 8 cy/brand.dtd| 8 {en => en-US}/brand.dtd | 0 eo/brand.dtd| 8 es_CL/brand.dtd | 8 fr_CA/brand.dtd | 15 --- km/brand.dtd| 8 ko_KR/brand.dtd | 8 nn/brand.dtd| 8 pa/brand.dtd| 8 si_LK/brand.dtd | 8 sl/brand.dtd| 8 tl_PH/brand.dtd | 14 -- 14 files changed, 117 deletions(-) diff --git a/ast/brand.dtd b/ast/brand.dtd deleted file mode 100644 index c72c0d938..0 --- a/ast/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/az/brand.dtd b/az/brand.dtd deleted file mode 100644 index 304b117e0..0 --- a/az/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/cy/brand.dtd b/cy/brand.dtd deleted file mode 100644 index e90ab3c02..0 --- a/cy/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/en/brand.dtd b/en-US/brand.dtd similarity index 100% rename from en/brand.dtd rename to en-US/brand.dtd diff --git a/eo/brand.dtd b/eo/brand.dtd deleted file mode 100644 index 78e190df5..0 --- a/eo/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/es_CL/brand.dtd b/es_CL/brand.dtd deleted file mode 100644 index 421743256..0 --- a/es_CL/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/fr_CA/brand.dtd b/fr_CA/brand.dtd deleted file mode 100644 index 923c0071c..0 --- a/fr_CA/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/km/brand.dtd b/km/brand.dtd deleted file mode 100644 index b38d7b2d6..0 --- a/km/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/ko_KR/brand.dtd b/ko_KR/brand.dtd deleted file mode 100644 index 0cce49840..0 --- a/ko_KR/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/nn/brand.dtd b/nn/brand.dtd deleted file mode 100644 index 3ac910342..0 --- a/nn/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/pa/brand.dtd b/pa/brand.dtd deleted file mode 100644 index b2a6c2da2..0 --- a/pa/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/si_LK/brand.dtd b/si_LK/brand.dtd deleted file mode 100644 index 4f43a94d8..0 --- a/si_LK/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/sl/brand.dtd b/sl/brand.dtd deleted file mode 100644 index feee0dff6..0 --- a/sl/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/tl_PH/brand.dtd b/tl_PH/brand.dtd deleted file mode 100644 index 3a3b43985..0 --- a/tl_PH/brand.dtd +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-branddtd] Update translations for torbutton-branddtd
commit 4ec9eddce6ac4e7d2f922166bcf5c3f21de09781 Author: Translation commit bot Date: Tue Nov 13 15:48:03 2018 + Update translations for torbutton-branddtd --- af_ZA/brand.dtd | 8 ak/brand.dtd | 15 --- am_ET/brand.dtd | 15 --- ar_AA/brand.dtd | 15 --- ba/brand.dtd | 15 --- bal/brand.dtd| 15 --- bg_BG/brand.dtd | 8 bn_IN/brand.dtd | 15 --- brx/brand.dtd| 15 --- ca_ES/brand.dtd | 8 ceb/brand.dtd| 15 --- co/brand.dtd | 15 --- cs_CZ/brand.dtd | 15 --- csb/brand.dtd| 15 --- cv/brand.dtd | 15 --- cy_GB/brand.dtd | 15 --- da_DK/brand.dtd | 15 --- el_GR/brand.dtd | 8 {ady => en-US}/brand.dtd | 0 en/brand.dtd | 15 --- es_NI/brand.dtd | 8 fr_CA/brand.dtd | 15 --- gun/brand.dtd| 15 --- ha/brand.dtd | 15 --- hy_AM/brand.dtd | 15 --- jbo/brand.dtd| 15 --- kw/brand.dtd | 15 --- ms/brand.dtd | 8 nds/brand.dtd| 15 --- pl_PL/brand.dtd | 8 sa/brand.dtd | 15 --- scn/brand.dtd| 15 --- si/brand.dtd | 15 --- sq_AL/brand.dtd | 15 --- su/brand.dtd | 15 --- sv_SE/brand.dtd | 8 sw/brand.dtd | 15 --- szl/brand.dtd| 15 --- te_IN/brand.dtd | 15 --- tl_PH/brand.dtd | 15 --- tzm/brand.dtd| 15 --- ve/brand.dtd | 15 --- wa/brand.dtd | 15 --- wo/brand.dtd | 15 --- yo/brand.dtd | 15 --- zh/brand.dtd | 8 zh_CN.GB2312/brand.dtd | 8 zu/brand.dtd | 15 --- 48 files changed, 635 deletions(-) diff --git a/af_ZA/brand.dtd b/af_ZA/brand.dtd deleted file mode 100644 index 76e405d58..0 --- a/af_ZA/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/ak/brand.dtd b/ak/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/ak/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/am_ET/brand.dtd b/am_ET/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/am_ET/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/ar_AA/brand.dtd b/ar_AA/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/ar_AA/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/ba/brand.dtd b/ba/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/ba/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/bal/brand.dtd b/bal/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/bal/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/bg_BG/brand.dtd b/bg_BG/brand.dtd deleted file mode 100644 index 76e405d58..0 --- a/bg_BG/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/bn_IN/brand.dtd b/bn_IN/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/bn_IN/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/brx/brand.dtd b/brx/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/brx/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/ca_ES/brand.dtd b/ca_ES/brand.dtd deleted file mode 100644 index e34f480e1..0 --- a/ca_ES/brand.dtd +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/ceb/brand.dtd b/ceb/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/ceb/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/co/brand.dtd b/co/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/co/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/cs_CZ/brand.dtd b/cs_CZ/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/cs_CZ/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/csb/brand.dtd b/csb/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/csb/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/cv/brand.dtd b/cv/brand.dtd deleted file mode 100644 index 3df1a084c..0 --- a/cv/brand.dtd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - diff --git a/cy_GB/brand.dtd b/cy_GB/brand.dtd deleted
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5
commit a5f3a67a828fe5d121b456a09710e85362245d42 Merge: 51d944482 6f2151be9 Author: David Goulet Date: Tue Nov 13 10:43:02 2018 -0500 Merge branch 'maint-0.3.5' into release-0.3.5 changes/bug27841 | 7 +++ src/feature/hs/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] At intro points, don't close circuits on NACKs
commit f89f14802e938c7abcd2a6387f64d442cefe72c2 Author: Neel Chauhan Date: Tue Nov 6 17:04:08 2018 -0500 At intro points, don't close circuits on NACKs --- changes/bug27841 | 7 +++ src/or/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/changes/bug27841 b/changes/bug27841 new file mode 100644 index 0..9cd1da727 --- /dev/null +++ b/changes/bug27841 @@ -0,0 +1,7 @@ + o Minor bugfixes (onion services): +- On an intro point for a version 3 onion service, we do not close + an introduction circuit on an NACK. This lets the client decide + whether to reuse the circuit or discard it. Previously, we closed + intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha. + Patch by Neel Chaunan + diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c index 9eaf57251..a622c62dd 100644 --- a/src/or/hs_intropoint.c +++ b/src/or/hs_intropoint.c @@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, /* Circuit has been closed on failure of transmission. */ goto done; } - if (status != HS_INTRO_ACK_STATUS_SUCCESS) { -/* We just sent a NACK that is a non success status code so close the - * circuit because it's not useful to keep it open. Remember, a client can - * only send one INTRODUCE1 cell on a circuit. */ -circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL); - } done: trn_cell_introduce1_free(parsed_cell); return ret; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'tor-github/pr/487' into maint-0.3.5
commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4 Merge: ae4c94bb6 f89f14802 Author: David Goulet Date: Tue Nov 13 10:37:25 2018 -0500 Merge branch 'tor-github/pr/487' into maint-0.3.5 changes/bug27841 | 7 +++ src/feature/hs/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --cc src/feature/hs/hs_intropoint.c index c716447c9,0..2ea53af6a mode 100644,00..100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@@ -1,614 -1,0 +1,608 @@@ +/* Copyright (c) 2016-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file hs_intropoint.c + * \brief Implement next generation introductions point functionality + **/ + +#define HS_INTROPOINT_PRIVATE + +#include "core/or/or.h" +#include "app/config/config.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/relay.h" +#include "feature/rend/rendmid.h" +#include "feature/stats/rephist.h" +#include "lib/crypt_ops/crypto_format.h" + +/* Trunnel */ +#include "trunnel/ed25519_cert.h" +#include "trunnel/hs/cell_common.h" +#include "trunnel/hs/cell_establish_intro.h" +#include "trunnel/hs/cell_introduce1.h" + +#include "feature/hs/hs_circuitmap.h" +#include "feature/hs/hs_descriptor.h" +#include "feature/hs/hs_intropoint.h" +#include "feature/hs/hs_common.h" + +#include "core/or/or_circuit_st.h" + +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using + * the given cell_type from cell and place it in + * auth_key_out. */ +STATIC void +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, + unsigned int cell_type, const void *cell) +{ + size_t auth_key_len; + const uint8_t *key_array; + + tor_assert(auth_key_out); + tor_assert(cell); + + switch (cell_type) { + case RELAY_COMMAND_ESTABLISH_INTRO: + { +const trn_cell_establish_intro_t *c_cell = cell; +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell); +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell); +break; + } + case RELAY_COMMAND_INTRODUCE1: + { +const trn_cell_introduce1_t *c_cell = cell; +key_array = trn_cell_introduce1_getconstarray_auth_key(cell); +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell); +break; + } + default: +/* Getting here is really bad as it means we got a unknown cell type from + * this file where every call has an hardcoded value. */ +tor_assert_unreached(); /* LCOV_EXCL_LINE */ + } + tor_assert(key_array); + tor_assert(auth_key_len == sizeof(auth_key_out->pubkey)); + memcpy(auth_key_out->pubkey, key_array, auth_key_len); +} + +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC, + * given circuit_key_material. Return 0 on success else -1 on error. */ +STATIC int +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, +const uint8_t *circuit_key_material, +size_t circuit_key_material_len) +{ + /* We only reach this function if the first byte of the cell is 0x02 which + * means that auth_key_type is of ed25519 type, hence this check should + * always pass. See hs_intro_received_establish_intro(). */ + if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) { +return -1; + } + + /* Make sure the auth key length is of the right size for this type. For + * EXTRA safety, we check both the size of the array and the length which + * must be the same. Safety first!*/ + if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN || + trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) { +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO auth key length is invalid"); +return -1; + } + + const uint8_t *msg = cell->start_cell; + + /* Verify the sig */ + { +ed25519_signature_t sig_struct; +const uint8_t *sig_array = + trn_cell_establish_intro_getconstarray_sig(cell); + +/* Make sure the signature length is of the right size. For EXTRA safety, + * we check both the size of the array and the length which must be the + * same. Safety first!*/ +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO sig len is invalid"); + return -1; +} +/* We are now sure that sig_len is of the right size. */ +memcpy(sig_struct.sig, sig_array, cell->sig_len); + +ed25519_public_key_t auth_key; +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell); + +const size_t sig_msg_len = cell->end_sig_fields - msg; +int sig_mismatch = ed25519_checksig_prefixed(_struct, +
[tor-commits] [tor/maint-0.3.5] Merge branch 'tor-github/pr/487' into maint-0.3.5
commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4 Merge: ae4c94bb6 f89f14802 Author: David Goulet Date: Tue Nov 13 10:37:25 2018 -0500 Merge branch 'tor-github/pr/487' into maint-0.3.5 changes/bug27841 | 7 +++ src/feature/hs/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --cc src/feature/hs/hs_intropoint.c index c716447c9,0..2ea53af6a mode 100644,00..100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@@ -1,614 -1,0 +1,608 @@@ +/* Copyright (c) 2016-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file hs_intropoint.c + * \brief Implement next generation introductions point functionality + **/ + +#define HS_INTROPOINT_PRIVATE + +#include "core/or/or.h" +#include "app/config/config.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/relay.h" +#include "feature/rend/rendmid.h" +#include "feature/stats/rephist.h" +#include "lib/crypt_ops/crypto_format.h" + +/* Trunnel */ +#include "trunnel/ed25519_cert.h" +#include "trunnel/hs/cell_common.h" +#include "trunnel/hs/cell_establish_intro.h" +#include "trunnel/hs/cell_introduce1.h" + +#include "feature/hs/hs_circuitmap.h" +#include "feature/hs/hs_descriptor.h" +#include "feature/hs/hs_intropoint.h" +#include "feature/hs/hs_common.h" + +#include "core/or/or_circuit_st.h" + +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using + * the given cell_type from cell and place it in + * auth_key_out. */ +STATIC void +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, + unsigned int cell_type, const void *cell) +{ + size_t auth_key_len; + const uint8_t *key_array; + + tor_assert(auth_key_out); + tor_assert(cell); + + switch (cell_type) { + case RELAY_COMMAND_ESTABLISH_INTRO: + { +const trn_cell_establish_intro_t *c_cell = cell; +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell); +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell); +break; + } + case RELAY_COMMAND_INTRODUCE1: + { +const trn_cell_introduce1_t *c_cell = cell; +key_array = trn_cell_introduce1_getconstarray_auth_key(cell); +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell); +break; + } + default: +/* Getting here is really bad as it means we got a unknown cell type from + * this file where every call has an hardcoded value. */ +tor_assert_unreached(); /* LCOV_EXCL_LINE */ + } + tor_assert(key_array); + tor_assert(auth_key_len == sizeof(auth_key_out->pubkey)); + memcpy(auth_key_out->pubkey, key_array, auth_key_len); +} + +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC, + * given circuit_key_material. Return 0 on success else -1 on error. */ +STATIC int +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, +const uint8_t *circuit_key_material, +size_t circuit_key_material_len) +{ + /* We only reach this function if the first byte of the cell is 0x02 which + * means that auth_key_type is of ed25519 type, hence this check should + * always pass. See hs_intro_received_establish_intro(). */ + if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) { +return -1; + } + + /* Make sure the auth key length is of the right size for this type. For + * EXTRA safety, we check both the size of the array and the length which + * must be the same. Safety first!*/ + if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN || + trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) { +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO auth key length is invalid"); +return -1; + } + + const uint8_t *msg = cell->start_cell; + + /* Verify the sig */ + { +ed25519_signature_t sig_struct; +const uint8_t *sig_array = + trn_cell_establish_intro_getconstarray_sig(cell); + +/* Make sure the signature length is of the right size. For EXTRA safety, + * we check both the size of the array and the length which must be the + * same. Safety first!*/ +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO sig len is invalid"); + return -1; +} +/* We are now sure that sig_len is of the right size. */ +memcpy(sig_struct.sig, sig_array, cell->sig_len); + +ed25519_public_key_t auth_key; +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell); + +const size_t sig_msg_len = cell->end_sig_fields - msg; +int sig_mismatch = ed25519_checksig_prefixed(_struct, +
[tor-commits] [tor/master] Merge branch 'tor-github/pr/487' into maint-0.3.5
commit 6f2151be9a3e8b535bff4477a17f9c41d3f1d7f4 Merge: ae4c94bb6 f89f14802 Author: David Goulet Date: Tue Nov 13 10:37:25 2018 -0500 Merge branch 'tor-github/pr/487' into maint-0.3.5 changes/bug27841 | 7 +++ src/feature/hs/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --cc src/feature/hs/hs_intropoint.c index c716447c9,0..2ea53af6a mode 100644,00..100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@@ -1,614 -1,0 +1,608 @@@ +/* Copyright (c) 2016-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file hs_intropoint.c + * \brief Implement next generation introductions point functionality + **/ + +#define HS_INTROPOINT_PRIVATE + +#include "core/or/or.h" +#include "app/config/config.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/relay.h" +#include "feature/rend/rendmid.h" +#include "feature/stats/rephist.h" +#include "lib/crypt_ops/crypto_format.h" + +/* Trunnel */ +#include "trunnel/ed25519_cert.h" +#include "trunnel/hs/cell_common.h" +#include "trunnel/hs/cell_establish_intro.h" +#include "trunnel/hs/cell_introduce1.h" + +#include "feature/hs/hs_circuitmap.h" +#include "feature/hs/hs_descriptor.h" +#include "feature/hs/hs_intropoint.h" +#include "feature/hs/hs_common.h" + +#include "core/or/or_circuit_st.h" + +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using + * the given cell_type from cell and place it in + * auth_key_out. */ +STATIC void +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, + unsigned int cell_type, const void *cell) +{ + size_t auth_key_len; + const uint8_t *key_array; + + tor_assert(auth_key_out); + tor_assert(cell); + + switch (cell_type) { + case RELAY_COMMAND_ESTABLISH_INTRO: + { +const trn_cell_establish_intro_t *c_cell = cell; +key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell); +auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell); +break; + } + case RELAY_COMMAND_INTRODUCE1: + { +const trn_cell_introduce1_t *c_cell = cell; +key_array = trn_cell_introduce1_getconstarray_auth_key(cell); +auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell); +break; + } + default: +/* Getting here is really bad as it means we got a unknown cell type from + * this file where every call has an hardcoded value. */ +tor_assert_unreached(); /* LCOV_EXCL_LINE */ + } + tor_assert(key_array); + tor_assert(auth_key_len == sizeof(auth_key_out->pubkey)); + memcpy(auth_key_out->pubkey, key_array, auth_key_len); +} + +/** We received an ESTABLISH_INTRO cell. Verify its signature and MAC, + * given circuit_key_material. Return 0 on success else -1 on error. */ +STATIC int +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, +const uint8_t *circuit_key_material, +size_t circuit_key_material_len) +{ + /* We only reach this function if the first byte of the cell is 0x02 which + * means that auth_key_type is of ed25519 type, hence this check should + * always pass. See hs_intro_received_establish_intro(). */ + if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) { +return -1; + } + + /* Make sure the auth key length is of the right size for this type. For + * EXTRA safety, we check both the size of the array and the length which + * must be the same. Safety first!*/ + if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN || + trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) { +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO auth key length is invalid"); +return -1; + } + + const uint8_t *msg = cell->start_cell; + + /* Verify the sig */ + { +ed25519_signature_t sig_struct; +const uint8_t *sig_array = + trn_cell_establish_intro_getconstarray_sig(cell); + +/* Make sure the signature length is of the right size. For EXTRA safety, + * we check both the size of the array and the length which must be the + * same. Safety first!*/ +if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || +trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "ESTABLISH_INTRO sig len is invalid"); + return -1; +} +/* We are now sure that sig_len is of the right size. */ +memcpy(sig_struct.sig, sig_array, cell->sig_len); + +ed25519_public_key_t auth_key; +get_auth_key_from_cell(_key, RELAY_COMMAND_ESTABLISH_INTRO, cell); + +const size_t sig_msg_len = cell->end_sig_fields - msg; +int sig_mismatch = ed25519_checksig_prefixed(_struct, +
[tor-commits] [tor/maint-0.3.5] At intro points, don't close circuits on NACKs
commit f89f14802e938c7abcd2a6387f64d442cefe72c2 Author: Neel Chauhan Date: Tue Nov 6 17:04:08 2018 -0500 At intro points, don't close circuits on NACKs --- changes/bug27841 | 7 +++ src/or/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/changes/bug27841 b/changes/bug27841 new file mode 100644 index 0..9cd1da727 --- /dev/null +++ b/changes/bug27841 @@ -0,0 +1,7 @@ + o Minor bugfixes (onion services): +- On an intro point for a version 3 onion service, we do not close + an introduction circuit on an NACK. This lets the client decide + whether to reuse the circuit or discard it. Previously, we closed + intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha. + Patch by Neel Chaunan + diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c index 9eaf57251..a622c62dd 100644 --- a/src/or/hs_intropoint.c +++ b/src/or/hs_intropoint.c @@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, /* Circuit has been closed on failure of transmission. */ goto done; } - if (status != HS_INTRO_ACK_STATUS_SUCCESS) { -/* We just sent a NACK that is a non success status code so close the - * circuit because it's not useful to keep it open. Remember, a client can - * only send one INTRODUCE1 cell on a circuit. */ -circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL); - } done: trn_cell_introduce1_free(parsed_cell); return ret; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] At intro points, don't close circuits on NACKs
commit f89f14802e938c7abcd2a6387f64d442cefe72c2 Author: Neel Chauhan Date: Tue Nov 6 17:04:08 2018 -0500 At intro points, don't close circuits on NACKs --- changes/bug27841 | 7 +++ src/or/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/changes/bug27841 b/changes/bug27841 new file mode 100644 index 0..9cd1da727 --- /dev/null +++ b/changes/bug27841 @@ -0,0 +1,7 @@ + o Minor bugfixes (onion services): +- On an intro point for a version 3 onion service, we do not close + an introduction circuit on an NACK. This lets the client decide + whether to reuse the circuit or discard it. Previously, we closed + intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha. + Patch by Neel Chaunan + diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c index 9eaf57251..a622c62dd 100644 --- a/src/or/hs_intropoint.c +++ b/src/or/hs_intropoint.c @@ -501,12 +501,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, /* Circuit has been closed on failure of transmission. */ goto done; } - if (status != HS_INTRO_ACK_STATUS_SUCCESS) { -/* We just sent a NACK that is a non success status code so close the - * circuit because it's not useful to keep it open. Remember, a client can - * only send one INTRODUCE1 cell on a circuit. */ -circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL); - } done: trn_cell_introduce1_free(parsed_cell); return ret; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.5'
commit 8fb318860ecd399a59b830920e4aa21607a7b3ce Merge: d000e798a 6f2151be9 Author: David Goulet Date: Tue Nov 13 10:43:03 2018 -0500 Merge branch 'maint-0.3.5' changes/bug27841 | 7 +++ src/feature/hs/hs_intropoint.c | 6 -- 2 files changed, 7 insertions(+), 6 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
commit 866df22aaabc795db73b2512226f1ad924fc0a4b Author: Translation commit bot Date: Tue Nov 13 15:18:18 2018 + Update translations for torbutton-torbuttondtd --- ko/torbutton.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd index c4d6183e9..b23701b2e 100644 --- a/ko/torbutton.dtd +++ b/ko/torbutton.dtd @@ -39,7 +39,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-torbuttondtd_completed] Update translations for torbutton-torbuttondtd_completed
commit 12280bdfb270a9ce862d6d8a1f74a77ae4dc114f Author: Translation commit bot Date: Tue Nov 13 15:18:24 2018 + Update translations for torbutton-torbuttondtd_completed --- ko/torbutton.dtd | 51 +++ 1 file changed, 51 insertions(+) diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd new file mode 100644 index 0..b23701b2e --- /dev/null +++ b/ko/torbutton.dtd @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
commit 5e7db9a6a3e2230cfe114c30ed7390d6e8280713 Author: Translation commit bot Date: Tue Nov 13 14:48:21 2018 + Update translations for torbutton-torbuttondtd --- ko/torbutton.dtd | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd index 90aa46013..c4d6183e9 100644 --- a/ko/torbutton.dtd +++ b/ko/torbutton.dtd @@ -34,18 +34,18 @@ - + - - + + - + - + - - + + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
commit cdb0fc76eb1fcacef59a2084d50c04084d0da1b1 Author: Translation commit bot Date: Tue Nov 13 14:18:15 2018 + Update translations for torbutton-torbuttondtd --- ko/torbutton.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ko/torbutton.dtd b/ko/torbutton.dtd index 5daf9f140..90aa46013 100644 --- a/ko/torbutton.dtd +++ b/ko/torbutton.dtd @@ -35,10 +35,10 @@ - + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 223b198b9d300f3aa72bc2d95460b8645dcdbe58 Author: Translation commit bot Date: Tue Nov 13 14:17:38 2018 + Update translations for tor-browser-manual --- ko/ko.po | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ko/ko.po b/ko/ko.po index 109126e43..ac0c5eecb 100644 --- a/ko/ko.po +++ b/ko/ko.po @@ -6,15 +6,15 @@ # jshyun , 2016 # Dr.what , 2016 # snotree , 2017 -# Philipp Sauter , 2018 # SEPT , 2018 +# Philipp Sauter , 2018 # msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2018-09-07 16:48-0500\n" "PO-Revision-Date: 2016-12-07 01:01+\n" -"Last-Translator: SEPT , 2018\n" +"Last-Translator: Philipp Sauter , 2018\n" "Language-Team: Korean (https://www.transifex.com/otf/teams/1519/ko/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -1072,7 +1072,7 @@ msgstr "" #: security-slider.page:42 msgid "Safest" -msgstr "" +msgstr "ì ì¼ ìì í©ëë¤" #: security-slider.page:43 msgid "" @@ -1086,7 +1086,7 @@ msgstr "" #: security-slider.page:53 msgid "Safer" -msgstr "" +msgstr "ë ìì í©ëë¤" #: security-slider.page:54 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3
commit 15c99be9637fd6c3dfc9f45a24fd06054dffd140 Merge: c079be8c7 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:28 2018 -0500 Merge branch 'maint-0.3.3' into release-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.5'
commit d000e798acce374225ead0bd074169ad611bf001 Merge: d1e9285b1 ae4c94bb6 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.5' changes/bug28413| 4 src/lib/crypt_ops/aes_openssl.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 42be1c668b9f8ec255afb307054e6388f478e837 Merge: 1fce9d129 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 42be1c668b9f8ec255afb307054e6388f478e837 Merge: 1fce9d129 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.4' into release-0.3.4
commit 6b2c1d62a5bb590f35779dd26ced00d41938cdb5 Merge: 73378e9ac 42be1c668 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.4' into release-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.4' into maint-0.3.5
commit ae4c94bb6468078ba16de481991e781e1b486340 Merge: 896d0ebb9 42be1c668 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.4' into maint-0.3.5 changes/bug28413| 4 src/lib/crypt_ops/aes_openssl.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --cc src/lib/crypt_ops/aes_openssl.c index f2990fc06,0..ac275af33 mode 100644,00..100644 --- a/src/lib/crypt_ops/aes_openssl.c +++ b/src/lib/crypt_ops/aes_openssl.c @@@ -1,410 -1,0 +1,410 @@@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file aes_openssl.c + * \brief Use OpenSSL to implement AES_CTR. + **/ + +#include "orconfig.h" +#include "lib/crypt_ops/aes.h" +#include "lib/crypt_ops/crypto_util.h" +#include "lib/log/util_bug.h" +#include "lib/arch/bytes.h" + +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/ + #include + #include +#endif + +#include "lib/crypt_ops/compat_openssl.h" +#include +#include "lib/crypt_ops/crypto_openssl_mgt.h" + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" +#endif + +DISABLE_GCC_WARNING(redundant-decls) + +#include +#include +#include +#include +#include +#include + +ENABLE_GCC_WARNING(redundant-decls) + +#include "lib/crypt_ops/aes.h" +#include "lib/log/log.h" +#include "lib/ctime/di_ops.h" + +#ifdef ANDROID +/* Android's OpenSSL seems to have removed all of its Engine support. */ +#define DISABLE_ENGINES +#endif + +/* We have five strategies for implementing AES counter mode. + * + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate(). + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation + * can use bit-sliced or vectorized AES or AESNI as appropriate. + * + * Otherwise: Pick the best possible AES block implementation that OpenSSL + * gives us, and the best possible counter-mode implementation, and combine + * them. + */ +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) + +/* With newer OpenSSL versions, the older fallback modes don't compile. So + * don't use them, even if we lack specific acceleration. */ + +#define USE_EVP_AES_CTR + +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \ + (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__)) + +#define USE_EVP_AES_CTR + +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */ + +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function. + * + * If there's any hardware acceleration in play, we want to be using EVP_* so + * we can get it. Otherwise, we'll want AES_*, which seems to be about 5% + * faster than indirecting through the EVP layer. + */ + +/* We have 2 strategies for getting a plug-in counter mode: use our own, or + * use OpenSSL's. + * + * Here we have a counter mode that's faster than the one shipping with + * OpenSSL pre-1.0 (by about 10%!). But OpenSSL 1.0.0 added a counter mode + * implementation faster than the one here (by about 7%). So we pick which + * one to used based on the Openssl version above. (OpenSSL 1.0.0a fixed a + * critical bug in that counter mode implementation, so we need to test to + * make sure that we have a fixed version.) + */ + +#ifdef USE_EVP_AES_CTR + +/* We don't actually define the struct here. */ + +aes_cnt_cipher_t * +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) +{ + EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; ++ const EVP_CIPHER *c = NULL; + switch (key_bits) { +case 128: c = EVP_aes_128_ctr(); break; +case 192: c = EVP_aes_192_ctr(); break; +case 256: c = EVP_aes_256_ctr(); break; - default: tor_assert(0); // LCOV_EXCL_LINE ++default: tor_assert_unreached(); // LCOV_EXCL_LINE + } + EVP_EncryptInit(cipher, c, key, iv); + return (aes_cnt_cipher_t *) cipher; +} +void +aes_cipher_free_(aes_cnt_cipher_t *cipher_) +{ + if (!cipher_) +return; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; +#ifdef OPENSSL_1_1_API + EVP_CIPHER_CTX_reset(cipher); +#else + EVP_CIPHER_CTX_cleanup(cipher); +#endif + EVP_CIPHER_CTX_free(cipher); +} +void +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len) +{ + int outl; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; + + tor_assert(len < INT_MAX); + + EVP_EncryptUpdate(cipher, (unsigned char*)data, +, (unsigned char*)data, (int)len); +}
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.4' into maint-0.3.5
commit ae4c94bb6468078ba16de481991e781e1b486340 Merge: 896d0ebb9 42be1c668 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.4' into maint-0.3.5 changes/bug28413| 4 src/lib/crypt_ops/aes_openssl.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --cc src/lib/crypt_ops/aes_openssl.c index f2990fc06,0..ac275af33 mode 100644,00..100644 --- a/src/lib/crypt_ops/aes_openssl.c +++ b/src/lib/crypt_ops/aes_openssl.c @@@ -1,410 -1,0 +1,410 @@@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file aes_openssl.c + * \brief Use OpenSSL to implement AES_CTR. + **/ + +#include "orconfig.h" +#include "lib/crypt_ops/aes.h" +#include "lib/crypt_ops/crypto_util.h" +#include "lib/log/util_bug.h" +#include "lib/arch/bytes.h" + +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/ + #include + #include +#endif + +#include "lib/crypt_ops/compat_openssl.h" +#include +#include "lib/crypt_ops/crypto_openssl_mgt.h" + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" +#endif + +DISABLE_GCC_WARNING(redundant-decls) + +#include +#include +#include +#include +#include +#include + +ENABLE_GCC_WARNING(redundant-decls) + +#include "lib/crypt_ops/aes.h" +#include "lib/log/log.h" +#include "lib/ctime/di_ops.h" + +#ifdef ANDROID +/* Android's OpenSSL seems to have removed all of its Engine support. */ +#define DISABLE_ENGINES +#endif + +/* We have five strategies for implementing AES counter mode. + * + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate(). + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation + * can use bit-sliced or vectorized AES or AESNI as appropriate. + * + * Otherwise: Pick the best possible AES block implementation that OpenSSL + * gives us, and the best possible counter-mode implementation, and combine + * them. + */ +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) + +/* With newer OpenSSL versions, the older fallback modes don't compile. So + * don't use them, even if we lack specific acceleration. */ + +#define USE_EVP_AES_CTR + +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \ + (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__)) + +#define USE_EVP_AES_CTR + +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */ + +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function. + * + * If there's any hardware acceleration in play, we want to be using EVP_* so + * we can get it. Otherwise, we'll want AES_*, which seems to be about 5% + * faster than indirecting through the EVP layer. + */ + +/* We have 2 strategies for getting a plug-in counter mode: use our own, or + * use OpenSSL's. + * + * Here we have a counter mode that's faster than the one shipping with + * OpenSSL pre-1.0 (by about 10%!). But OpenSSL 1.0.0 added a counter mode + * implementation faster than the one here (by about 7%). So we pick which + * one to used based on the Openssl version above. (OpenSSL 1.0.0a fixed a + * critical bug in that counter mode implementation, so we need to test to + * make sure that we have a fixed version.) + */ + +#ifdef USE_EVP_AES_CTR + +/* We don't actually define the struct here. */ + +aes_cnt_cipher_t * +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) +{ + EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; ++ const EVP_CIPHER *c = NULL; + switch (key_bits) { +case 128: c = EVP_aes_128_ctr(); break; +case 192: c = EVP_aes_192_ctr(); break; +case 256: c = EVP_aes_256_ctr(); break; - default: tor_assert(0); // LCOV_EXCL_LINE ++default: tor_assert_unreached(); // LCOV_EXCL_LINE + } + EVP_EncryptInit(cipher, c, key, iv); + return (aes_cnt_cipher_t *) cipher; +} +void +aes_cipher_free_(aes_cnt_cipher_t *cipher_) +{ + if (!cipher_) +return; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; +#ifdef OPENSSL_1_1_API + EVP_CIPHER_CTX_reset(cipher); +#else + EVP_CIPHER_CTX_cleanup(cipher); +#endif + EVP_CIPHER_CTX_free(cipher); +} +void +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len) +{ + int outl; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; + + tor_assert(len < INT_MAX); + + EVP_EncryptUpdate(cipher, (unsigned char*)data, +, (unsigned char*)data, (int)len); +}
[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
commit 7651775b8f4ce00b36735fbc0dc64102b4bbac87 Merge: 79443fd82 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:26:54 2018 -0500 Merge branch 'maint-0.2.9' into release-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5
commit 51d9444823b95eeec60ae8e45d63017323016978 Merge: c97c2c690 ae4c94bb6 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.5' into release-0.3.5 changes/bug28413| 4 src/lib/crypt_ops/aes_openssl.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 42be1c668b9f8ec255afb307054e6388f478e837 Merge: 1fce9d129 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.3.4' into maint-0.3.5
commit ae4c94bb6468078ba16de481991e781e1b486340 Merge: 896d0ebb9 42be1c668 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.4' into maint-0.3.5 changes/bug28413| 4 src/lib/crypt_ops/aes_openssl.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --cc src/lib/crypt_ops/aes_openssl.c index f2990fc06,0..ac275af33 mode 100644,00..100644 --- a/src/lib/crypt_ops/aes_openssl.c +++ b/src/lib/crypt_ops/aes_openssl.c @@@ -1,410 -1,0 +1,410 @@@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file aes_openssl.c + * \brief Use OpenSSL to implement AES_CTR. + **/ + +#include "orconfig.h" +#include "lib/crypt_ops/aes.h" +#include "lib/crypt_ops/crypto_util.h" +#include "lib/log/util_bug.h" +#include "lib/arch/bytes.h" + +#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include "*/ + #include + #include +#endif + +#include "lib/crypt_ops/compat_openssl.h" +#include +#include "lib/crypt_ops/crypto_openssl_mgt.h" + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" +#endif + +DISABLE_GCC_WARNING(redundant-decls) + +#include +#include +#include +#include +#include +#include + +ENABLE_GCC_WARNING(redundant-decls) + +#include "lib/crypt_ops/aes.h" +#include "lib/log/log.h" +#include "lib/ctime/di_ops.h" + +#ifdef ANDROID +/* Android's OpenSSL seems to have removed all of its Engine support. */ +#define DISABLE_ENGINES +#endif + +/* We have five strategies for implementing AES counter mode. + * + * Best with x86 and x86_64: Use EVP_aes_*_ctr() and EVP_EncryptUpdate(). + * This is possible with OpenSSL 1.0.1, where the counter-mode implementation + * can use bit-sliced or vectorized AES or AESNI as appropriate. + * + * Otherwise: Pick the best possible AES block implementation that OpenSSL + * gives us, and the best possible counter-mode implementation, and combine + * them. + */ +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) + +/* With newer OpenSSL versions, the older fallback modes don't compile. So + * don't use them, even if we lack specific acceleration. */ + +#define USE_EVP_AES_CTR + +#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \ + (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__)) + +#define USE_EVP_AES_CTR + +#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */ + +/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's + * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function. + * + * If there's any hardware acceleration in play, we want to be using EVP_* so + * we can get it. Otherwise, we'll want AES_*, which seems to be about 5% + * faster than indirecting through the EVP layer. + */ + +/* We have 2 strategies for getting a plug-in counter mode: use our own, or + * use OpenSSL's. + * + * Here we have a counter mode that's faster than the one shipping with + * OpenSSL pre-1.0 (by about 10%!). But OpenSSL 1.0.0 added a counter mode + * implementation faster than the one here (by about 7%). So we pick which + * one to used based on the Openssl version above. (OpenSSL 1.0.0a fixed a + * critical bug in that counter mode implementation, so we need to test to + * make sure that we have a fixed version.) + */ + +#ifdef USE_EVP_AES_CTR + +/* We don't actually define the struct here. */ + +aes_cnt_cipher_t * +aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) +{ + EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; ++ const EVP_CIPHER *c = NULL; + switch (key_bits) { +case 128: c = EVP_aes_128_ctr(); break; +case 192: c = EVP_aes_192_ctr(); break; +case 256: c = EVP_aes_256_ctr(); break; - default: tor_assert(0); // LCOV_EXCL_LINE ++default: tor_assert_unreached(); // LCOV_EXCL_LINE + } + EVP_EncryptInit(cipher, c, key, iv); + return (aes_cnt_cipher_t *) cipher; +} +void +aes_cipher_free_(aes_cnt_cipher_t *cipher_) +{ + if (!cipher_) +return; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; +#ifdef OPENSSL_1_1_API + EVP_CIPHER_CTX_reset(cipher); +#else + EVP_CIPHER_CTX_cleanup(cipher); +#endif + EVP_CIPHER_CTX_free(cipher); +} +void +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len) +{ + int outl; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; + + tor_assert(len < INT_MAX); + + EVP_EncryptUpdate(cipher, (unsigned char*)data, +, (unsigned char*)data, (int)len); +}
[tor-commits] [tor/maint-0.3.5] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 42be1c668b9f8ec255afb307054e6388f478e837 Merge: 1fce9d129 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] Merge branch 'maint-0.2.9' into maint-0.3.3
commit 54d1a2d80537e9f9a90dcca18c9e616f73809f58 Merge: 93b6d4137 7f042cbc0 Author: Nick Mathewson Date: Tue Nov 13 08:27:17 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.3 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --cc src/common/aes.c index 5d0841dfa,8ab2d2fc6..4d4a2d773 --- a/src/common/aes.c +++ b/src/common/aes.c @@@ -402,5 -401,4 +402,4 @@@ aes_set_iv(aes_cnt_cipher_t *cipher, co memcpy(cipher->ctr_buf.buf, iv, 16); } -#endif +#endif /* defined(USE_EVP_AES_CTR) */ - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 42be1c668b9f8ec255afb307054e6388f478e837 Merge: 1fce9d129 54d1a2d80 Author: Nick Mathewson Date: Tue Nov 13 08:27:29 2018 -0500 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug28413 | 4 src/common/aes.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Merge branch 'bug28413_029' into maint-0.2.9
commit 7f042cbc0a9397c1e5c0f3e9c3bb31ff333d9983 Merge: 46796623f 1a11702a9 Author: Nick Mathewson Date: Tue Nov 13 08:26:51 2018 -0500 Merge branch 'bug28413_029' into maint-0.2.9 changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Fix a compiler warning in aes.c.
commit 1a11702a9a4d5f95c52eb55263008ce2aa8017ef Author: Nick Mathewson Date: Mon Nov 12 15:39:28 2018 -0500 Fix a compiler warning in aes.c. Apparently some freebsd compilers can't tell that 'c' will never be used uninitialized. Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for longer AES keys to this function. --- changes/bug28413 | 4 src/common/aes.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/changes/bug28413 b/changes/bug28413 new file mode 100644 index 0..4c88bea7e --- /dev/null +++ b/changes/bug28413 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): +- Initialize a variable in aes_new_cipher(), since some compilers + cannot tell that we always initialize it before use. Fixes bug 28413; + bugfix on 0.2.9.3-alpha. diff --git a/src/common/aes.c b/src/common/aes.c index 35c2d1e3a..8ab2d2fc6 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -99,12 +99,12 @@ aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *c; + const EVP_CIPHER *c = NULL; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; -default: tor_assert(0); // LCOV_EXCL_LINE +default: tor_assert_unreached(); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; @@ -402,4 +402,3 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv) } #endif - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits