[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 23a8e4dc8081631784e48e5960eeabb546a5234b Author: Translation commit bot Date: Tue Jul 31 06:17:00 2018 + Update translations for tails-misc_completed --- id.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id.po b/id.po index 431e12ab5..c3dbaef20 100644 --- a/id.po +++ b/id.po @@ -18,8 +18,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-24 08:44+0800\n" -"PO-Revision-Date: 2018-07-30 06:44+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 05:48+\n" +"Last-Translator: ical\n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit e2b4c7831e314ccdaf327fbf7acac12cc8a12cd5 Author: Translation commit bot Date: Tue Jul 31 06:16:53 2018 + Update translations for tails-misc --- id.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id.po b/id.po index 431e12ab5..c3dbaef20 100644 --- a/id.po +++ b/id.po @@ -18,8 +18,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-24 08:44+0800\n" -"PO-Revision-Date: 2018-07-30 06:44+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 05:48+\n" +"Last-Translator: ical\n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/mat-gui] Update translations for mat-gui
commit 9b7c6cac52229a1a6c5353e3678db7fd19ee05fb Author: Translation commit bot Date: Tue Jul 31 05:16:38 2018 + Update translations for mat-gui --- id.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/id.po b/id.po index c2832a96d..13f4b79b5 100644 --- a/id.po +++ b/id.po @@ -8,7 +8,7 @@ # Fathan Imanudin , 2014 # hermawan , 2014 # kogamatranslator31 , 2015 -# Mohamad Hasan Al Banna , 2015 +# se7entime , 2015 # zk, 2016 # zk, 2015 msgid "" @@ -16,8 +16,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-02-10 23:06+0100\n" -"PO-Revision-Date: 2018-04-12 19:01+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 05:00+\n" +"Last-Translator: ical\n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed
commit 89a805d00bd1757212f32f10d096a9e1e08bab2e Author: Translation commit bot Date: Tue Jul 31 05:16:43 2018 + Update translations for mat-gui_completed --- id.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/id.po b/id.po index c2832a96d..13f4b79b5 100644 --- a/id.po +++ b/id.po @@ -8,7 +8,7 @@ # Fathan Imanudin , 2014 # hermawan , 2014 # kogamatranslator31 , 2015 -# Mohamad Hasan Al Banna , 2015 +# se7entime , 2015 # zk, 2016 # zk, 2015 msgid "" @@ -16,8 +16,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-02-10 23:06+0100\n" -"PO-Revision-Date: 2018-04-12 19:01+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 05:00+\n" +"Last-Translator: ical\n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/bridgedb] Update translations for bridgedb
commit c99821ad153366ca0ceba3564b592ac5d67e986c Author: Translation commit bot Date: Tue Jul 31 05:15:07 2018 + Update translations for bridgedb --- id/LC_MESSAGES/bridgedb.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id/LC_MESSAGES/bridgedb.po b/id/LC_MESSAGES/bridgedb.po index 52eba43ca..f47b6af1c 100644 --- a/id/LC_MESSAGES/bridgedb.po +++ b/id/LC_MESSAGES/bridgedb.po @@ -20,8 +20,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywords=bridgedb-reported,msgid&cc=isis,sysrqb&owner=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2018-04-12 18:54+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 04:58+\n" +"Last-Translator: Fransisca Susanti \n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/bridgedb_completed] Update translations for bridgedb_completed
commit bb3ca7e5ee798e637a488a66791a221520a4728d Author: Translation commit bot Date: Tue Jul 31 05:15:15 2018 + Update translations for bridgedb_completed --- id/LC_MESSAGES/bridgedb.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id/LC_MESSAGES/bridgedb.po b/id/LC_MESSAGES/bridgedb.po index 52eba43ca..f47b6af1c 100644 --- a/id/LC_MESSAGES/bridgedb.po +++ b/id/LC_MESSAGES/bridgedb.po @@ -20,8 +20,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywords=bridgedb-reported,msgid&cc=isis,sysrqb&owner=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2018-04-12 18:54+\n" -"Last-Translator: Robert Dafis \n" +"PO-Revision-Date: 2018-07-31 04:58+\n" +"Last-Translator: Fransisca Susanti \n" "Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Add new job posts
commit 9e01724acb41b2102f12bc85e74c76a3908e8ab0 Author: hiro Date: Tue Jul 31 06:34:48 2018 +0200 Add new job posts --- about/en/jobs-grantsmanager.wml | 73 +++ about/en/jobs-grantwriter.wml | 72 ++ about/en/jobs-payrollspecialist.wml | 77 + about/en/jobs.wml | 3 ++ 4 files changed, 225 insertions(+) diff --git a/about/en/jobs-grantsmanager.wml b/about/en/jobs-grantsmanager.wml new file mode 100644 index ..ea2bf27b --- /dev/null +++ b/about/en/jobs-grantsmanager.wml @@ -0,0 +1,73 @@ +## translation metadata +# Revision: $Revision$ +# Translation-Priority: 3-low + +#include "head.wmi" TITLE="Tor Project: Jobs (Grants Manager)" CHARSET="UTF-8" + + +Home » +About » +Jobs + + +Internet Freedom Nonprofit Seeks Experienced Grants Manager +(Posted July 31, 2018) + + +The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking an experienced Grants Manager to provide fiscal oversight to our federal and foundation grants and contracts. + + + +The ideal candidate will have at least three years of experience monitoring federal grants and contracts, as well as multi-year grants from private foundations. This position reports to our CFO and will work closely with our fundraising and management teams. + + +Tasks include, but are not limited to: + + +Maintain files and documentation for our grants and contracts to ensure compliance with funder requirements and progress toward annual goals. +Communicate the status of grant activities and progress toward objectives to stakeholders. +Send monthly reports to front line managers indicating the current status of grants worked on by their teams. +Manage invoicing and billing of federal contracts to ensure full payment is received. +Pull financial reports to be used in grant reporting. +Help with budgeting for new grant proposals. +Monitor and track grants through our Granthub software. +Review current organizational procedures and suggest ways to streamline processes, as requested. + + +The person we seek should have the following qualities, skills, and abilities: + + +Must be comfortable working in a paperless office. +Experience creating spreadsheets to be used for predictive modelling. +Proficient understanding of and ability to use technology; willingness and ability to learn and use new technologies. +Conscientious, hard working, and highly organized with superior attention to detail. +Must be a self-starter who thrives on working independently +Willingness to seek additional assistance when new challenges present themselves. +Willingness to travel to international meetings at least twice a year. + + + +The Tor Project's workforce is smart and committed. Experience working with open source communities and/or a dedication to Internet freedom are added pluses. + + +The Tor Project's workforce is smart and committed. Experience working with open source communities and/or a dedication to Internet freedom are added pluses. The Tor Project currently has a paid and contract staff of around 35 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation and corporate donations. + + +Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; and flexible work schedule. + + +This is a full-time, hands-on position, which can be done remotely or in our office in Seattle, WA. To apply, send a cover letter and your resume to hr at torproject dot org with âGrants Managerâ in the subject line. Tell us why you think youâre the right person for this job and why you want to work at Tor Project. No phone calls please! + + +The Tor Project, Inc., is an equal opportunity, affirmative action employer. + + + + +#include "side.wmi" +#include "info.wmi" + + + + +#include diff --git a/about/en/jobs-grantwriter.wml b/about/en/jobs-grantwriter.wml new file mode 100644 index ..532dfce9 --- /dev/null +++ b/about/en/jobs-grantwriter.wml @@ -0,0 +1,72 @@ +## translation metadata +# Revision: $Revision$ +# Translation-Priority: 3-low + +#include "head.wmi" TITLE="Tor Project: Jobs (Grant Writer)" CHARSET="UTF-8" + + +Home » +About » +Jobs + + +Internet Freedom Nonprofit Seeks Grant Writer +(Posted July 31, 2018) + + +The Tor Project, Inc., a 501(c)(3) nonprofit organization that provides technical infrastru
[tor-commits] [tor/master] fix wrong word in comment
commit fe9f58514349c9d25b48ae29c87d8aaf065d0931 Author: Roger Dingledine Date: Mon Jul 30 22:35:33 2018 -0400 fix wrong word in comment --- src/feature/hs/hs_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c index 1c5dfd5e6..12405a79c 100644 --- a/src/feature/hs/hs_common.c +++ b/src/feature/hs/hs_common.c @@ -844,7 +844,7 @@ hs_get_subcredential(const ed25519_public_key_t *identity_pk, memwipe(credential, 0, sizeof(credential)); } -/* From the given list of hidden service ports, find the ones that much the +/* From the given list of hidden service ports, find the ones that match the * given edge connection conn, pick one at random and use it to set the * connection address. Return 0 on success or -1 if none. */ int ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-topics] Update translations for support-topics
commit 083156b48860ffe0d1c31e987ecc88c675ed6b9e Author: Translation commit bot Date: Mon Jul 30 23:50:08 2018 + Update translations for support-topics --- id.json | 110 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/id.json b/id.json index 2ff7ae3ef..eda0dd777 100644 --- a/id.json +++ b/id.json @@ -1,57 +1,57 @@ { -"faq": { - "path": "#faq", - "control": "faq", - "label": "Most Frequently Asked Questions" -}, -"tbb": { - "path": "#tbb", - "control": "tbb", - "label": "Peramban Tor" -}, -"tormessenger": { - "path": "#tormessenger", - "control": "tormessenger", - "label": "Tor Messenger" -}, -"tormobile": { - "path": "#tormobile", - "control": "tormobile", - "label": "Tor Mobile" -}, -"gettor": { - "path": "#gettor", - "control": "gettor", - "label": "GetTor" -}, -"connecting": { - "path": "#connectingtotor", - "control": "connectingtotor", - "label": "Terhubung ke Tor" -}, -"censorship": { - "path": "#censorship", - "control": "sensor", - "label": "Sensor" -}, -"https": { - "path": "#https", - "control": "https", - "label": "HTTPS" -}, -"operators": { - "path": "#operators", - "control": "operators", - "label": "Operator" -}, -"onionservices": { - "path": "#onionservices", - "control": "onionservices", - "label": "Layanan Onion" -}, -"misc": { - "path": "#misc", - "control": "lain-lain", - "label": "Lain-lain" -} + "faq": { +"path": "#faq", +"control": "faq", +"label": "Most Frequently Asked Questions" + }, + "tbb": { +"path": "#tbb", +"control": "tbb", +"label": "Peramban Tor" + }, + "tormessenger": { +"path": "#tormessenger", +"control": "tormessenger", +"label": "Tor Messenger" + }, + "tormobile": { +"path": "#tormobile", +"control": "tormobile", +"label": "Tor Mobile" + }, + "gettor": { +"path": "#gettor", +"control": "gettor", +"label": "GetTor" + }, + "connecting": { +"path": "#connectingtotor", +"control": "connectingtotor", +"label": "Terhubung ke Tor" + }, + "censorship": { +"path": "#censorship", +"control": "sensor", +"label": "Sensor" + }, + "https": { +"path": "#https", +"control": "https", +"label": "HTTPS" + }, + "operators": { +"path": "#operators", +"control": "operators", +"label": "Operator" + }, + "onionservices": { +"path": "#onionservices", +"control": "onionservices", +"label": "Layanan Onion" + }, + "misc": { +"path": "#misc", +"control": "lain-lain", +"label": "Lain-lain" + } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-topics_completed] Update translations for support-topics_completed
commit 634342be9e3e83ab4d1ae184599300e17508fbda Author: Translation commit bot Date: Mon Jul 30 23:50:13 2018 + Update translations for support-topics_completed --- id.json | 110 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/id.json b/id.json index 2ff7ae3ef..eda0dd777 100644 --- a/id.json +++ b/id.json @@ -1,57 +1,57 @@ { -"faq": { - "path": "#faq", - "control": "faq", - "label": "Most Frequently Asked Questions" -}, -"tbb": { - "path": "#tbb", - "control": "tbb", - "label": "Peramban Tor" -}, -"tormessenger": { - "path": "#tormessenger", - "control": "tormessenger", - "label": "Tor Messenger" -}, -"tormobile": { - "path": "#tormobile", - "control": "tormobile", - "label": "Tor Mobile" -}, -"gettor": { - "path": "#gettor", - "control": "gettor", - "label": "GetTor" -}, -"connecting": { - "path": "#connectingtotor", - "control": "connectingtotor", - "label": "Terhubung ke Tor" -}, -"censorship": { - "path": "#censorship", - "control": "sensor", - "label": "Sensor" -}, -"https": { - "path": "#https", - "control": "https", - "label": "HTTPS" -}, -"operators": { - "path": "#operators", - "control": "operators", - "label": "Operator" -}, -"onionservices": { - "path": "#onionservices", - "control": "onionservices", - "label": "Layanan Onion" -}, -"misc": { - "path": "#misc", - "control": "lain-lain", - "label": "Lain-lain" -} + "faq": { +"path": "#faq", +"control": "faq", +"label": "Most Frequently Asked Questions" + }, + "tbb": { +"path": "#tbb", +"control": "tbb", +"label": "Peramban Tor" + }, + "tormessenger": { +"path": "#tormessenger", +"control": "tormessenger", +"label": "Tor Messenger" + }, + "tormobile": { +"path": "#tormobile", +"control": "tormobile", +"label": "Tor Mobile" + }, + "gettor": { +"path": "#gettor", +"control": "gettor", +"label": "GetTor" + }, + "connecting": { +"path": "#connectingtotor", +"control": "connectingtotor", +"label": "Terhubung ke Tor" + }, + "censorship": { +"path": "#censorship", +"control": "sensor", +"label": "Sensor" + }, + "https": { +"path": "#https", +"control": "https", +"label": "HTTPS" + }, + "operators": { +"path": "#operators", +"control": "operators", +"label": "Operator" + }, + "onionservices": { +"path": "#onionservices", +"control": "onionservices", +"label": "Layanan Onion" + }, + "misc": { +"path": "#misc", +"control": "lain-lain", +"label": "Lain-lain" + } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual_completed] Update translations for tor-browser-manual_completed
commit 0147d141256334509a9f9f190d1bf40d8f2b7551 Author: Translation commit bot Date: Mon Jul 30 23:48:58 2018 + Update translations for tor-browser-manual_completed --- id/id.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/id.po b/id/id.po index 2a8fdfe8c..39e0d0539 100644 --- a/id/id.po +++ b/id/id.po @@ -9,7 +9,7 @@ # hpiece 8 , 2017 # Christian "crse" Elbrianno, 2017 # adhisuryo i , 2017 -# Faisal Bustamam , 2017 +# ical, 2017 # Benyamin Adrianus Dos Santos , 2017 # Dinar Lubis , 2017 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 1e8aeb02510475f872965bb08ccbe844a3e5dece Author: Translation commit bot Date: Mon Jul 30 23:48:50 2018 + Update translations for tor-browser-manual --- id/id.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/id.po b/id/id.po index 2a8fdfe8c..39e0d0539 100644 --- a/id/id.po +++ b/id/id.po @@ -9,7 +9,7 @@ # hpiece 8 , 2017 # Christian "crse" Elbrianno, 2017 # adhisuryo i , 2017 -# Faisal Bustamam , 2017 +# ical, 2017 # Benyamin Adrianus Dos Santos , 2017 # Dinar Lubis , 2017 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [newsletter/master] Newsletter August
commit f7c26bfa89dd023e404dee1f0557411900fc387d Author: hiro Date: Mon Jul 30 23:22:32 2018 +0200 Newsletter August --- .gitignore | 2 + .../contents.lr| 2 +- .../text/contents.lr | 2 +- .../contents.lr| 186 + .../text/contents.lr | 92 ++ databags/footer+en.json| 14 -- databags/menu+en.json | 18 -- 7 files changed, 282 insertions(+), 34 deletions(-) diff --git a/.gitignore b/.gitignore index 295cf02..bdd9d96 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ node_modules +i18n +configs .sass-cache .DS_Store diff --git a/content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/contents.lr b/content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/contents.lr similarity index 99% rename from content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/contents.lr rename to content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/contents.lr index 9fbd282..b727b99 100644 --- a/content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/contents.lr +++ b/content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/contents.lr @@ -6,7 +6,7 @@ author: st...@torproject.org --- pub_date: 2018-06-28 --- -title: Breaking Through Censorship Barriers, Even When Tor Is Blocked +title: Censorship Circumvention, Trackers, Onion Protections, New Releases, Events --- html_body: diff --git a/content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/text/contents.lr b/content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/text/contents.lr similarity index 98% rename from content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/text/contents.lr rename to content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/text/contents.lr index 4b85ea5..15e13d9 100644 --- a/content/archive/breaking-through-censorship-barriers-even-when-tor-is-blocked/text/contents.lr +++ b/content/archive/censorship-circumvention-trackers-onion-protections-new-releases-events/text/contents.lr @@ -6,7 +6,7 @@ author: st...@torproject.org --- pub_date: 2018-06-28 --- -title: Breaking Through Censorship Barriers, Even When Tor Is Blocked +title: Censorship Circumvention, Trackers, Onion Protections, New Releases, Events --- body: diff --git a/content/archive/research-tips-topics-egypt-censorship-report/contents.lr b/content/archive/research-tips-topics-egypt-censorship-report/contents.lr new file mode 100644 index 000..0f36dee --- /dev/null +++ b/content/archive/research-tips-topics-egypt-censorship-report/contents.lr @@ -0,0 +1,186 @@ +_model: post +--- +_template: newsletter.html +--- +author: st...@torproject.org +--- +pub_date: 2018-07-31 +--- +title: Research Tips & Topics, Egypt Censorship Report, HOPE Vid, Events +--- +html_body: + + + + + + + + +https://newsletter.torproject.org";>https://blog.torproject.org/sites/default/files/inline-images/tor-news-logo-560.png"; style="width: 250px; height: 75px;" /> + + + + + + + + + + + + + + + + +The State of Internet Censorship in Egypt + +https://blog.torproject.org/egypt-internet-censorship";>https://blog.torproject.org/sites/default/files/styles/full_width/public/image/eg-image.jpg?itok=83ZycILN"; style="width: 560px; height: 280px;" /> + +A groundbreaking report by OONI and AFTE uncovered anomalies on Egyptian networks including censorship and the hijacking of unencrypted HTTP connections for advertising and cryptocurrency mining. Even UN sites were redirected. + +Also, more than 100 news websites are blocked in Egypt, including Al Jazeera, The Huffington Post Arabic, Mada Masr, Almesryoon, Daily News Egypt, Turk Press and Iran’s Alalam News. + +“The blocking of media organizations’ websites has had a severe impact on their operations, and some have even suspended their work altogether as a result of persisting censorship,” said Mohammad El Taher, director of the AFTE research unit. + +While it’s been known that Egypt has undertaken widespread censorship of websites, this is the first time a comprehensive study of the methods of censorship have been undertaken. https://blog.torproject.org/egypt-internet-censorship";>Find out how Egypt censors. + + +How to Do Effective and Impactful Tor Research + +https://blog.torproject.org/how-do-effective-and-impactful-tor-research";>https://blog.torproject.org/sites/default/files/styles/full_width/public/image/rCvzkXPQ.jpeg?itok=iYQsvjvk"; style="width: 560px; height: 280px;" /> + +As we mentioned in https://blog.torproject.org/tors-open-research-topics-2018-edition";>our previous po
[tor-commits] [metrics-web/master] Add a handful of missing colons.
commit a354a8ef54b0f41115435ca95a3df32727502b67 Author: Karsten Loesing Date: Mon Jul 30 21:05:16 2018 +0200 Add a handful of missing colons. --- src/main/resources/web/jsps/onionoo.jsp | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/resources/web/jsps/onionoo.jsp b/src/main/resources/web/jsps/onionoo.jsp index 8221026..84bc87c 100644 --- a/src/main/resources/web/jsps/onionoo.jsp +++ b/src/main/resources/web/jsps/onionoo.jsp @@ -291,23 +291,23 @@ Extended the "version" parameter to bridges, added a "recommended_version" field to bridge details documents on November 28, 2017. # -5.0 +5.0: Removed the $ from fingerprints in fields "effective_family", "alleged_family", and "indirect_family" on December 20, 2017. # -5.1 +5.1: Always added a relay's own fingerprint to its "effective_family" and made nickname fields "n" in summary documents and "nickname" in details documents required fields on March 14, 2018. # -5.2 +5.2: Added "version_status" field to details documents on April 6, 2018. # -6.0 +6.0: Included all exit addresses in "exit_addresses", regardless of whether they are used as onion-routing addresses or not on April 17, 2018. # -6.1 +6.1: Added a new "os" parameter to filter relays and bridges by operating system, extended the "as" and "country" parameters by a special country code and AS number to return relays that were not found in the ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 2aaba04c1284f4d7bec9c01fc2cdb9be81918b2d Author: Translation commit bot Date: Mon Jul 30 16:46:42 2018 + Update translations for tails-misc --- ca.po | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ca.po b/ca.po index b68aa963e..a813df726 100644 --- a/ca.po +++ b/ca.po @@ -3,7 +3,7 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Aleix Vidal i Gaya , 2014 +# Aleix Vidal i Gaya , 2014,2018 # Assumpta , 2014 # Ecron , 2018 # Eloi GarcÃa i Fargas, 2014 @@ -17,8 +17,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-24 08:44+0800\n" -"PO-Revision-Date: 2018-07-24 03:04+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-07-30 16:37+\n" +"Last-Translator: Aleix Vidal i Gaya \n" "Language-Team: Catalan (http://www.transifex.com/otf/torproject/language/ca/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -80,17 +80,17 @@ msgstr "_Surt" #: config/chroot_local-includes/usr/local/bin/liferea:18 msgid "Liferea is deprecated" -msgstr "" +msgstr "Liferea està obsolet" #: config/chroot_local-includes/usr/local/bin/liferea:19 msgid "Do you wish to start Liferea anyway?" -msgstr "" +msgstr "Voleu iniciar Liferea igualment?" #: config/chroot_local-includes/usr/local/bin/liferea:21 msgid "" "Due to security concerns the Liferea feed reader will be removed from Tails " "by the end of 2018. Please migrate your feeds to Thunderbird." -msgstr "" +msgstr "Per qüestions de seguretat el lector d'agregadors Liferea serà eliminat del Tails cap a finals del 2018. Canvieu els vostres agregadors a Thunderbird." #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:75 msgid "Restart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-topics] Update translations for support-topics
commit de74973a7e09eec8401a0cfc44950abb5414d942 Author: Translation commit bot Date: Mon Jul 30 16:49:58 2018 + Update translations for support-topics --- ca.json | 110 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/ca.json b/ca.json index 5771e3630..117f0679a 100644 --- a/ca.json +++ b/ca.json @@ -1,57 +1,57 @@ { -"faq": { - "path": "#faq", - "control": "faq", - "label": "Preguntes Preguntades Més Frequents" -}, -"tbb": { - "path": "#tbb", - "control": "tbb", - "label": "Tor Browser" -}, -"tormessenger": { - "path": "#tormessenger", - "control": "tormessenger", - "label": "Tor Messenger" -}, -"tormobile": { - "path": "#tormobile", - "control": "tormobile", - "label": "Tor Mobile" -}, -"gettor": { - "path": "#gettor", - "control": "gettor", - "label": "GetTor" -}, -"connecting": { - "path": "#connectingtotor", - "control": "connectingtotor", - "label": "Connexió al Tor" -}, -"censorship": { - "path": "#censorship", - "control": "censorship", - "label": "Censura" -}, -"https": { - "path": "#https", - "control": "https", - "label": "HTTPS" -}, -"operators": { - "path": "#operators", - "control": "operators", - "label": "Operadors" -}, -"onionservices": { - "path": "#onionservices", - "control": "onionservices", - "label": "Onion Services" -}, -"misc": { - "path": "#misc", - "control": "misc", - "label": "Misc" -} + "faq": { +"path": "#faq", +"control": "faq", +"label": "Preguntes Preguntades Més Frequents" + }, + "tbb": { +"path": "#tbb", +"control": "tbb", +"label": "Tor Browser" + }, + "tormessenger": { +"path": "#tormessenger", +"control": "tormessenger", +"label": "Tor Messenger" + }, + "tormobile": { +"path": "#tormobile", +"control": "tormobile", +"label": "Tor Mobile" + }, + "gettor": { +"path": "#gettor", +"control": "gettor", +"label": "GetTor" + }, + "connecting": { +"path": "#connectingtotor", +"control": "connectingtotor", +"label": "Connexió al Tor" + }, + "censorship": { +"path": "#censorship", +"control": "censorship", +"label": "Censura" + }, + "https": { +"path": "#https", +"control": "https", +"label": "HTTPS" + }, + "operators": { +"path": "#operators", +"control": "operators", +"label": "Operadors" + }, + "onionservices": { +"path": "#onionservices", +"control": "onionservices", +"label": "Onion Services" + }, + "misc": { +"path": "#misc", +"control": "miscel·là nia", +"label": "Miscel·là nia" + } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 9539123d9dd4a996346fd2b9d3d93aaece99927d Author: Translation commit bot Date: Mon Jul 30 16:46:46 2018 + Update translations for tails-misc_completed --- ca.po | 28 ++-- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/ca.po b/ca.po index 95e1060ea..a813df726 100644 --- a/ca.po +++ b/ca.po @@ -3,22 +3,22 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Aleix Vidal i Gaya , 2014 +# Aleix Vidal i Gaya , 2014,2018 # Assumpta , 2014 # Ecron , 2018 # Eloi GarcÃa i Fargas, 2014 # Guillem Arias Fauste , 2016 # Humbert , 2014 # laia_, 2014-2016 -# Miquel Bosch , 2018 +# Miquel Bosch, 2018 # Vte A.F , 2017 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-03-12 19:03+0100\n" -"PO-Revision-Date: 2018-04-12 19:07+\n" -"Last-Translator: Ecron \n" +"POT-Creation-Date: 2018-07-24 08:44+0800\n" +"PO-Revision-Date: 2018-07-30 16:37+\n" +"Last-Translator: Aleix Vidal i Gaya \n" "Language-Team: Catalan (http://www.transifex.com/otf/torproject/language/ca/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -34,7 +34,7 @@ msgstr "El Tor està preparat" msgid "You can now access the Internet." msgstr "Ara ja podeu accedir a Internet." -#: config/chroot_local-includes/etc/whisperback/config.py:65 +#: config/chroot_local-includes/etc/whisperback/config.py:66 #, python-format msgid "" "Help us fix your bug!\n" @@ -67,15 +67,31 @@ msgid "Do you want to start Electrum anyway?" msgstr "Voleu iniciar l'Electrum igualment?" #: config/chroot_local-includes/usr/local/bin/electrum:63 +#: config/chroot_local-includes/usr/local/bin/liferea:33 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" msgstr "_Executa" #: config/chroot_local-includes/usr/local/bin/electrum:64 +#: config/chroot_local-includes/usr/local/bin/liferea:32 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" msgstr "_Surt" +#: config/chroot_local-includes/usr/local/bin/liferea:18 +msgid "Liferea is deprecated" +msgstr "Liferea està obsolet" + +#: config/chroot_local-includes/usr/local/bin/liferea:19 +msgid "Do you wish to start Liferea anyway?" +msgstr "Voleu iniciar Liferea igualment?" + +#: config/chroot_local-includes/usr/local/bin/liferea:21 +msgid "" +"Due to security concerns the Liferea feed reader will be removed from Tails " +"by the end of 2018. Please migrate your feeds to Thunderbird." +msgstr "Per qüestions de seguretat el lector d'agregadors Liferea serà eliminat del Tails cap a finals del 2018. Canvieu els vostres agregadors a Thunderbird." + #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:75 msgid "Restart" msgstr "Reinicia" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-tbb] Update translations for support-tbb
commit db40a97910d03e2a7188dbc90cd9265ae5aadbf4 Author: Translation commit bot Date: Mon Jul 30 15:49:43 2018 + Update translations for support-tbb --- pt.json | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pt.json b/pt.json index 1020e63db..3fe356a44 100644 --- a/pt.json +++ b/pt.json @@ -74,7 +74,7 @@ "tbb-12": { "id": "#tbb-12", "control": "tbb-12", - "title": "Can I use Flash in Tor Browser?", + "title": "Eu posso utilizar o Flash no Tor Browser?", "description": "Flash is disabled in Tor Browser, and we recommend you do not enable it. We donât think Flash is safe to use in any browser â it's a very insecure piece of software that can easily compromise your privacy or serve you malware. Fortunately, most websites, devices, and other browsers are moving away from the use of Flash." }, "tbb-13": { @@ -92,7 +92,7 @@ "tbb-15": { "id": "#tbb-15", "control": "tbb-15", - "title": "Can I download Tor Browser for ChromeOS?", + "title": "Eu posso transferir o Tor Browser para o ChromeOS?", "description": "Unfortunately, we don't yet have a version of Tor Browser for ChromeOS." }, "tbb-16": { @@ -164,13 +164,13 @@ "tbb-27": { "id": "#tbb-27", "control": "tbb-27", - "title": "How do I update Tor Browser?", + "title": "Como é que eu atualizo o Tor Browser?", "description": "You can update Tor Browser as soon as a new version is released.Tor Browser will prompt you to update the software once a new version has been released.The Torbutton icon (the little green onion in the top left corner of the browser) will display a yellow triangle.You may see a written indication when Tor Browser opens telling you that an update is available.Card titleCard textTor browser will install the updates.Card titleCard text" }, "tbb-28": { "id": "#tbb-28", "control": "tbb-28", - "title": "How do I uninstall Tor Browser?", + "title": "Como é que eu desinstalo o Tor Browser?", "description": "Removing Tor Browser from your system is simple:Locate your Tor Browser folder or application. The default location on Windows is the Desktop; on macOS it is the Applications folder (on macOS, you have to move it into the Applications folder when you complete the installation process). On Linux, there is no default location, however the folder will be named \"tor-browser_en-US\" if you are running the English Tor Browser.Delete the Tor Browser folder or application.Empty your Trash.Note that your operating systemâs standard \"Uninstall\" utility is not used." }, "tbb-29": { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-topics] Update translations for support-topics
commit ceac5af0fb0d0e7174a9655e770f6b9da9245304 Author: Translation commit bot Date: Mon Jul 30 15:50:01 2018 + Update translations for support-topics --- pt.json | 110 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/pt.json b/pt.json index af01b261c..4aede4554 100644 --- a/pt.json +++ b/pt.json @@ -1,57 +1,57 @@ { -"faq": { - "path": "#faq", - "control": "faq", - "label": "As Perguntas Mais Frequentes" -}, -"tbb": { - "path": "#tbb", - "control": "tbb", - "label": "Tor Browser" -}, -"tormessenger": { - "path": "#tormessenger", - "control": "tormessenger", - "label": "Tor Messenger" -}, -"tormobile": { - "path": "#tormobile", - "control": "tormobile", - "label": "Tor Mobile" -}, -"gettor": { - "path": "#gettor", - "control": "gettor", - "label": "GetTor" -}, -"connecting": { - "path": "#connectingtotor", - "control": "connectingtotor", - "label": "Connecting To Tor" -}, -"censorship": { - "path": "#censorship", - "control": "censorship", - "label": "Censura" -}, -"https": { - "path": "#https", - "control": "https", - "label": "HTTPS" -}, -"operators": { - "path": "#operators", - "control": "operators", - "label": "Operators" -}, -"onionservices": { - "path": "#onionservices", - "control": "onionservices", - "label": "Serviços da Cebola" -}, -"misc": { - "path": "#misc", - "control": "misc", - "label": "Misc" -} + "faq": { +"path": "#faq", +"control": "faq", +"label": "As Perguntas Mais Frequentes" + }, + "tbb": { +"path": "#tbb", +"control": "tbb", +"label": "Tor Browser" + }, + "tormessenger": { +"path": "#tormessenger", +"control": "tormessenger", +"label": "Tor Messenger" + }, + "tormobile": { +"path": "#tormobile", +"control": "tormobile", +"label": "Tor Mobile" + }, + "gettor": { +"path": "#gettor", +"control": "gettor", +"label": "GetTor" + }, + "connecting": { +"path": "#connectingtotor", +"control": "connectingtotor", +"label": "Connecting To Tor" + }, + "censorship": { +"path": "#censorship", +"control": "censura", +"label": "Censura" + }, + "https": { +"path": "#https", +"control": "https", +"label": "HTTPS" + }, + "operators": { +"path": "#operators", +"control": "operadores", +"label": "Operadores" + }, + "onionservices": { +"path": "#onionservices", +"control": "onionservices", +"label": "Serviços da Cebola" + }, + "misc": { +"path": "#misc", +"control": "diversos", +"label": "Diversos" + } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 22b77218ffc43199e001d2f69707645b76160ee7 Author: Translation commit bot Date: Mon Jul 30 14:49:51 2018 + Update translations for support-portal --- contents+es.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contents+es.po b/contents+es.po index a32415c27..9ff43e845 100644 --- a/contents+es.po +++ b/contents+es.po @@ -2292,7 +2292,7 @@ msgstr "" #: http//localhost/tormobile/tormobile-1/ #: (content/tormobile/tormobile-1/contents+en.lrquestion.seo_slug) msgid "run-tor-on-android" -msgstr "ejecutar-tor-para-androides" +msgstr "ejecutar-tor-en-android" #: http//localhost/tormobile/tormobile-2/ #: (content/tormobile/tormobile-2/contents+en.lrquestion.title) @@ -2329,7 +2329,7 @@ msgid "" "Project." msgstr "" "Recomendamos una aplicación para iOS llamada Onion Browser, de código " -"abierto, que usa enrutamiento Tor, y está desarrollada por alguien que " +"abierto, que usa enrutamiento Tor y está desarrollada por alguien que " "trabaja estrechamente con Tor Project." #: http//localhost/tormobile/tormobile-3/ @@ -2979,7 +2979,7 @@ msgstr "no-se-puede-alcanzar-x-onion" #: http//localhost/censorship/censorship-1/ #: (content/censorship/censorship-1/contents+en.lrquestion.seo_slug) msgid "our-website-is-blocked-by-a-censor" -msgstr "nuestr-web-está-bloqueada" +msgstr "nuestra-web-está-bloqueada" #: http//localhost/censorship/censorship-2/ #: (content/censorship/censorship-2/contents+en.lrquestion.description) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 384c9ff077464e4d6173704779f9d09b4646f873 Author: Translation commit bot Date: Mon Jul 30 14:49:57 2018 + Update translations for support-portal_completed --- contents+es.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contents+es.po b/contents+es.po index a32415c27..9ff43e845 100644 --- a/contents+es.po +++ b/contents+es.po @@ -2292,7 +2292,7 @@ msgstr "" #: http//localhost/tormobile/tormobile-1/ #: (content/tormobile/tormobile-1/contents+en.lrquestion.seo_slug) msgid "run-tor-on-android" -msgstr "ejecutar-tor-para-androides" +msgstr "ejecutar-tor-en-android" #: http//localhost/tormobile/tormobile-2/ #: (content/tormobile/tormobile-2/contents+en.lrquestion.title) @@ -2329,7 +2329,7 @@ msgid "" "Project." msgstr "" "Recomendamos una aplicación para iOS llamada Onion Browser, de código " -"abierto, que usa enrutamiento Tor, y está desarrollada por alguien que " +"abierto, que usa enrutamiento Tor y está desarrollada por alguien que " "trabaja estrechamente con Tor Project." #: http//localhost/tormobile/tormobile-3/ @@ -2979,7 +2979,7 @@ msgstr "no-se-puede-alcanzar-x-onion" #: http//localhost/censorship/censorship-1/ #: (content/censorship/censorship-1/contents+en.lrquestion.seo_slug) msgid "our-website-is-blocked-by-a-censor" -msgstr "nuestr-web-está-bloqueada" +msgstr "nuestra-web-está-bloqueada" #: http//localhost/censorship/censorship-2/ #: (content/censorship/censorship-2/contents+en.lrquestion.description) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [onionoo/master] Log less frequently requested parameter combinations.
commit 8ea8ab0fa06c566c66811a9970f5633cfd90d186 Author: Karsten Loesing Date: Sun Jul 29 21:42:57 2018 +0200 Log less frequently requested parameter combinations. Implements the first part of #26919, which is to find out whether the "fingerprint" parameter is used at all. --- CHANGELOG.md | 4 .../java/org/torproject/onionoo/server/MostFrequentString.java | 9 ++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d024d83..f3428c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ - Support a comma-separated list of AS numbers in the "as" parameter. + * Minor changes + - Extend internal statistics to log less frequently requested + resources and parameter combinations without counts. + # Changes in version 6.1-1.15.0 - 2018-07-16 diff --git a/src/main/java/org/torproject/onionoo/server/MostFrequentString.java b/src/main/java/org/torproject/onionoo/server/MostFrequentString.java index 9fa51c7..c677bb5 100644 --- a/src/main/java/org/torproject/onionoo/server/MostFrequentString.java +++ b/src/main/java/org/torproject/onionoo/server/MostFrequentString.java @@ -43,17 +43,20 @@ class MostFrequentString { StringBuilder sb = new StringBuilder(); int stringsToAdd = 3; int written = 0; +SortedSet remainingStrings = new TreeSet<>(); for (Map.Entry> e : sortedFrequencies.entrySet()) { for (String string : e.getValue()) { if (stringsToAdd-- > 0) { sb.append((written++ > 0 ? ", " : "") + string + " (" + e.getKey() + ")"); +} else { + remainingStrings.add(string); } } - if (stringsToAdd == 0) { -break; - } +} +for (String string : remainingStrings) { + sb.append(", ").append(string); } return sb.toString(); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] tor-spec: Clarify padding bytes in VPADDING, PADDING, and DROP cells
commit 42d93671d424d4811fbebc8f283326634db51045 Author: teor Date: Thu Jul 19 13:05:22 2018 +1000 tor-spec: Clarify padding bytes in VPADDING, PADDING, and DROP cells Closes 26870. --- tor-spec.txt | 16 +++- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index 705b159..666bc93 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -420,7 +420,7 @@ see tor-design.pdf. CircID[CIRCID_LEN bytes] Command [1 byte] -Payload (padded with 0 bytes) [PAYLOAD_LEN bytes] +Payload (padded with padding bytes) [PAYLOAD_LEN bytes] On a version 2 or higher connection, all cells are as in version 1 connections, except for variable-length cells, whose format is: @@ -428,7 +428,11 @@ see tor-design.pdf. CircID[CIRCID_LEN octets] Command [1 octet] Length[2 octets; big-endian integer] -Payload [Length bytes] +Payload (some commands MAY pad) [Length bytes] + + Most variable-length cells MAY be padded with padding bytes, except + for VERSIONS cells, which MUST NOT contain any additional bytes. + (The payload of VPADDING cells consists of padding bytes.) On a version 2 connection, variable-length cells are indicated by a command byte equal to 7 ("VERSIONS"). On a version 3 or @@ -467,7 +471,8 @@ see tor-design.pdf. 132 -- AUTHORIZE (Client authorization)(Not yet used) The interpretation of 'Payload' depends on the type of the cell. - PADDING: Payload is unused. + VPADDING/PADDING: + Payload contains padding bytes. CREATE: Payload contains the handshake challenge. CREATED: Payload contains the handshake response. RELAY: Payload contains the relay header and relay body. @@ -838,6 +843,7 @@ see tor-design.pdf. The address format is a type/length/value sequence as given in section 6.4 below, without the final TTL. The timestamp is a big-endian unsigned integer number of seconds since the Unix epoch. + Implementations MUST ignore unexpected bytes at the end of the cell. Implementations MAY use the timestamp value to help decide if their clocks are skewed. Initiators MAY use "other OR's address" to help @@ -1725,8 +1731,8 @@ see tor-design.pdf. Link padding can be created by sending PADDING or VPADDING cells along the connection; relay cells of type "DROP" can be used for - long-range padding. The contents of a PADDING, VPADDING, or DROP - cell SHOULD be chosen randomly, and MUST be ignored. + long-range padding. The payloads of PADDING, VPADDING, or DROP + cells are filled with padding bytes. See Section 3. If the link protocol is version 5 or higher, link level padding is enabled as per padding-spec.txt. On these connections, clients may ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Update spec with SHOULD/MUST behavior for padding bytes
commit 7b1a76c734e186e50858de52675c50468bd8306a Author: Dave Rolek Date: Wed Jul 18 21:00:38 2018 + Update spec with SHOULD/MUST behavior for padding bytes In doing so, specify a general behavior for padding bytes in Section 3 and cross-reference other locations to this, to aid in future consistency. Also clarify a few vague parts of the prior wording. Fixes #26860. --- tor-spec.txt | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index ea195ad..705b159 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -477,7 +477,9 @@ see tor-design.pdf. drop the cell. Since more cell types may be added in the future, ORs should generally not warn when encountering unrecognized commands. - The payload is padded with 0 bytes. + The cell is padded up to the cell length with padding bytes. Senders + SHOULD set padding bytes to NUL and receivers MUST ignore their + value. PADDING cells are currently used to implement connection keepalive. If there is no other traffic, ORs and OPs send one another a PADDING @@ -1479,7 +1481,9 @@ see tor-design.pdf. The 'Length' field of a relay cell contains the number of bytes in the relay payload which contain real payload data. The remainder of - the payload is padded with NUL bytes. + the unencrypted payload is padded with padding bytes. Implementations + handle padding bytes of unencrypted relay cells as they do padding + bytes for other cell types; see Section 3. If the RELAY cell is recognized but the relay command is not understood, the cell must be dropped and ignored. Its contents ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Clarify some places where we meant RELAY to include RELAY_EARLY.
commit 684c46b8222f1ad96971729124cc06cb7fb3773a Author: Nick Mathewson Date: Mon Jul 30 10:13:43 2018 -0400 Clarify some places where we meant RELAY to include RELAY_EARLY. --- tor-spec.txt | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index 4cc38b3..c54b63c 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -476,7 +476,7 @@ see tor-design.pdf. Payload contains padding bytes. CREATE/CREATE2: Payload contains the handshake challenge. CREATED/CREATED2: Payload contains the handshake response. - RELAY: Payload contains the relay header and relay body. + RELAY/RELAY_EARLY: Payload contains the relay header and relay body. DESTROY: Payload contains a reason for closing the circuit. (see 5.4) Upon receiving any other value for the command field, an OR must @@ -491,14 +491,15 @@ see tor-design.pdf. Other variable-length cells: Payload MAY contain padding bytes at the end of the cell. Padding bytes SHOULD be set to NUL. - RELAY: Payload MUST be padded to PAYLOAD_LEN with padding bytes. - Padding bytes SHOULD be set to random values. + RELAY/RELAY_EARLY: Payload MUST be padded to PAYLOAD_LEN with padding + bytes. Padding bytes SHOULD be set to random values. Other fixed-length cells: Payload MUST be padded to PAYLOAD_LEN with padding bytes. Padding bytes SHOULD be set to NUL. - We recommend random padding in RELAY cells, so that cell content is - unpredictable. See proposal 289 for details. For non-RELAY cells, TLS - authenticates cell content, so randomised padding bytes are redundant. + We recommend random padding in RELAY/RELAY_EARLY cells, so that the cell + content is unpredictable. See proposal 289 for details. For other + cells, TLS authenticates cell content, so randomised padding bytes are + redundant. Receivers MUST ignore padding bytes. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] tor-spec: Prop#289: RELAY cell padding should be randomised
commit 46bc41bb1b0c00ec4b898d03f936d5c9d9c3fdef Author: teor Date: Fri Jul 20 11:44:29 2018 +1000 tor-spec: Prop#289: RELAY cell padding should be randomised Updates tor-spec for 26871 --- tor-spec.txt | 21 ++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index 666bc93..114d13c 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -482,9 +482,24 @@ see tor-design.pdf. drop the cell. Since more cell types may be added in the future, ORs should generally not warn when encountering unrecognized commands. - The cell is padded up to the cell length with padding bytes. Senders - SHOULD set padding bytes to NUL and receivers MUST ignore their - value. + The cell is padded up to the cell length with padding bytes. + + Senders set padding bytes depending on the cell's command: + VERSIONS: Payload MUST NOT contain padding bytes. + AUTHORIZE: Payload is unspecified and reserved for future use. + Other variable-length cells: + Payload MAY contain padding bytes at the end of the cell. + Padding bytes SHOULD be set to NUL. + RELAY: Payload MUST be padded to PAYLOAD_LEN with padding bytes. + Padding bytes SHOULD be set to random values. + Other fixed-length cells: + Payload MUST be padded to PAYLOAD_LEN with padding bytes. + Padding bytes SHOULD be set to NUL. + We recommend random padding in RELAY cells, so that cell content is + unpredictable. See proposal 289 for details. For non-RELAY cells, TLS + authenticates cell content, so randomised padding bytes are redundant. + + Receivers MUST ignore padding bytes. PADDING cells are currently used to implement connection keepalive. If there is no other traffic, ORs and OPs send one another a PADDING ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Merge branch '26228-padding-bytes_squashed'
commit 608c4a2b8be043a840c64b6f59f5cbfa48fae33b Merge: 54ef5f2 46bc41b Author: Nick Mathewson Date: Mon Jul 30 10:10:53 2018 -0400 Merge branch '26228-padding-bytes_squashed' tor-spec.txt | 39 --- 1 file changed, 32 insertions(+), 7 deletions(-) diff --cc tor-spec.txt index 02bb9ae,114d13c..4cc38b3 --- a/tor-spec.txt +++ b/tor-spec.txt @@@ -468,9 -471,10 +472,10 @@@ see tor-design.pdf 132 -- AUTHORIZE (Client authorization)(Not yet used) The interpretation of 'Payload' depends on the type of the cell. - PADDING: Payload is unused. + VPADDING/PADDING: +Payload contains padding bytes. - CREATE: Payload contains the handshake challenge. - CREATED: Payload contains the handshake response. + CREATE/CREATE2: Payload contains the handshake challenge. + CREATED/CREATED2: Payload contains the handshake response. RELAY: Payload contains the relay header and relay body. DESTROY: Payload contains a reason for closing the circuit. (see 5.4) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket26890'
commit 70b16bc679435c5168d7d8f47a36d72bff24c0d8 Merge: ba1bb90a7 c515dc8d0 Author: Nick Mathewson Date: Mon Jul 30 09:08:39 2018 -0400 Merge branch 'ticket26890' src/lib/log/util_bug.c | 4 src/lib/log/util_bug.h | 3 +-- 2 files changed, 1 insertion(+), 6 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove a now-obsolete comment about deadcode_dummy__
commit acb54dee7bd247ae2d631de5a0d63d246574d479 Author: Nick Mathewson Date: Mon Jul 30 09:09:10 2018 -0400 Remove a now-obsolete comment about deadcode_dummy__ --- src/lib/log/util_bug.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 2ef5be8d3..44a4f8381 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -89,8 +89,6 @@ #undef BUG // Coverity defines this in global headers; let's override it. This is a // magic coverity-only preprocessor thing. -// We use this "deadcode_dummy__" trick to prevent coverity from -// complaining about unreachable bug cases. #nodef BUG(x) (x) #endif /* defined(__COVERITY__) */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove over-cleverness from our coverity BUG() definition.
commit c515dc8d0d17b9ce5e8c4f31ba2bd58c15fb90bf Author: Nick Mathewson Date: Fri Jul 20 11:18:11 2018 -0400 Remove over-cleverness from our coverity BUG() definition. Our previous definition implied that code would never keep running if a BUG occurred (which it does), and that BUG(x) might be true even if x was false (which it can't be). Closes ticket 26890. Bugfix on 0.3.1.4-alpha. --- src/lib/log/util_bug.c | 4 src/lib/log/util_bug.h | 3 +-- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/lib/log/util_bug.c b/src/lib/log/util_bug.c index 42b3670a7..b23f4edc9 100644 --- a/src/lib/log/util_bug.c +++ b/src/lib/log/util_bug.c @@ -20,10 +20,6 @@ #include -#ifdef __COVERITY__ -int bug_macro_deadcode_dummy__ = 0; -#endif - #ifdef TOR_UNIT_TESTS static void (*failed_assertion_cb)(void) = NULL; static int n_bugs_to_capture = 0; diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 61ee60f72..2ef5be8d3 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -86,13 +86,12 @@ */ #ifdef __COVERITY__ -extern int bug_macro_deadcode_dummy__; #undef BUG // Coverity defines this in global headers; let's override it. This is a // magic coverity-only preprocessor thing. // We use this "deadcode_dummy__" trick to prevent coverity from // complaining about unreachable bug cases. -#nodef BUG(x) ((x)?(__coverity_panic__(),1):(0+bug_macro_deadcode_dummy__)) +#nodef BUG(x) (x) #endif /* defined(__COVERITY__) */ #if defined(__COVERITY__) || defined(__clang_analyzer__) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3
commit 4f854dbdc2f3ade1b6c0cb610907fe1ad085f9ca Merge: a159eaf45 3821081a5 Author: Nick Mathewson Date: Mon Jul 30 09:01:45 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 21babc8d3f138be94336cad40168390ed9509793 Merge: 7d66ec0fe 4f854dbdc Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Stop putting unsupported ed25519 link auth in v3 onion service descs
commit 3821081a550efc090bb6c583041e1b26a2db72b5 Author: teor Date: Tue Jul 24 18:22:41 2018 +1000 Stop putting unsupported ed25519 link auth in v3 onion service descs Stop putting ed25519 link specifiers in v3 onion service descriptors, when the intro point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627 | 3 +++ src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 index a46038f72..d28bd05d5 100644 --- a/changes/bug26627 +++ b/changes/bug26627 @@ -2,3 +2,6 @@ - Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. +- Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index c31f8bbf6..21d24 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -376,17 +376,21 @@ service_intro_point_free_void(void *obj) } /* Return a newly allocated service intro point and fully initialized from the - * given extend_info_t ei if non NULL. If is_legacy is true, we also generate - * the legacy key. On error, NULL is returned. + * given extend_info_t ei if non NULL. + * If is_legacy is true, we also generate the legacy key. + * If supports_ed25519_link_handshake_any is true, we add the relay's ed25519 + * key to the link specifiers. * * If ei is NULL, returns a hs_service_intro_point_t with an empty link * specifier list and no onion key. (This is used for testing.) + * On any other error, NULL is returned. * * ei must be an extend_info_t containing an IPv4 address. (We will add supoort * for IPv6 in a later release.) When calling extend_info_from_node(), pass * 0 in for_direct_connection to make sure ei always has an IPv4 address. */ STATIC hs_service_intro_point_t * -service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) +service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any) { hs_desc_link_specifier_t *ls; hs_service_intro_point_t *ip; @@ -453,10 +457,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) } smartlist_add(ip->base.link_specifiers, ls); - /* ed25519 identity key is optional for intro points */ - ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - if (ls) { -smartlist_add(ip->base.link_specifiers, ls); + /* ed25519 identity key is optional for intro points. If the node supports + * ed25519 link authentication, we include it. */ + if (supports_ed25519_link_handshake_any) { +ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); +if (ls) { + smartlist_add(ip->base.link_specifiers, ls); +} } /* IPv6 is not supported in this release. */ @@ -1586,8 +1593,12 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); } - /* Create our objects and populate them with the node information. */ - ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node)); + /* Create our objects and populate them with the node information. + * We don't care if the intro's link auth is compatible with us, because + * we are sending the ed25519 key to a remote client via the descriptor. */ + ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node), + node_supports_ed25519_link_authentication(node, + 0)); if (ip == NULL) { goto err; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index d163eeef2..f3cd49e07 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -307,8 +307,9 @@ STATIC void remove_service(hs_service_ht *map, hs_service_t *service); STATIC int register_service(hs_service_ht *map, hs_service_t *service); /* Service introduction point functions. */ STATIC hs_service_intro_point_t *service_intro_point_new( - const extend_info_t *ei, - unsigned int is_legacy); +const extend_info_t *ei, +unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any); STATIC void service_intro_point_free_(hs_service_intro_point_t *ip); #define service_intro_point_free(ip)
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.4' into release-0.3.4
commit 56fd0249f288998a81d00456416e2e42dea1e246 Merge: 1a57de97a 21babc8d3 Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.4' into release-0.3.4 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Stop putting unsupported ed25519 link auth in v3 onion service descs
commit 3821081a550efc090bb6c583041e1b26a2db72b5 Author: teor Date: Tue Jul 24 18:22:41 2018 +1000 Stop putting unsupported ed25519 link auth in v3 onion service descs Stop putting ed25519 link specifiers in v3 onion service descriptors, when the intro point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627 | 3 +++ src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 index a46038f72..d28bd05d5 100644 --- a/changes/bug26627 +++ b/changes/bug26627 @@ -2,3 +2,6 @@ - Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. +- Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index c31f8bbf6..21d24 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -376,17 +376,21 @@ service_intro_point_free_void(void *obj) } /* Return a newly allocated service intro point and fully initialized from the - * given extend_info_t ei if non NULL. If is_legacy is true, we also generate - * the legacy key. On error, NULL is returned. + * given extend_info_t ei if non NULL. + * If is_legacy is true, we also generate the legacy key. + * If supports_ed25519_link_handshake_any is true, we add the relay's ed25519 + * key to the link specifiers. * * If ei is NULL, returns a hs_service_intro_point_t with an empty link * specifier list and no onion key. (This is used for testing.) + * On any other error, NULL is returned. * * ei must be an extend_info_t containing an IPv4 address. (We will add supoort * for IPv6 in a later release.) When calling extend_info_from_node(), pass * 0 in for_direct_connection to make sure ei always has an IPv4 address. */ STATIC hs_service_intro_point_t * -service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) +service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any) { hs_desc_link_specifier_t *ls; hs_service_intro_point_t *ip; @@ -453,10 +457,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) } smartlist_add(ip->base.link_specifiers, ls); - /* ed25519 identity key is optional for intro points */ - ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - if (ls) { -smartlist_add(ip->base.link_specifiers, ls); + /* ed25519 identity key is optional for intro points. If the node supports + * ed25519 link authentication, we include it. */ + if (supports_ed25519_link_handshake_any) { +ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); +if (ls) { + smartlist_add(ip->base.link_specifiers, ls); +} } /* IPv6 is not supported in this release. */ @@ -1586,8 +1593,12 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); } - /* Create our objects and populate them with the node information. */ - ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node)); + /* Create our objects and populate them with the node information. + * We don't care if the intro's link auth is compatible with us, because + * we are sending the ed25519 key to a remote client via the descriptor. */ + ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node), + node_supports_ed25519_link_authentication(node, + 0)); if (ip == NULL) { goto err; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index d163eeef2..f3cd49e07 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -307,8 +307,9 @@ STATIC void remove_service(hs_service_ht *map, hs_service_t *service); STATIC int register_service(hs_service_ht *map, hs_service_t *service); /* Service introduction point functions. */ STATIC hs_service_intro_point_t *service_intro_point_new( - const extend_info_t *ei, - unsigned int is_legacy); +const extend_info_t *ei, +unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any); STATIC void service_intro_point_free_(hs_service_intro_point_t *ip); #define service_intro_point_free(ip)
[tor-commits] [tor/release-0.3.4] Stop sending unsupported ed25519 link specifiers in v3 introduce cells
commit a99920c7d4ace4d87f6876ab3aaef79ee1aff509 Author: teor Date: Fri Jul 6 16:06:44 2018 +1000 Stop sending unsupported ed25519 link specifiers in v3 introduce cells Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627| 4 src/or/hs_circuit.c | 20 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0..a46038f72 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,4 @@ + o Minor bugfixes (v3 onion services): +- Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 3a674f622..0aa19 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) return; } -/* Add all possible link specifiers in node to lspecs. - * legacy ID is mandatory thus MUST be present in node. If the primary address - * is not IPv4, log a BUG() warning, and return an empty smartlist. - * Includes ed25519 id and IPv6 link specifiers if present in the node. */ +/* Add all possible link specifiers in node to lspecs: + * - legacy ID is mandatory thus MUST be present in node; + * - include ed25519 link specifier if present in the node, and the node + *supports ed25519 link authentication, even if its link versions are not + *compatible with us; + * - include IPv4 link specifier, if the primary address is not IPv4, log a + *BUG() warning, and return an empty smartlist; + * - include IPv6 link specifier if present in the node. */ static void get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) { @@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls)); smartlist_add(lspecs, ls); - /* ed25519 ID is only included if the node has it. */ - if (!ed25519_public_key_is_zero(&node->ed25519_id)) { + /* ed25519 ID is only included if the node has it, and the node declares a + protocol version that supports ed25519 link authentication, even if that + link version is not compatible with us. (We are sending the ed25519 key + to another tor, which may support different link versions.) */ + if (!ed25519_public_key_is_zero(&node->ed25519_id) && + node_supports_ed25519_link_authentication(node, 0)) { ls = link_specifier_new(); link_specifier_set_ls_type(ls, LS_ED25519_ID); memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3
commit 524f0cd367f93edca8c5dbf474f63069149640dc Merge: 1a646880d 4f854dbdc Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.3' into release-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.4'
commit ba1bb90a726ead9a5bb8a8fa6f14d31b06822258 Merge: 3a6bd2144 21babc8d3 Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.4' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Stop sending unsupported ed25519 link specifiers in v3 introduce cells
commit a99920c7d4ace4d87f6876ab3aaef79ee1aff509 Author: teor Date: Fri Jul 6 16:06:44 2018 +1000 Stop sending unsupported ed25519 link specifiers in v3 introduce cells Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627| 4 src/or/hs_circuit.c | 20 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0..a46038f72 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,4 @@ + o Minor bugfixes (v3 onion services): +- Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 3a674f622..0aa19 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) return; } -/* Add all possible link specifiers in node to lspecs. - * legacy ID is mandatory thus MUST be present in node. If the primary address - * is not IPv4, log a BUG() warning, and return an empty smartlist. - * Includes ed25519 id and IPv6 link specifiers if present in the node. */ +/* Add all possible link specifiers in node to lspecs: + * - legacy ID is mandatory thus MUST be present in node; + * - include ed25519 link specifier if present in the node, and the node + *supports ed25519 link authentication, even if its link versions are not + *compatible with us; + * - include IPv4 link specifier, if the primary address is not IPv4, log a + *BUG() warning, and return an empty smartlist; + * - include IPv6 link specifier if present in the node. */ static void get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) { @@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls)); smartlist_add(lspecs, ls); - /* ed25519 ID is only included if the node has it. */ - if (!ed25519_public_key_is_zero(&node->ed25519_id)) { + /* ed25519 ID is only included if the node has it, and the node declares a + protocol version that supports ed25519 link authentication, even if that + link version is not compatible with us. (We are sending the ed25519 key + to another tor, which may support different link versions.) */ + if (!ed25519_public_key_is_zero(&node->ed25519_id) && + node_supports_ed25519_link_authentication(node, 0)) { ls = link_specifier_new(); link_specifier_set_ls_type(ls, LS_ED25519_ID); memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 21babc8d3f138be94336cad40168390ed9509793 Merge: 7d66ec0fe 4f854dbdc Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'teor/bug26627_033_merged_master'
commit 3a6bd21440fb435bbfc2ff809e06ebe364252628 Merge: 49d8a2109 fc4d08e26 Author: Nick Mathewson Date: Mon Jul 30 09:01:55 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033_merged_master' changes/bug26627 | 7 +++ src/feature/hs/hs_circuit.c | 20 ++-- src/feature/hs/hs_service.c | 29 - src/feature/hs/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3
commit 4f854dbdc2f3ade1b6c0cb610907fe1ad085f9ca Merge: a159eaf45 3821081a5 Author: Nick Mathewson Date: Mon Jul 30 09:01:45 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Stop putting unsupported ed25519 link auth in v3 onion service descs
commit 3821081a550efc090bb6c583041e1b26a2db72b5 Author: teor Date: Tue Jul 24 18:22:41 2018 +1000 Stop putting unsupported ed25519 link auth in v3 onion service descs Stop putting ed25519 link specifiers in v3 onion service descriptors, when the intro point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627 | 3 +++ src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 index a46038f72..d28bd05d5 100644 --- a/changes/bug26627 +++ b/changes/bug26627 @@ -2,3 +2,6 @@ - Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. +- Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index c31f8bbf6..21d24 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -376,17 +376,21 @@ service_intro_point_free_void(void *obj) } /* Return a newly allocated service intro point and fully initialized from the - * given extend_info_t ei if non NULL. If is_legacy is true, we also generate - * the legacy key. On error, NULL is returned. + * given extend_info_t ei if non NULL. + * If is_legacy is true, we also generate the legacy key. + * If supports_ed25519_link_handshake_any is true, we add the relay's ed25519 + * key to the link specifiers. * * If ei is NULL, returns a hs_service_intro_point_t with an empty link * specifier list and no onion key. (This is used for testing.) + * On any other error, NULL is returned. * * ei must be an extend_info_t containing an IPv4 address. (We will add supoort * for IPv6 in a later release.) When calling extend_info_from_node(), pass * 0 in for_direct_connection to make sure ei always has an IPv4 address. */ STATIC hs_service_intro_point_t * -service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) +service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any) { hs_desc_link_specifier_t *ls; hs_service_intro_point_t *ip; @@ -453,10 +457,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) } smartlist_add(ip->base.link_specifiers, ls); - /* ed25519 identity key is optional for intro points */ - ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - if (ls) { -smartlist_add(ip->base.link_specifiers, ls); + /* ed25519 identity key is optional for intro points. If the node supports + * ed25519 link authentication, we include it. */ + if (supports_ed25519_link_handshake_any) { +ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); +if (ls) { + smartlist_add(ip->base.link_specifiers, ls); +} } /* IPv6 is not supported in this release. */ @@ -1586,8 +1593,12 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); } - /* Create our objects and populate them with the node information. */ - ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node)); + /* Create our objects and populate them with the node information. + * We don't care if the intro's link auth is compatible with us, because + * we are sending the ed25519 key to a remote client via the descriptor. */ + ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node), + node_supports_ed25519_link_authentication(node, + 0)); if (ip == NULL) { goto err; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index d163eeef2..f3cd49e07 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -307,8 +307,9 @@ STATIC void remove_service(hs_service_ht *map, hs_service_t *service); STATIC int register_service(hs_service_ht *map, hs_service_t *service); /* Service introduction point functions. */ STATIC hs_service_intro_point_t *service_intro_point_new( - const extend_info_t *ei, - unsigned int is_legacy); +const extend_info_t *ei, +unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any); STATIC void service_intro_point_free_(hs_service_intro_point_t *ip); #define service_intro_point_free(ip)
[tor-commits] [tor/maint-0.3.3] Stop sending unsupported ed25519 link specifiers in v3 introduce cells
commit a99920c7d4ace4d87f6876ab3aaef79ee1aff509 Author: teor Date: Fri Jul 6 16:06:44 2018 +1000 Stop sending unsupported ed25519 link specifiers in v3 introduce cells Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627| 4 src/or/hs_circuit.c | 20 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0..a46038f72 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,4 @@ + o Minor bugfixes (v3 onion services): +- Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 3a674f622..0aa19 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) return; } -/* Add all possible link specifiers in node to lspecs. - * legacy ID is mandatory thus MUST be present in node. If the primary address - * is not IPv4, log a BUG() warning, and return an empty smartlist. - * Includes ed25519 id and IPv6 link specifiers if present in the node. */ +/* Add all possible link specifiers in node to lspecs: + * - legacy ID is mandatory thus MUST be present in node; + * - include ed25519 link specifier if present in the node, and the node + *supports ed25519 link authentication, even if its link versions are not + *compatible with us; + * - include IPv4 link specifier, if the primary address is not IPv4, log a + *BUG() warning, and return an empty smartlist; + * - include IPv6 link specifier if present in the node. */ static void get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) { @@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls)); smartlist_add(lspecs, ls); - /* ed25519 ID is only included if the node has it. */ - if (!ed25519_public_key_is_zero(&node->ed25519_id)) { + /* ed25519 ID is only included if the node has it, and the node declares a + protocol version that supports ed25519 link authentication, even if that + link version is not compatible with us. (We are sending the ed25519 key + to another tor, which may support different link versions.) */ + if (!ed25519_public_key_is_zero(&node->ed25519_id) && + node_supports_ed25519_link_authentication(node, 0)) { ls = link_specifier_new(); link_specifier_set_ls_type(ls, LS_ED25519_ID); memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Stop sending unsupported ed25519 link specifiers in v3 introduce cells
commit a99920c7d4ace4d87f6876ab3aaef79ee1aff509 Author: teor Date: Fri Jul 6 16:06:44 2018 +1000 Stop sending unsupported ed25519 link specifiers in v3 introduce cells Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627| 4 src/or/hs_circuit.c | 20 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0..a46038f72 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,4 @@ + o Minor bugfixes (v3 onion services): +- Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 3a674f622..0aa19 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) return; } -/* Add all possible link specifiers in node to lspecs. - * legacy ID is mandatory thus MUST be present in node. If the primary address - * is not IPv4, log a BUG() warning, and return an empty smartlist. - * Includes ed25519 id and IPv6 link specifiers if present in the node. */ +/* Add all possible link specifiers in node to lspecs: + * - legacy ID is mandatory thus MUST be present in node; + * - include ed25519 link specifier if present in the node, and the node + *supports ed25519 link authentication, even if its link versions are not + *compatible with us; + * - include IPv4 link specifier, if the primary address is not IPv4, log a + *BUG() warning, and return an empty smartlist; + * - include IPv6 link specifier if present in the node. */ static void get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) { @@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls)); smartlist_add(lspecs, ls); - /* ed25519 ID is only included if the node has it. */ - if (!ed25519_public_key_is_zero(&node->ed25519_id)) { + /* ed25519 ID is only included if the node has it, and the node declares a + protocol version that supports ed25519 link authentication, even if that + link version is not compatible with us. (We are sending the ed25519 key + to another tor, which may support different link versions.) */ + if (!ed25519_public_key_is_zero(&node->ed25519_id) && + node_supports_ed25519_link_authentication(node, 0)) { ls = link_specifier_new(); link_specifier_set_ls_type(ls, LS_ED25519_ID); memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3
commit 4f854dbdc2f3ade1b6c0cb610907fe1ad085f9ca Merge: a159eaf45 3821081a5 Author: Nick Mathewson Date: Mon Jul 30 09:01:45 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3
commit 4f854dbdc2f3ade1b6c0cb610907fe1ad085f9ca Merge: a159eaf45 3821081a5 Author: Nick Mathewson Date: Mon Jul 30 09:01:45 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] Stop putting unsupported ed25519 link auth in v3 onion service descs
commit 3821081a550efc090bb6c583041e1b26a2db72b5 Author: teor Date: Tue Jul 24 18:22:41 2018 +1000 Stop putting unsupported ed25519 link auth in v3 onion service descs Stop putting ed25519 link specifiers in v3 onion service descriptors, when the intro point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627 | 3 +++ src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 index a46038f72..d28bd05d5 100644 --- a/changes/bug26627 +++ b/changes/bug26627 @@ -2,3 +2,6 @@ - Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. +- Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index c31f8bbf6..21d24 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -376,17 +376,21 @@ service_intro_point_free_void(void *obj) } /* Return a newly allocated service intro point and fully initialized from the - * given extend_info_t ei if non NULL. If is_legacy is true, we also generate - * the legacy key. On error, NULL is returned. + * given extend_info_t ei if non NULL. + * If is_legacy is true, we also generate the legacy key. + * If supports_ed25519_link_handshake_any is true, we add the relay's ed25519 + * key to the link specifiers. * * If ei is NULL, returns a hs_service_intro_point_t with an empty link * specifier list and no onion key. (This is used for testing.) + * On any other error, NULL is returned. * * ei must be an extend_info_t containing an IPv4 address. (We will add supoort * for IPv6 in a later release.) When calling extend_info_from_node(), pass * 0 in for_direct_connection to make sure ei always has an IPv4 address. */ STATIC hs_service_intro_point_t * -service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) +service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any) { hs_desc_link_specifier_t *ls; hs_service_intro_point_t *ip; @@ -453,10 +457,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) } smartlist_add(ip->base.link_specifiers, ls); - /* ed25519 identity key is optional for intro points */ - ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - if (ls) { -smartlist_add(ip->base.link_specifiers, ls); + /* ed25519 identity key is optional for intro points. If the node supports + * ed25519 link authentication, we include it. */ + if (supports_ed25519_link_handshake_any) { +ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); +if (ls) { + smartlist_add(ip->base.link_specifiers, ls); +} } /* IPv6 is not supported in this release. */ @@ -1586,8 +1593,12 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); } - /* Create our objects and populate them with the node information. */ - ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node)); + /* Create our objects and populate them with the node information. + * We don't care if the intro's link auth is compatible with us, because + * we are sending the ed25519 key to a remote client via the descriptor. */ + ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node), + node_supports_ed25519_link_authentication(node, + 0)); if (ip == NULL) { goto err; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index d163eeef2..f3cd49e07 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -307,8 +307,9 @@ STATIC void remove_service(hs_service_ht *map, hs_service_t *service); STATIC int register_service(hs_service_ht *map, hs_service_t *service); /* Service introduction point functions. */ STATIC hs_service_intro_point_t *service_intro_point_new( - const extend_info_t *ei, - unsigned int is_legacy); +const extend_info_t *ei, +unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any); STATIC void service_intro_point_free_(hs_service_intro_point_t *ip); #define service_intro_point_free(ip)
[tor-commits] [tor/maint-0.3.4] Stop putting unsupported ed25519 link auth in v3 onion service descs
commit 3821081a550efc090bb6c583041e1b26a2db72b5 Author: teor Date: Tue Jul 24 18:22:41 2018 +1000 Stop putting unsupported ed25519 link auth in v3 onion service descs Stop putting ed25519 link specifiers in v3 onion service descriptors, when the intro point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627 | 3 +++ src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 index a46038f72..d28bd05d5 100644 --- a/changes/bug26627 +++ b/changes/bug26627 @@ -2,3 +2,6 @@ - Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. +- Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index c31f8bbf6..21d24 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -376,17 +376,21 @@ service_intro_point_free_void(void *obj) } /* Return a newly allocated service intro point and fully initialized from the - * given extend_info_t ei if non NULL. If is_legacy is true, we also generate - * the legacy key. On error, NULL is returned. + * given extend_info_t ei if non NULL. + * If is_legacy is true, we also generate the legacy key. + * If supports_ed25519_link_handshake_any is true, we add the relay's ed25519 + * key to the link specifiers. * * If ei is NULL, returns a hs_service_intro_point_t with an empty link * specifier list and no onion key. (This is used for testing.) + * On any other error, NULL is returned. * * ei must be an extend_info_t containing an IPv4 address. (We will add supoort * for IPv6 in a later release.) When calling extend_info_from_node(), pass * 0 in for_direct_connection to make sure ei always has an IPv4 address. */ STATIC hs_service_intro_point_t * -service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) +service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any) { hs_desc_link_specifier_t *ls; hs_service_intro_point_t *ip; @@ -453,10 +457,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) } smartlist_add(ip->base.link_specifiers, ls); - /* ed25519 identity key is optional for intro points */ - ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - if (ls) { -smartlist_add(ip->base.link_specifiers, ls); + /* ed25519 identity key is optional for intro points. If the node supports + * ed25519 link authentication, we include it. */ + if (supports_ed25519_link_handshake_any) { +ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); +if (ls) { + smartlist_add(ip->base.link_specifiers, ls); +} } /* IPv6 is not supported in this release. */ @@ -1586,8 +1593,12 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); } - /* Create our objects and populate them with the node information. */ - ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node)); + /* Create our objects and populate them with the node information. + * We don't care if the intro's link auth is compatible with us, because + * we are sending the ed25519 key to a remote client via the descriptor. */ + ip = service_intro_point_new(info, !node_supports_ed25519_hs_intro(node), + node_supports_ed25519_link_authentication(node, + 0)); if (ip == NULL) { goto err; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index d163eeef2..f3cd49e07 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -307,8 +307,9 @@ STATIC void remove_service(hs_service_ht *map, hs_service_t *service); STATIC int register_service(hs_service_ht *map, hs_service_t *service); /* Service introduction point functions. */ STATIC hs_service_intro_point_t *service_intro_point_new( - const extend_info_t *ei, - unsigned int is_legacy); +const extend_info_t *ei, +unsigned int is_legacy, +unsigned int supports_ed25519_link_handshake_any); STATIC void service_intro_point_free_(hs_service_intro_point_t *ip); #define service_intro_point_free(ip)
[tor-commits] [tor/maint-0.3.4] Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3
commit 4f854dbdc2f3ade1b6c0cb610907fe1ad085f9ca Merge: a159eaf45 3821081a5 Author: Nick Mathewson Date: Mon Jul 30 09:01:45 2018 -0400 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Stop sending unsupported ed25519 link specifiers in v3 introduce cells
commit a99920c7d4ace4d87f6876ab3aaef79ee1aff509 Author: teor Date: Fri Jul 6 16:06:44 2018 +1000 Stop sending unsupported ed25519 link specifiers in v3 introduce cells Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. --- changes/bug26627| 4 src/or/hs_circuit.c | 20 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0..a46038f72 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,4 @@ + o Minor bugfixes (v3 onion services): +- Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 3a674f622..0aa19 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) return; } -/* Add all possible link specifiers in node to lspecs. - * legacy ID is mandatory thus MUST be present in node. If the primary address - * is not IPv4, log a BUG() warning, and return an empty smartlist. - * Includes ed25519 id and IPv6 link specifiers if present in the node. */ +/* Add all possible link specifiers in node to lspecs: + * - legacy ID is mandatory thus MUST be present in node; + * - include ed25519 link specifier if present in the node, and the node + *supports ed25519 link authentication, even if its link versions are not + *compatible with us; + * - include IPv4 link specifier, if the primary address is not IPv4, log a + *BUG() warning, and return an empty smartlist; + * - include IPv6 link specifier if present in the node. */ static void get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) { @@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs) link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls)); smartlist_add(lspecs, ls); - /* ed25519 ID is only included if the node has it. */ - if (!ed25519_public_key_is_zero(&node->ed25519_id)) { + /* ed25519 ID is only included if the node has it, and the node declares a + protocol version that supports ed25519 link authentication, even if that + link version is not compatible with us. (We are sending the ed25519 key + to another tor, which may support different link versions.) */ + if (!ed25519_public_key_is_zero(&node->ed25519_id) && + node_supports_ed25519_link_authentication(node, 0)) { ls = link_specifier_new(); link_specifier_set_ls_type(ls, LS_ED25519_ID); memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 21babc8d3f138be94336cad40168390ed9509793 Merge: 7d66ec0fe 4f854dbdc Author: Nick Mathewson Date: Mon Jul 30 09:01:59 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26627 | 7 +++ src/or/hs_circuit.c | 20 ++-- src/or/hs_service.c | 29 - src/or/hs_service.h | 5 +++-- src/test/test_hs_cell.c | 4 ++-- src/test/test_hs_intropoint.c | 4 ++-- src/test/test_hs_service.c| 2 +- 7 files changed, 49 insertions(+), 22 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] New manpage for tor-print-ed-signing-cert
commit 121f3dc27ce16d1be6676fd67aff8dc203acf8b7 Author: rl1987 Date: Fri Jun 22 13:34:40 2018 +0300 New manpage for tor-print-ed-signing-cert --- doc/include.am | 6 +- doc/tor-print-ed-signing-cert.1.txt | 32 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/doc/include.am b/doc/include.am index e429d05a4..3e3b8e612 100644 --- a/doc/include.am +++ b/doc/include.am @@ -12,7 +12,7 @@ # part of the source distribution, so that people without asciidoc can # just use the .1 and .html files. -all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify +all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify doc/tor-print-ed-signing-cert if USE_ASCIIDOC nodist_man1_MANS = $(all_mans:=.1) @@ -64,11 +64,13 @@ doc/tor.1.in: doc/tor.1.txt doc/torify.1.in: doc/torify.1.txt doc/tor-gencert.1.in: doc/tor-gencert.1.txt doc/tor-resolve.1.in: doc/tor-resolve.1.txt +doc/tor-print-ed-signing-cert.1.in: doc/tor-print-ed-signing-cert.1.txt doc/tor.html.in: doc/tor.1.txt doc/torify.html.in: doc/torify.1.txt doc/tor-gencert.html.in: doc/tor-gencert.1.txt doc/tor-resolve.html.in: doc/tor-resolve.1.txt +doc/tor-print-ed-signing-cert.html.in: doc/tor-print-ed-signing-cert.1.txt # use config.status to swap all machine-specific magic strings # in the asciidoc with their replacements. @@ -82,11 +84,13 @@ $(asciidoc_product) : doc/tor.html: doc/tor.html.in doc/tor-gencert.html: doc/tor-gencert.html.in doc/tor-resolve.html: doc/tor-resolve.html.in +doc/tor-print-ed-signing-cert.html: doc/tor-print-ed-signing-cert.html.in doc/torify.html: doc/torify.html.in doc/tor.1: doc/tor.1.in doc/tor-gencert.1: doc/tor-gencert.1.in doc/tor-resolve.1: doc/tor-resolve.1.in +doc/tor-print-ed-signing-cert.1: doc/tor-print-ed-signing-cert.1.in doc/torify.1: doc/torify.1.in CLEANFILES+= $(asciidoc_product) diff --git a/doc/tor-print-ed-signing-cert.1.txt b/doc/tor-print-ed-signing-cert.1.txt new file mode 100644 index 0..1a3109df9 --- /dev/null +++ b/doc/tor-print-ed-signing-cert.1.txt @@ -0,0 +1,32 @@ +// Copyright (c) The Tor Project, Inc. +// See LICENSE for licensing information +// This is an asciidoc file used to generate the manpage/html reference. +// Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html +:man source: Tor +:man manual: Tor Manual +tor-print-ed-signing-cert(1) + +Tor Project, Inc. + +NAME + +tor-print-ed-signing-cert - print expiration date of ed25519 signing certificate + +SYNOPSIS + +**tor-print-ed-signing-cert** + +DESCRIPTION +--- +**tor-print-ed-signing-cert** is utility program for Tor relay operators to +check expiration date of ed25519 signing certificate. + +SEE ALSO + +**tor**(1) + + +https://spec.torproject.org/cert-spec + +AUTHORS +--- +Roger Dingledine , Nick Mathewson . ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'rl1987/feature19506_3'
commit ff593ae8781941bfe035d43ded5c18eb772ac486 Merge: 13393b2d9 abc0a72fd Author: Nick Mathewson Date: Mon Jul 30 08:55:57 2018 -0400 Merge remote-tracking branch 'rl1987/feature19506_3' .gitignore| 7 changes/feature19506 | 3 ++ doc/include.am| 6 +++- doc/tor-print-ed-signing-cert.1.txt | 32 + src/tools/Makefile.nmake | 5 ++- src/tools/include.am | 11 +- src/tools/tor-print-ed-signing-cert.c | 65 +++ 7 files changed, 126 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Update include in tor-print-ed-signing-cert
commit 49d8a2109f93c0675e9c74630b8d41e9d25d1b5e Author: Nick Mathewson Date: Mon Jul 30 08:57:18 2018 -0400 Update include in tor-print-ed-signing-cert --- src/tools/tor-print-ed-signing-cert.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/tools/tor-print-ed-signing-cert.c b/src/tools/tor-print-ed-signing-cert.c index bb90e7945..ca53e34d5 100644 --- a/src/tools/tor-print-ed-signing-cert.c +++ b/src/tools/tor-print-ed-signing-cert.c @@ -8,7 +8,7 @@ #include "ed25519_cert.h" #include "lib/crypt_ops/crypto_format.h" -#include "lib/malloc/util_malloc.h" +#include "lib/malloc/malloc.h" int main(int argc, char **argv) @@ -62,4 +62,3 @@ main(int argc, char **argv) return 0; } - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Tool to print expiration date of ed25519_signing_cert
commit 2558634f0c3e16cd5cd8ec08f80fffcc93237a3e Author: rl1987 Date: Wed Jun 13 13:20:47 2018 +0300 Tool to print expiration date of ed25519_signing_cert --- src/tools/Makefile.nmake | 5 ++- src/tools/include.am | 11 +- src/tools/tor-print-ed-signing-cert.c | 65 +++ 3 files changed, 79 insertions(+), 2 deletions(-) diff --git a/src/tools/Makefile.nmake b/src/tools/Makefile.nmake index fda1990e0..e223d9b13 100644 --- a/src/tools/Makefile.nmake +++ b/src/tools/Makefile.nmake @@ -1,4 +1,4 @@ -all: tor-resolve.exe tor-gencert.exe +all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or @@ -15,5 +15,8 @@ tor-gencert.exe: tor-gencert.obj tor-resolve.exe: tor-resolve.obj $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj +tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj + $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj + clean: del *.obj *.lib *.exe diff --git a/src/tools/include.am b/src/tools/include.am index 8a2ecb23c..d5924dda5 100644 --- a/src/tools/include.am +++ b/src/tools/include.am @@ -1,4 +1,4 @@ -bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert +bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert if COVERAGE_ENABLED noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert @@ -29,6 +29,15 @@ src_tools_tor_gencert_LDADD = \ @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ +src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c +src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ +src_tools_tor_print_ed_signing_cert_LDADD = \ + src/trunnel/libor-trunnel.a \ +$(TOR_CRYPTO_LIBS) \ +$(TOR_UTIL_LIBS) \ + @TOR_LIB_MATH@ @TOR_OPENSSL_LIBS@ \ + @TOR_LIB_WS32@ @TOR_LIB_USERENV@ + if COVERAGE_ENABLED src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) diff --git a/src/tools/tor-print-ed-signing-cert.c b/src/tools/tor-print-ed-signing-cert.c new file mode 100644 index 0..bb90e7945 --- /dev/null +++ b/src/tools/tor-print-ed-signing-cert.c @@ -0,0 +1,65 @@ +/* Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include +#include +#include +#include + +#include "ed25519_cert.h" +#include "lib/crypt_ops/crypto_format.h" +#include "lib/malloc/util_malloc.h" + +int +main(int argc, char **argv) +{ + ed25519_cert_t *cert = NULL; + + if (argc != 2) { +fprintf(stderr, "Usage:\n"); +fprintf(stderr, "%s \n", argv[0]); +return -1; + } + + const char *filepath = argv[1]; + char *got_tag = NULL; + + uint8_t certbuf[256]; + ssize_t cert_body_len = crypto_read_tagged_contents_from_file( + filepath, "ed25519v1-cert", + &got_tag, certbuf, sizeof(certbuf)); + + if (cert_body_len <= 0) { +fprintf(stderr, "crypto_read_tagged_contents_from_file failed with " +"error: %s\n", strerror(errno)); +return -2; + } + + if (!got_tag) { +fprintf(stderr, "Found no tag\n"); +return -3; + } + + if (strcmp(got_tag, "type4") != 0) { +fprintf(stderr, "Wrong tag: %s\n", got_tag); +return -4; + } + + tor_free(got_tag); + + ssize_t parsed = ed25519_cert_parse(&cert, certbuf, cert_body_len); + if (parsed <= 0) { +fprintf(stderr, "ed25519_cert_parse failed with return value %zd\n", +parsed); +return -5; + } + + time_t expires_at = (time_t)cert->exp_field * 60 * 60; + + printf("Expires at: %s", ctime(&expires_at)); + + ed25519_cert_free(cert); + + return 0; +} + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Update .gitignore
commit abc0a72fd16c59ef6b834e80caa36184267fd494 Author: rl1987 Date: Sun Jul 8 14:56:16 2018 +0200 Update .gitignore --- .gitignore | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index 80c039a68..1cd99dfd3 100644 --- a/.gitignore +++ b/.gitignore @@ -116,6 +116,11 @@ uptime-*.json /doc/torify.html /doc/torify.html.in /doc/torify.1.xml +/doc/tor-print-ed-signing-cert.1 +/doc/tor-print-ed-signing-cert.1.in +/doc/tor-print-ed-signing-cert.html +/doc/tor-print-ed-signing-cert.html.in +/doc/tor-print-ed-signing-cert.1.xml # /doc/spec/ /doc/spec/Makefile @@ -258,6 +263,8 @@ uptime-*.json /src/tools/tor-resolve /src/tools/tor-cov-resolve /src/tools/tor-gencert +/src/tools/tor-print-ed-signing-cert +/src/tools/tor-print-ed-signing-cert.exe /src/tools/tor-cov-gencert /src/tools/tor-checkkey.exe /src/tools/tor-resolve.exe ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add changes file
commit 0bd2f2edd9f7e01bfcf7d78c838884f5e4d17417 Author: rl1987 Date: Wed Jun 13 13:36:08 2018 +0300 Add changes file --- changes/feature19506 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/feature19506 b/changes/feature19506 new file mode 100644 index 0..83ba9e245 --- /dev/null +++ b/changes/feature19506 @@ -0,0 +1,3 @@ + o Minor features (admin tools): +- Add new tool that prints expiration date of signing cert + in ed25519_signing_cert. Resolves issue 19506. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add changes file
commit e9f6f742b2729ee62e97711f08fec8e8a97393d7 Author: rl1987 Date: Fri Jun 22 16:48:57 2018 +0300 Add changes file --- changes/ticket21349 | 6 ++ 1 file changed, 6 insertions(+) diff --git a/changes/ticket21349 b/changes/ticket21349 new file mode 100644 index 0..c07288406 --- /dev/null +++ b/changes/ticket21349 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: +- Split sampled_guards_update_from_consensus() and + select_entry_guard_for_circuit() into subfunctions. + In entry_guards_update_primary() unite + three smartlist enumerations into one and move smartlist + comparison code out of the function. Closes ticket 21349. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Split sampled_guards_update_from_consensus() into subfunctions
commit 86549c0d9e636dabe3a0ed9890afe3faf920b7b6 Author: rl1987 Date: Fri Jun 22 15:21:05 2018 +0300 Split sampled_guards_update_from_consensus() into subfunctions --- src/feature/client/entrynodes.c | 123 +++- 1 file changed, 95 insertions(+), 28 deletions(-) diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 664be8ce1..ee6ff8c67 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -406,6 +406,17 @@ get_remove_unlisted_guards_after_days(void) DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS, 1, 365*10); } + +/** + * Return number of seconds that will make a guard no longer eligible + * for selection if unlisted for this long. + */ +static time_t +get_remove_unlisted_guards_after_seconds(void) +{ + return get_remove_unlisted_guards_after_days() * 24 * 60 * 60; +} + /** * We remove unconfirmed guards from the sample after this many days, * regardless of whether they are listed or unlisted. @@ -1237,30 +1248,28 @@ entry_guard_is_listed,(guard_selection_t *gs, const entry_guard_t *guard)) } /** - * Update the status of all sampled guards based on the arrival of a - * new consensus networkstatus document. This will include marking - * some guards as listed or unlisted, and removing expired guards. */ -STATIC void -sampled_guards_update_from_consensus(guard_selection_t *gs) + * Enumerate sampled_entry_guards smartlist in gs. + * For each entry_guard_t object in smartlist, do the following: + * * Update currently_listed field to reflect if guard is listed + *in guard selection gs. + * * Set unlisted_since_date to approximate UNIX time of + *unlisting if guard is unlisted (randomize within 20% of + *get_remove_unlisted_guards_after_seconds()). Otherwise, + *set it to 0. + * + * Require gs to be non-null pointer. + * Return a number of entries updated. + */ +static size_t +sampled_guards_update_consensus_presence(guard_selection_t *gs) { - tor_assert(gs); - const int REMOVE_UNLISTED_GUARDS_AFTER = -(get_remove_unlisted_guards_after_days() * 86400); - const int unlisted_since_slop = REMOVE_UNLISTED_GUARDS_AFTER / 5; + size_t n_changes = 0; - // It's important to use only a live consensus here; we don't want to - // make changes based on anything expired or old. - if (live_consensus_is_missing(gs)) { -log_info(LD_GUARD, "Not updating the sample guard set; we have " - "no live consensus."); -return; - } - log_info(LD_GUARD, "Updating sampled guard status based on received " - "consensus."); + tor_assert(gs); - int n_changes = 0; + const time_t unlisted_since_slop = +get_remove_unlisted_guards_after_seconds() / 5; - /* First: Update listed/unlisted. */ SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { /* #20827 check ed ID too */ const int is_listed = entry_guard_is_listed(gs, guard); @@ -1304,14 +1313,33 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) } } SMARTLIST_FOREACH_END(guard); - const time_t remove_if_unlisted_since = -approx_time() - REMOVE_UNLISTED_GUARDS_AFTER; - const time_t maybe_remove_if_sampled_before = -approx_time() - get_guard_lifetime(); - const time_t remove_if_confirmed_before = -approx_time() - get_guard_confirmed_min_lifetime(); + return n_changes; +} + +/** + * Enumerate sampled_entry_guards smartlist in gs. + * For each entry_guard_t object in smartlist, do the following: + * * If currently_listed is false and unlisted_since_date + * is earlier than remove_if_unlisted_since - remove it. + * * Otherwise, check if sampled_on_date is earlier than + * maybe_remove_if_sampled_before. + * * When above condition is correct, remove the guard if: + * * It was never confirmed. + * * It was confirmed before remove_if_confirmed_before. + * + * Require gs to be non-null pointer. + * Return number of entries deleted. + */ +static size_t +sampled_guards_prune_obsolete_entries(guard_selection_t *gs, + const time_t remove_if_unlisted_since, + const time_t maybe_remove_if_sampled_before, + const time_t remove_if_confirmed_before) +{ + size_t n_changes = 0; + + tor_assert(gs); - /* Then: remove the ones that have been junk for too long */ SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { int rmv = 0; @@ -1319,7 +1347,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) guard->unlisted_since_date < remove_if_unlisted_since) { /* "We have a live consensus, and {IS_LISTED} is false, and - {FIRST_UNLISTED_AT} is over {REMOVE_UNLISTED_GUARDS_AFTER} + {FIRST_UNLISTED_AT} is over get_remove_unlisted_guards_after_days() days in the past." */ log_info
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 1c38221820565c839904b50c583cd9c44264e12c Author: Translation commit bot Date: Mon Jul 30 12:46:52 2018 + Update translations for tails-misc --- zh_CN.po | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/zh_CN.po b/zh_CN.po index 6c7b02593..5be683ba0 100644 --- a/zh_CN.po +++ b/zh_CN.po @@ -21,8 +21,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-24 08:44+0800\n" -"PO-Revision-Date: 2018-07-24 03:04+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-07-30 12:36+\n" +"Last-Translator: Lafrenze Laurant\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -84,17 +84,17 @@ msgstr "éåº(_E)" #: config/chroot_local-includes/usr/local/bin/liferea:18 msgid "Liferea is deprecated" -msgstr "" +msgstr "Liferea已被å¼ç¨" #: config/chroot_local-includes/usr/local/bin/liferea:19 msgid "Do you wish to start Liferea anyway?" -msgstr "" +msgstr "æ¨è¦å¯å¨Liferea anywayåï¼" #: config/chroot_local-includes/usr/local/bin/liferea:21 msgid "" "Due to security concerns the Liferea feed reader will be removed from Tails " "by the end of 2018. Please migrate your feeds to Thunderbird." -msgstr "" +msgstr "åºäºå®å ¨è§åº¦èèï¼Liferea feed readerå°ä¼å¨2018å¹´æ«ä»Tailsä¸è¢«ç§»é¤ã请å°æ¨çç½ç»è®¢é 移è³Thunderbirdã" #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:75 msgid "Restart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed
commit 1839f384db882c4b86c050d5dcad21ed7d24e1fd Author: Translation commit bot Date: Mon Jul 30 12:45:45 2018 + Update translations for https_everywhere_completed --- zh_CN/https-everywhere.dtd | 3 +++ 1 file changed, 3 insertions(+) diff --git a/zh_CN/https-everywhere.dtd b/zh_CN/https-everywhere.dtd index 4eef39353..d58b5c235 100644 --- a/zh_CN/https-everywhere.dtd +++ b/zh_CN/https-everywhere.dtd @@ -25,6 +25,9 @@ + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'rl1987/ticket21349_4'
commit 13393b2d913545aec54d17fb3402906ab4e04ad7 Merge: b8e94b2f1 e9f6f742b Author: Nick Mathewson Date: Mon Jul 30 08:49:49 2018 -0400 Merge remote-tracking branch 'rl1987/ticket21349_4' changes/ticket21349 | 6 + src/feature/client/entrynodes.c | 324 +++- src/lib/container/smartlist.c | 27 src/lib/container/smartlist.h | 3 + 4 files changed, 256 insertions(+), 104 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make entry_guards_update_primary() shorter
commit e6c51a056c5be77edeb60d71c1cb36a8680df9af Author: rl1987 Date: Fri Jun 22 16:04:08 2018 +0300 Make entry_guards_update_primary() shorter --- src/feature/client/entrynodes.c | 44 ++--- src/lib/container/smartlist.c | 27 + src/lib/container/smartlist.h | 3 +++ 3 files changed, 45 insertions(+), 29 deletions(-) diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index ee6ff8c67..af68de611 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -1883,28 +1883,24 @@ entry_guards_update_primary(guard_selection_t *gs) smartlist_add(new_primary_guards, guard); } SMARTLIST_FOREACH_END(guard); - /* Can we keep any older primary guards? First remove all the ones - * that we already kept. */ SMARTLIST_FOREACH_BEGIN(old_primary_guards, entry_guard_t *, guard) { +/* Can we keep any older primary guards? First remove all the ones + * that we already kept. */ if (smartlist_contains(new_primary_guards, guard)) { SMARTLIST_DEL_CURRENT_KEEPORDER(old_primary_guards, guard); -} - } SMARTLIST_FOREACH_END(guard); - - /* Now add any that are still good. */ - SMARTLIST_FOREACH_BEGIN(old_primary_guards, entry_guard_t *, guard) { -if (smartlist_len(new_primary_guards) >= N_PRIMARY_GUARDS) - break; -if (! guard->is_filtered_guard) continue; -guard->is_primary = 1; -smartlist_add(new_primary_guards, guard); -SMARTLIST_DEL_CURRENT_KEEPORDER(old_primary_guards, guard); - } SMARTLIST_FOREACH_END(guard); +} - /* Mark the remaining previous primary guards as non-primary */ - SMARTLIST_FOREACH_BEGIN(old_primary_guards, entry_guard_t *, guard) { -guard->is_primary = 0; +/* Now add any that are still good. */ +if (smartlist_len(new_primary_guards) < N_PRIMARY_GUARDS && +guard->is_filtered_guard) { + guard->is_primary = 1; + smartlist_add(new_primary_guards, guard); + SMARTLIST_DEL_CURRENT_KEEPORDER(old_primary_guards, guard); +} else { + /* Mark the remaining previous primary guards as non-primary */ + guard->is_primary = 0; +} } SMARTLIST_FOREACH_END(guard); /* Finally, fill out the list with sampled guards. */ @@ -1928,18 +1924,8 @@ entry_guards_update_primary(guard_selection_t *gs) }); #endif /* 1 */ - int any_change = 0; - if (smartlist_len(gs->primary_entry_guards) != - smartlist_len(new_primary_guards)) { -any_change = 1; - } else { -SMARTLIST_FOREACH_BEGIN(gs->primary_entry_guards, entry_guard_t *, g) { - if (g != smartlist_get(new_primary_guards, g_sl_idx)) { -any_change = 1; - } -} SMARTLIST_FOREACH_END(g); - } - + const int any_change = !smartlist_ptrs_eq(gs->primary_entry_guards, +new_primary_guards); if (any_change) { log_info(LD_GUARD, "Primary entry guards have changed. " "New primary guard list is: "); diff --git a/src/lib/container/smartlist.c b/src/lib/container/smartlist.c index dc283e5f5..4b29d834d 100644 --- a/src/lib/container/smartlist.c +++ b/src/lib/container/smartlist.c @@ -189,6 +189,33 @@ smartlist_ints_eq(const smartlist_t *sl1, const smartlist_t *sl2) return 1; } +/** + * Return true if there is shallow equality between smartlists - + * i.e. all indices correspond to exactly same object (pointer + * values are matching). Otherwise, return false. + */ +int +smartlist_ptrs_eq(const smartlist_t *s1, const smartlist_t *s2) +{ + if (s1 == s2) +return 1; + + // Note: pointers cannot both be NULL at this point, because + // above check. + if (s1 == NULL || s2 == NULL) +return 0; + + if (smartlist_len(s1) != smartlist_len(s2)) +return 0; + + for (int i = 0; i < smartlist_len(s1); i++) { +if (smartlist_get(s1, i) != smartlist_get(s2, i)) + return 0; + } + + return 1; +} + /** Return true iff sl has some element E such that * tor_memeq(E,element,DIGEST_LEN) */ diff --git a/src/lib/container/smartlist.h b/src/lib/container/smartlist.h index 3b19cbfce..9705396ac 100644 --- a/src/lib/container/smartlist.h +++ b/src/lib/container/smartlist.h @@ -37,6 +37,9 @@ int smartlist_overlap(const smartlist_t *sl1, const smartlist_t *sl2); void smartlist_intersect(smartlist_t *sl1, const smartlist_t *sl2); void smartlist_subtract(smartlist_t *sl1, const smartlist_t *sl2); +int smartlist_ptrs_eq(const smartlist_t *s1, + const smartlist_t *s2); + void smartlist_sort(smartlist_t *sl, int (*compare)(const void **a, const void **b)); void *smartlist_get_most_frequent_(const smartlist_t *sl, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Split select_entry_guard_for_circuit()
commit 042d22c8d1c4e4224feadd4ff3995769eb8301b4 Author: rl1987 Date: Fri Jun 22 16:43:50 2018 +0300 Split select_entry_guard_for_circuit() --- src/feature/client/entrynodes.c | 157 1 file changed, 110 insertions(+), 47 deletions(-) diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index af68de611..494ad3352 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -2027,31 +2027,23 @@ entry_guards_note_internet_connectivity(guard_selection_t *gs) } /** - * Get a guard for use with a circuit. Prefer to pick a running primary - * guard; then a non-pending running filtered confirmed guard; then a - * non-pending runnable filtered guard. Update the + * Pick a primary guard for use with a circuit, if available. Update the * last_tried_to_connect time and the is_pending fields of the * guard as appropriate. Set state_out to the new guard-state * of the circuit. */ -STATIC entry_guard_t * -select_entry_guard_for_circuit(guard_selection_t *gs, - guard_usage_t usage, - const entry_guard_restriction_t *rst, - unsigned *state_out) +static entry_guard_t * +select_primary_guard_for_circuit(guard_selection_t *gs, + guard_usage_t usage, + const entry_guard_restriction_t *rst, + unsigned *state_out) { const int need_descriptor = (usage == GUARD_USAGE_TRAFFIC); - tor_assert(gs); - tor_assert(state_out); - - if (!gs->primary_guards_up_to_date) -entry_guards_update_primary(gs); + entry_guard_t *chosen_guard = NULL; int num_entry_guards = get_n_primary_guards_to_use(usage); smartlist_t *usable_primary_guards = smartlist_new(); - /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of - or , return the first such guard." */ SMARTLIST_FOREACH_BEGIN(gs->primary_entry_guards, entry_guard_t *, guard) { entry_guard_consider_retry(guard); if (! entry_guard_obeys_restriction(guard, rst)) @@ -2069,18 +2061,30 @@ select_entry_guard_for_circuit(guard_selection_t *gs, } SMARTLIST_FOREACH_END(guard); if (smartlist_len(usable_primary_guards)) { -entry_guard_t *guard = smartlist_choose(usable_primary_guards); +chosen_guard = smartlist_choose(usable_primary_guards); smartlist_free(usable_primary_guards); log_info(LD_GUARD, "Selected primary guard %s for circuit.", - entry_guard_describe(guard)); -return guard; + entry_guard_describe(chosen_guard)); } + smartlist_free(usable_primary_guards); + return chosen_guard; +} + +/** + * For use with a circuit, pick a non-pending running filtered confirmed guard, + * if one is available. Update the last_tried_to_connect time and the + * is_pending fields of the guard as appropriate. Set state_out + * to the new guard-state of the circuit. + */ +static entry_guard_t * +select_confirmed_guard_for_circuit(guard_selection_t *gs, + guard_usage_t usage, + const entry_guard_restriction_t *rst, + unsigned *state_out) +{ + const int need_descriptor = (usage == GUARD_USAGE_TRAFFIC); - /* "Otherwise, if the ordered intersection of {CONFIRMED_GUARDS} - and {USABLE_FILTERED_GUARDS} is nonempty, return the first - entry in that intersection that has {is_pending} set to - false." */ SMARTLIST_FOREACH_BEGIN(gs->confirmed_entry_guards, entry_guard_t *, guard) { if (guard->is_primary) continue; /* we already considered this one. */ @@ -2101,34 +2105,93 @@ select_entry_guard_for_circuit(guard_selection_t *gs, } } SMARTLIST_FOREACH_END(guard); + return NULL; +} + +/** + * For use with a circuit, pick a confirmed usable filtered guard + * at random. Update the last_tried_to_connect time and the + * is_pending fields of the guard as appropriate. Set state_out + * to the new guard-state of the circuit. + */ +static entry_guard_t * +select_filtered_guard_for_circuit(guard_selection_t *gs, + guard_usage_t usage, + const entry_guard_restriction_t *rst, + unsigned *state_out) +{ + const int need_descriptor = (usage == GUARD_USAGE_TRAFFIC); + entry_guard_t *chosen_guard = NULL; + unsigned flags = 0; + if (need_descriptor) +flags |= SAMPLE_EXCLUDE_NO_DESCRIPTOR; + chosen_guard = sample_reachable_filtered_entry_guards(gs, + rst, + SAMPLE_EXCLUDE_CONFIRMED | + SAMPLE_EXCLUDE_PRIMARY | + SAMPLE_EXCLUDE_PENDING | + flags); + if (!chosen_
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 1f06c40c802b1a33d930a956084286b886ef8bf1 Author: Translation commit bot Date: Mon Jul 30 12:46:58 2018 + Update translations for tails-misc_completed --- zh_CN.po | 24 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/zh_CN.po b/zh_CN.po index 85ad64862..5be683ba0 100644 --- a/zh_CN.po +++ b/zh_CN.po @@ -20,9 +20,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-03-12 19:03+0100\n" -"PO-Revision-Date: 2018-04-12 19:07+\n" -"Last-Translator: YF \n" +"POT-Creation-Date: 2018-07-24 08:44+0800\n" +"PO-Revision-Date: 2018-07-30 12:36+\n" +"Last-Translator: Lafrenze Laurant\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -38,7 +38,7 @@ msgstr "Tor 已就绪" msgid "You can now access the Internet." msgstr "ä½ ç°å¨å¯ä»¥è®¿é®å ç¹ç½äºã" -#: config/chroot_local-includes/etc/whisperback/config.py:65 +#: config/chroot_local-includes/etc/whisperback/config.py:66 #, python-format msgid "" "Help us fix your bug!\n" @@ -71,15 +71,31 @@ msgid "Do you want to start Electrum anyway?" msgstr "æ¨æ 论å¦ä½é½è¦å¯å¨ Electrum åï¼" #: config/chroot_local-includes/usr/local/bin/electrum:63 +#: config/chroot_local-includes/usr/local/bin/liferea:33 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" msgstr "å¯å¨(_L)" #: config/chroot_local-includes/usr/local/bin/electrum:64 +#: config/chroot_local-includes/usr/local/bin/liferea:32 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" msgstr "éåº(_E)" +#: config/chroot_local-includes/usr/local/bin/liferea:18 +msgid "Liferea is deprecated" +msgstr "Liferea已被å¼ç¨" + +#: config/chroot_local-includes/usr/local/bin/liferea:19 +msgid "Do you wish to start Liferea anyway?" +msgstr "æ¨è¦å¯å¨Liferea anywayåï¼" + +#: config/chroot_local-includes/usr/local/bin/liferea:21 +msgid "" +"Due to security concerns the Liferea feed reader will be removed from Tails " +"by the end of 2018. Please migrate your feeds to Thunderbird." +msgstr "åºäºå®å ¨è§åº¦èèï¼Liferea feed readerå°ä¼å¨2018å¹´æ«ä»Tailsä¸è¢«ç§»é¤ã请å°æ¨çç½ç»è®¢é 移è³Thunderbirdã" + #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:75 msgid "Restart" msgstr "éæ°å¯å¨" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] Update translations for https_everywhere
commit cb914c74f13fea2db9accaf4c0b66e936045d578 Author: Translation commit bot Date: Mon Jul 30 12:45:36 2018 + Update translations for https_everywhere --- zh_CN/https-everywhere.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/zh_CN/https-everywhere.dtd b/zh_CN/https-everywhere.dtd index 4b749f998..d58b5c235 100644 --- a/zh_CN/https-everywhere.dtd +++ b/zh_CN/https-everywhere.dtd @@ -25,8 +25,8 @@ - - + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.2' into maint-0.3.3
commit a159eaf45fb59fb47732d5d811db2cc78c02a960 Merge: 15d7f24c5 fea35ddf0 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.2' into maint-0.3.3 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'bug26924_029' into bug26924_032
commit fdc3ad6259095b3f15eeb96e998bf078083449dd Merge: be3a962ca 6443812e3 Author: teor Date: Wed Jul 25 14:33:10 2018 +1000 Merge branch 'bug26924_029' into bug26924_032 changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --cc src/or/connection_or.c index fd8c5fc7f,a01d08627..add0493d2 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@@ -46,12 -45,11 +46,13 @@@ #include "microdesc.h" #include "networkstatus.h" #include "nodelist.h" +#include "proto_cell.h" #include "reasons.h" #include "relay.h" + #include "rendcommon.h" #include "rephist.h" #include "router.h" +#include "routerkeys.h" #include "routerlist.h" #include "ext_orport.h" #include "scheduler.h" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Improve connection auth logging
commit 859d5a737502258641703cb52598b64bd08ce870 Author: teor Date: Wed Jul 25 14:39:31 2018 +1000 Improve connection auth logging Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. --- changes/bug26927 | 4 src/or/connection_or.c | 8 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changes/bug26927 b/changes/bug26927 new file mode 100644 index 0..cd035bba8 --- /dev/null +++ b/changes/bug26927 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): +- Improve the log message when connection initiators fail to authenticate + direct connections to relays. + Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index add0493d2..fe2cea4f4 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1708,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, - "Tried connecting to router at %s:%d, but RSA identity key was not " - "as expected: wanted %s + %s but got %s + %s.%s", + "Tried connecting to router at %s:%d, but RSA + ed25519 identity " + "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); @@ -1726,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { -log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " - "connection."); +log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " + "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2
commit fea35ddf0017827cb5e26bb725574108ad97c261 Merge: a8bdb851e 859d5a737 Author: Nick Mathewson Date: Mon Jul 30 08:44:40 2018 -0400 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.2' into maint-0.3.3
commit a159eaf45fb59fb47732d5d811db2cc78c02a960 Merge: 15d7f24c5 fea35ddf0 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.2' into maint-0.3.3 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.4' into release-0.3.4
commit 1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce Merge: 33d80123c 7d66ec0fe Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.4' into release-0.3.4 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Stop logging link auth warnings on Single Onion Services and Tor2web
commit 6443812e343635d0db6ea1aac58b817732b7f29a Author: teor Date: Wed Jul 25 14:28:06 2018 +1000 Stop logging link auth warnings on Single Onion Services and Tor2web Instead, log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. --- changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug26924 b/changes/bug26924 new file mode 100644 index 0..882db56b4 --- /dev/null +++ b/changes/bug26924 @@ -0,0 +1,4 @@ + o Minor bugfixes (single onion services, Tor2web): +- Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 8beedcae7..a01d08627 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -47,6 +47,7 @@ #include "nodelist.h" #include "reasons.h" #include "relay.h" +#include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerlist.h" @@ -1628,10 +1629,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); +const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; -if (server_mode(options)) { +/* Relays, Single Onion Services, and Tor2web make direct connections using + * untrusted authentication keys. */ +if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 7d66ec0feba7aa7cfbaeb8c3af2df35cdcd536f1 Merge: d102e9c2e a159eaf45 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'bug26924_029' into bug26924_032
commit fdc3ad6259095b3f15eeb96e998bf078083449dd Merge: be3a962ca 6443812e3 Author: teor Date: Wed Jul 25 14:33:10 2018 +1000 Merge branch 'bug26924_029' into bug26924_032 changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --cc src/or/connection_or.c index fd8c5fc7f,a01d08627..add0493d2 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@@ -46,12 -45,11 +46,13 @@@ #include "microdesc.h" #include "networkstatus.h" #include "nodelist.h" +#include "proto_cell.h" #include "reasons.h" #include "relay.h" + #include "rendcommon.h" #include "rephist.h" #include "router.h" +#include "routerkeys.h" #include "routerlist.h" #include "ext_orport.h" #include "scheduler.h" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2
commit fea35ddf0017827cb5e26bb725574108ad97c261 Merge: a8bdb851e 859d5a737 Author: Nick Mathewson Date: Mon Jul 30 08:44:40 2018 -0400 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Improve connection auth logging
commit 859d5a737502258641703cb52598b64bd08ce870 Author: teor Date: Wed Jul 25 14:39:31 2018 +1000 Improve connection auth logging Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. --- changes/bug26927 | 4 src/or/connection_or.c | 8 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changes/bug26927 b/changes/bug26927 new file mode 100644 index 0..cd035bba8 --- /dev/null +++ b/changes/bug26927 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): +- Improve the log message when connection initiators fail to authenticate + direct connections to relays. + Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index add0493d2..fe2cea4f4 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1708,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, - "Tried connecting to router at %s:%d, but RSA identity key was not " - "as expected: wanted %s + %s but got %s + %s.%s", + "Tried connecting to router at %s:%d, but RSA + ed25519 identity " + "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); @@ -1726,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { -log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " - "connection."); +log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " + "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3
commit 1a646880d1115c352ae12ce4cfae41690f7e834f Merge: 6716cd090 a159eaf45 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.3' into release-0.3.3 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Improve connection auth logging
commit 859d5a737502258641703cb52598b64bd08ce870 Author: teor Date: Wed Jul 25 14:39:31 2018 +1000 Improve connection auth logging Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. --- changes/bug26927 | 4 src/or/connection_or.c | 8 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changes/bug26927 b/changes/bug26927 new file mode 100644 index 0..cd035bba8 --- /dev/null +++ b/changes/bug26927 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): +- Improve the log message when connection initiators fail to authenticate + direct connections to relays. + Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index add0493d2..fe2cea4f4 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1708,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, - "Tried connecting to router at %s:%d, but RSA identity key was not " - "as expected: wanted %s + %s but got %s + %s.%s", + "Tried connecting to router at %s:%d, but RSA + ed25519 identity " + "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); @@ -1726,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { -log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " - "connection."); +log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " + "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.4'
commit b8e94b2f1d0df8152fd7b9726a470aa83970b3c5 Merge: ec1ced3cc 7d66ec0fe Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.4' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2
commit edfa746888d5492693becd7d1c74b4c934503790 Merge: d79557efc fea35ddf0 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.2' into release-0.3.2 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Stop logging link auth warnings on Single Onion Services and Tor2web
commit 6443812e343635d0db6ea1aac58b817732b7f29a Author: teor Date: Wed Jul 25 14:28:06 2018 +1000 Stop logging link auth warnings on Single Onion Services and Tor2web Instead, log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. --- changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug26924 b/changes/bug26924 new file mode 100644 index 0..882db56b4 --- /dev/null +++ b/changes/bug26924 @@ -0,0 +1,4 @@ + o Minor bugfixes (single onion services, Tor2web): +- Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 8beedcae7..a01d08627 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -47,6 +47,7 @@ #include "nodelist.h" #include "reasons.h" #include "relay.h" +#include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerlist.h" @@ -1628,10 +1629,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); +const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; -if (server_mode(options)) { +/* Relays, Single Onion Services, and Tor2web make direct connections using + * untrusted authentication keys. */ +if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
commit 4632ad4314e8fa339a5c071e6e6a8a39d70f4bb5 Merge: 409d0cf8d 6443812e3 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.2.9' into release-0.2.9 changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Stop logging link auth warnings on Single Onion Services and Tor2web
commit 6443812e343635d0db6ea1aac58b817732b7f29a Author: teor Date: Wed Jul 25 14:28:06 2018 +1000 Stop logging link auth warnings on Single Onion Services and Tor2web Instead, log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. --- changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug26924 b/changes/bug26924 new file mode 100644 index 0..882db56b4 --- /dev/null +++ b/changes/bug26924 @@ -0,0 +1,4 @@ + o Minor bugfixes (single onion services, Tor2web): +- Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 8beedcae7..a01d08627 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -47,6 +47,7 @@ #include "nodelist.h" #include "reasons.h" #include "relay.h" +#include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerlist.h" @@ -1628,10 +1629,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); +const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; -if (server_mode(options)) { +/* Relays, Single Onion Services, and Tor2web make direct connections using + * untrusted authentication keys. */ +if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Stop logging link auth warnings on Single Onion Services and Tor2web
commit 6443812e343635d0db6ea1aac58b817732b7f29a Author: teor Date: Wed Jul 25 14:28:06 2018 +1000 Stop logging link auth warnings on Single Onion Services and Tor2web Instead, log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. --- changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug26924 b/changes/bug26924 new file mode 100644 index 0..882db56b4 --- /dev/null +++ b/changes/bug26924 @@ -0,0 +1,4 @@ + o Minor bugfixes (single onion services, Tor2web): +- Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 8beedcae7..a01d08627 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -47,6 +47,7 @@ #include "nodelist.h" #include "reasons.h" #include "relay.h" +#include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerlist.h" @@ -1628,10 +1629,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); +const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; -if (server_mode(options)) { +/* Relays, Single Onion Services, and Tor2web make direct connections using + * untrusted authentication keys. */ +if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.2' into maint-0.3.3
commit a159eaf45fb59fb47732d5d811db2cc78c02a960 Merge: 15d7f24c5 fea35ddf0 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.2' into maint-0.3.3 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2
commit fea35ddf0017827cb5e26bb725574108ad97c261 Merge: a8bdb851e 859d5a737 Author: Nick Mathewson Date: Mon Jul 30 08:44:40 2018 -0400 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'bug26924_029' into bug26924_032
commit fdc3ad6259095b3f15eeb96e998bf078083449dd Merge: be3a962ca 6443812e3 Author: teor Date: Wed Jul 25 14:33:10 2018 +1000 Merge branch 'bug26924_029' into bug26924_032 changes/bug26924 | 4 src/or/connection_or.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --cc src/or/connection_or.c index fd8c5fc7f,a01d08627..add0493d2 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@@ -46,12 -45,11 +46,13 @@@ #include "microdesc.h" #include "networkstatus.h" #include "nodelist.h" +#include "proto_cell.h" #include "reasons.h" #include "relay.h" + #include "rendcommon.h" #include "rephist.h" #include "router.h" +#include "routerkeys.h" #include "routerlist.h" #include "ext_orport.h" #include "scheduler.h" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 7d66ec0feba7aa7cfbaeb8c3af2df35cdcd536f1 Merge: d102e9c2e a159eaf45 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased'
commit ac9d08f66a3e5fd3fb3d456c4146b57c5ce1f1d6 Merge: 811ed8cf9 6d59ab16a Author: Nick Mathewson Date: Mon Jul 30 08:33:59 2018 -0400 Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' changes/ticket3723 | 3 + src/app/config/config.c | 2 +- src/feature/dirauth/dirvote.c | 44 +++- src/feature/dirauth/dirvote.h | 3 + src/feature/dircache/dirserv.c | 34 ++- src/feature/dircache/dirserv.h | 10 +- src/feature/nodelist/networkstatus.c| 5 + src/feature/nodelist/networkstatus_st.h | 3 + src/test/test_dir.c | 369 +--- 9 files changed, 390 insertions(+), 83 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2
commit fea35ddf0017827cb5e26bb725574108ad97c261 Merge: a8bdb851e 859d5a737 Author: Nick Mathewson Date: Mon Jul 30 08:44:40 2018 -0400 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove comment about Tor2web
commit db2a9180bebb8fab35229226ddc8a1d775e2837c Author: teor Date: Wed Jul 25 17:40:20 2018 +1000 Remove comment about Tor2web Part of #26367. --- src/core/or/connection_or.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 4fc77fde0..c5ff10f6a 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -1943,7 +1943,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn, int severity; const char *extra_log = ""; -/* Relays, Single Onion Services, and Tor2web make direct connections using +/* Relays and Single Onion Services make direct connections using * untrusted authentication keys. */ if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Improve connection auth logging
commit 859d5a737502258641703cb52598b64bd08ce870 Author: teor Date: Wed Jul 25 14:39:31 2018 +1000 Improve connection auth logging Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. --- changes/bug26927 | 4 src/or/connection_or.c | 8 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changes/bug26927 b/changes/bug26927 new file mode 100644 index 0..cd035bba8 --- /dev/null +++ b/changes/bug26927 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): +- Improve the log message when connection initiators fail to authenticate + direct connections to relays. + Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index add0493d2..fe2cea4f4 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1708,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, - "Tried connecting to router at %s:%d, but RSA identity key was not " - "as expected: wanted %s + %s but got %s + %s.%s", + "Tried connecting to router at %s:%d, but RSA + ed25519 identity " + "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); @@ -1726,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { -log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " - "connection."); +log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " + "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Rename bwlist to bw_file and banwidth to
commit d79c65772bd88b7b2810750237057fafbe8ea076 Author: juga0 Date: Fri Jun 29 20:43:51 2018 + Rename bwlist to bw_file and banwidth to bandwidth-file --- src/feature/dirauth/dirvote.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index a1bafb4fd..b123f73a4 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -254,7 +254,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, /* Abstraction violation: should be pulling a field out of v3_ns.*/ char *flag_thresholds = dirserv_get_flag_thresholds_line(); char *params; -char *bwlist_headers; +char *bw_file_headers; authority_cert_t *cert = v3_ns->cert; char *methods = make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD, @@ -269,11 +269,11 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, else params = tor_strdup(""); tor_assert(cert); -if (v3_ns->bwlist_headers) - bwlist_headers = smartlist_join_strings(v3_ns->bwlist_headers, " ", 0, +if (v3_ns->bw_file_headers) + bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ", 0, NULL); else - bwlist_headers = tor_strdup(""); + bw_file_headers = tor_strdup(""); smartlist_add_asprintf(chunks, "network-status-version 3\n" "vote-status %s\n" @@ -292,7 +292,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, "dir-source %s %s %s %s %d %d\n" "contact %s\n" "%s" /* shared randomness information */ - "bandwidth-file %s\n", /* bandwidth file headers */ + "bandwidth-file-headers %s\n", /* bandwidth file headers */ v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", methods, published, va, fu, vu, @@ -309,14 +309,14 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, voter->contact, shared_random_vote_str ? shared_random_vote_str : "", - bwlist_headers); + bw_file_headers); tor_free(params); tor_free(flags); tor_free(flag_thresholds); tor_free(methods); tor_free(shared_random_vote_str); -tor_free(bwlist_headers); +tor_free(bw_file_headers); if (!tor_digest_is_zero(voter->legacy_id_digest)) { char fpbuf[HEX_DIGEST_LEN+1]; @@ -4299,7 +4299,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, uint32_t addr; char *hostname = NULL, *client_versions = NULL, *server_versions = NULL; const char *contact; - smartlist_t *routers, *routerstatuses, *bwlist_headers; + smartlist_t *routers, *routerstatuses, *bw_file_headers; char identity_digest[DIGEST_LEN]; char signing_key_digest[DIGEST_LEN]; int listbadexits = options->AuthDirListBadExits; @@ -4383,7 +4383,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, routerstatuses = smartlist_new(); microdescriptors = smartlist_new(); - bwlist_headers = smartlist_new(); + bw_file_headers = smartlist_new(); SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) { /* If it has a protover list and contains a protocol name greater than @@ -4450,7 +4450,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, /* This pass through applies the measured bw lines to the routerstatuses */ if (options->V3BandwidthsFile) { dirserv_read_measured_bandwidths(options->V3BandwidthsFile, - routerstatuses, bwlist_headers); + routerstatuses, bw_file_headers); } else { /* * No bandwidths file; clear the measured bandwidth cache in case we had @@ -4546,7 +4546,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, options->ConsensusParams, NULL, 0, 0); smartlist_sort_strings(v3_out->net_params); } - v3_out->bwlist_headers = bwlist_headers; + v3_out->bw_file_headers = bw_file_headers; voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t)); voter->nickname = tor_strdup(options->Nickname); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Ensure that bw_file_headers is not bigger than max
commit 8164534f4669b2a3de075d1f57176540406be991 Author: juga0 Date: Sat Jun 30 13:56:38 2018 + Ensure that bw_file_headers is not bigger than max --- src/feature/dirauth/dirvote.c | 23 --- src/feature/dirauth/dirvote.h | 3 +++ src/feature/dircache/dirserv.c | 8 +--- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index b123f73a4..e3b701607 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -254,7 +254,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, /* Abstraction violation: should be pulling a field out of v3_ns.*/ char *flag_thresholds = dirserv_get_flag_thresholds_line(); char *params; -char *bw_file_headers; +char *bw_file_headers = NULL; authority_cert_t *cert = v3_ns->cert; char *methods = make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD, @@ -269,11 +269,19 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, else params = tor_strdup(""); tor_assert(cert); -if (v3_ns->bw_file_headers) - bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ", 0, - NULL); -else - bw_file_headers = tor_strdup(""); + +if (v3_ns->bw_file_headers) { + if (! BUG(smartlist_len(v3_ns->bw_file_headers) +> MAX_BW_FILE_HEADER_COUNT_IN_VOTE)) { +bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ", + 0, NULL); +if (BUG(strlen(bw_file_headers) > MAX_BW_FILE_HEADERS_LINE_LEN)) { + /* Free and set to NULL, so the vote header line is empty */ + tor_free(bw_file_headers); +} + } +} + smartlist_add_asprintf(chunks, "network-status-version 3\n" "vote-status %s\n" @@ -309,7 +317,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, voter->contact, shared_random_vote_str ? shared_random_vote_str : "", - bw_file_headers); + bw_file_headers ? + bw_file_headers : ""); tor_free(params); tor_free(flags); diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h index 7ce8e4a69..979a2be8a 100644 --- a/src/feature/dirauth/dirvote.h +++ b/src/feature/dirauth/dirvote.h @@ -89,6 +89,9 @@ #define DGV_INCLUDE_PENDING 2 #define DGV_INCLUDE_PREVIOUS 4 +/** Maximum size of a line in a vote. */ +#define MAX_BW_FILE_HEADERS_LINE_LEN 1024 + /* * Public API. Used outside of the dirauth subsystem. * diff --git a/src/feature/dircache/dirserv.c b/src/feature/dircache/dirserv.c index c3ccc3c8f..411a1a0bd 100644 --- a/src/feature/dircache/dirserv.c +++ b/src/feature/dircache/dirserv.c @@ -2679,17 +2679,19 @@ dirserv_read_measured_bandwidths(const char *from_file, applied_lines++; /* if the terminator is found, it is the end of header lines, set the * flag but do not store anything */ - } else if (strcmp(line, BW_FILE_TERMINATOR) == 0) + } else if (strcmp(line, BW_FILE_HEADERS_TERMINATOR) == 0) { line_is_after_headers = 1; /* if the line was not a correct relay line nor the terminator and * the end of the header lines has not been detected yet * and it is key_value and bw_file_headers did not reach the maximum * number of headers, * then assume this line is a header and add it to bw_file_headers */ - else if (bw_file_headers && + } else if (bw_file_headers && (line_is_after_headers == 0) && string_is_key_value(LOG_DEBUG, line) && - (smartlist_len(bw_file_headers) < MAX_BW_FILE_HEADERS_LEN)) { + !strchr(line, ' ') && + (smartlist_len(bw_file_headers) + < MAX_BW_FILE_HEADER_COUNT_IN_VOTE)) { line[strlen(line)-1] = '\0'; smartlist_add_strdup(bw_file_headers, line); }; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Move bandwidth file tests to same function
commit e87793bae52baf7673b3083e85b7121ffcfea290 Author: juga0 Date: Sat Jun 30 06:29:11 2018 + Move bandwidth file tests to same function also add tests for bw_file_headers. Headers are all that is found before a correct relay line or the terminator. Tests include: * a empty bandwidth file * a bandwidth file with only timestamp * a bandwidth file with v1.0.0 headers * a bandwidth file with v1.0.0 headers and relay lines * a bandwidth file with v1.1.0 headers and v1.0.0 relay lines * a bandwidth file with v1.0.0 headers, malformed relay lines and relay lines * a bandwidth file with v1.0.0 headers, malformed relay lines, relay lines and malformed relay lines * a bandwidth file with v1.1.0 headers without terminator * a bandwidth file with v1.1.0 headers with terminator * a bandwidth file with v1.1.0 headers without terminator and relay lines * a bandwidth file with v1.1.0 headers with terminator and relay lines * a bandwidth file with v1.1.0 headers without terminator, bad relay lines and relay lines * a bandwidth file with v1.1.0 headers with terminator, bad relay lines and relay lines --- src/test/test_dir.c | 340 +++- 1 file changed, 230 insertions(+), 110 deletions(-) diff --git a/src/test/test_dir.c b/src/test/test_dir.c index e44f16154..c4af7b255 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -1591,62 +1591,6 @@ test_dir_measured_bw_kb(void *arg) return; } -/* Test dirserv_read_measured_bandwidths */ -static void -test_dir_dirserv_read_measured_bandwidths_empty(void *arg) -{ - (void)arg; - char *content = NULL; - time_t timestamp = time(NULL); - char *fname = tor_strdup(get_fname("V3BandwidthsFile")); - smartlist_t *bwlist_headers = smartlist_new(); - char *bwlist_headers_str = NULL; - char *out_bwlist_headers_str = NULL; - - /* Test an empty file */ - write_str_to_file(fname, "", 0); - setup_capture_of_logs(LOG_WARN); - tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL, NULL)); - expect_log_msg("Empty bandwidth file\n"); - - /* Test v1.1.0 headers */ - const char *v110_header_lines= -"version=1.1.0\n" -"software=sbws\n" -"software_version=0.1.0\n" -"generator_started=2018-05-08T16:13:25\n" -"earliest_bandwidth=2018-05-08T16:13:26\n" -"\n"; - - /* And test bwlist_headers generation for dirvote.c */ - tor_asprintf(&content, "%ld\n%s", timestamp, v110_header_lines); - write_str_to_file(fname, content, 0); - tor_free(content); - tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL, - bwlist_headers)); - - /* The bwlist_headers str that should get generated by the previous - * v110v110_header_lines */ - const char *headers_str = "version=1.1.0 software=sbws " -"software_version=0.1.0 " -"generator_started=2018-05-08T16:13:25 " -"earliest_bandwidth=2018-05-08T16:13:26"; - tor_asprintf(&bwlist_headers_str, "timestamp=%ld %s", timestamp, - headers_str); - /* Compare the strings */ - out_bwlist_headers_str = smartlist_join_strings(bwlist_headers, " ", -0, NULL); - tt_str_op(bwlist_headers_str, OP_EQ, out_bwlist_headers_str); - - done: - tor_free(fname); - tor_free(bwlist_headers_str); - tor_free(out_bwlist_headers_str); - SMARTLIST_FOREACH(bwlist_headers, char *, cp, tor_free(cp)); - smartlist_free(bwlist_headers); - teardown_capture_of_logs(); -} - /* Unit tests for measured_bw_line_parse using line_is_after_headers flag. * When the end of the header is detected (a first complete bw line is parsed), * incomplete lines fail and give warnings, but do not give warnings if @@ -1690,7 +1634,7 @@ test_dir_measured_bw_kb_line_is_after_headers(void *arg) teardown_capture_of_logs(); } -/* Test dirserv_read_measured_bandwidths with whole files. */ +/* Test dirserv_read_measured_bandwidths with headers and complete files. */ static void test_dir_dirserv_read_measured_bandwidths(void *arg) { @@ -1698,76 +1642,253 @@ test_dir_dirserv_read_measured_bandwidths(void *arg) char *content = NULL; time_t timestamp = time(NULL); char *fname = tor_strdup(get_fname("V3BandwidthsFile")); - - /* Test Torflow file only with timestamp*/ - tor_asprintf(&content, "%ld", (long)timestamp); - write_str_to_file(fname, content, 0); - tor_free(content); - tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL)); - - /* Test Torflow file with timestamp followed by '\n' */ - tor_asprintf(&content, "%ld\n", (long)timestamp); - write_str_to_file(fname, content, 0); - tor_free(content); - tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL)); - - /* Test Torflow complete file*/ - const char *torflow_relay_line
[tor-commits] [tor/master] Merge branch 'bug26924_032' into bug26924
commit d01602bebb6d068fcc3d37197e25134ded45d24f Merge: 9ae359754 859d5a737 Author: teor Date: Wed Jul 25 14:50:45 2018 +1000 Merge branch 'bug26924_032' into bug26924 Update rendcommon.h include path. changes/bug26924| 4 changes/bug26927| 4 src/core/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --cc src/core/or/connection_or.c index 159ee9626,0..4fc77fde0 mode 100644,00..100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@@ -1,2996 -1,0 +1,3000 @@@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file connection_or.c + * \brief Functions to handle OR connections, TLS handshaking, and + * cells on the network. + * + * An or_connection_t is a subtype of connection_t (as implemented in + * connection.c) that uses a TLS connection to send and receive cells on the + * Tor network. (By sending and receiving cells connection_or.c, it cooperates + * with channeltls.c to implement a the channel interface of channel.c.) + * + * Every OR connection has an underlying tortls_t object (as implemented in + * tortls.c) which it uses as its TLS stream. It is responsible for + * sending and receiving cells over that TLS. + * + * This module also implements the client side of the v3 Tor link handshake, + **/ +#include "core/or/or.h" +#include "feature/client/bridges.h" +#include "lib/container/buffers.h" +/* + * Define this so we get channel internal functions, since we're implementing + * part of a subclass (channel_tls_t). + */ +#define TOR_CHANNEL_INTERNAL_ +#define CONNECTION_OR_PRIVATE +#include "core/or/channel.h" +#include "core/or/channeltls.h" +#include "core/or/circuitbuild.h" +#include "core/or/circuitlist.h" +#include "core/or/circuitstats.h" +#include "core/or/command.h" +#include "app/config/config.h" +#include "core/mainloop/connection.h" +#include "core/or/connection_or.h" +#include "feature/control/control.h" +#include "lib/crypt_ops/crypto_rand.h" +#include "lib/crypt_ops/crypto_util.h" +#include "feature/dircache/dirserv.h" +#include "feature/client/entrynodes.h" +#include "feature/stats/geoip.h" +#include "core/mainloop/main.h" +#include "trunnel/link_handshake.h" +#include "feature/nodelist/microdesc.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/nodelist/nodelist.h" +#include "core/proto/proto_cell.h" +#include "core/or/reasons.h" +#include "core/or/relay.h" ++#include "feature/rend/rendcommon.h" +#include "feature/stats/rephist.h" +#include "feature/relay/router.h" +#include "feature/relay/routerkeys.h" +#include "feature/nodelist/routerlist.h" +#include "feature/relay/ext_orport.h" +#include "core/or/scheduler.h" +#include "feature/nodelist/torcert.h" +#include "core/or/channelpadding.h" + +#include "core/or/cell_st.h" +#include "core/or/cell_queue_st.h" +#include "core/or/or_connection_st.h" +#include "core/or/or_handshake_certs_st.h" +#include "core/or/or_handshake_state_st.h" +#include "app/config/or_state_st.h" +#include "feature/nodelist/routerinfo_st.h" +#include "core/or/var_cell_st.h" +#include "lib/crypt_ops/crypto_format.h" + +#include "lib/tls/tortls.h" + +static int connection_tls_finish_handshake(or_connection_t *conn); +static int connection_or_launch_v3_or_handshake(or_connection_t *conn); +static int connection_or_process_cells_from_inbuf(or_connection_t *conn); +static int connection_or_check_valid_tls_handshake(or_connection_t *conn, + int started_here, + char *digest_rcvd_out); + +static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn); + +static unsigned int +connection_or_is_bad_for_new_circs(or_connection_t *or_conn); +static void connection_or_mark_bad_for_new_circs(or_connection_t *or_conn); + +/* + * Call this when changing connection state, so notifications to the owning + * channel can be handled. + */ + +static void connection_or_change_state(or_connection_t *conn, uint8_t state); + +static void connection_or_check_canonicity(or_connection_t *conn, + int started_here); + +/**/ + +/** Convert a connection_t* to an or_connection_t*; assert if the cast is + * invalid. */ +or_connection_t * +TO_OR_CONN(connection_t *c) +{ + tor_assert(c->magic == OR_CONNECTION_MAGIC); + return DOWNCAST(or_connection_t, c); +} + +/** Global map between Extended ORPort identifiers and OR + * connections. */ +static digestmap_t *orconn_ext_or_id_map = NULL; + +/** Clear clear conn->identity_digest
[tor-commits] [tor/maint-0.3.4] Merge branch 'maint-0.3.3' into maint-0.3.4
commit 7d66ec0feba7aa7cfbaeb8c3af2df35cdcd536f1 Merge: d102e9c2e a159eaf45 Author: Nick Mathewson Date: Mon Jul 30 08:45:01 2018 -0400 Merge branch 'maint-0.3.3' into maint-0.3.4 changes/bug26924 | 4 changes/bug26927 | 4 src/or/connection_or.c | 14 +- 3 files changed, 17 insertions(+), 5 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add bw_file_headers to networkstatus_t
commit 106eb08d276144972a573b0480c0189eabc8fafc Author: juga0 Date: Fri Jun 29 13:43:38 2018 + Add bw_file_headers to networkstatus_t --- src/feature/nodelist/networkstatus_st.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/feature/nodelist/networkstatus_st.h b/src/feature/nodelist/networkstatus_st.h index 46b0f53c0..2bb0e3ae3 100644 --- a/src/feature/nodelist/networkstatus_st.h +++ b/src/feature/nodelist/networkstatus_st.h @@ -96,6 +96,9 @@ struct networkstatus_t { /** Contains the shared random protocol data from a vote or consensus. */ networkstatus_sr_info_t sr_info; + + /** List of key=value strings from the headers of the bandwidth list file */ + smartlist_t *bw_file_headers; }; #endif ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits