April 2014 - tor-commits - lists.torproject.org

[obfsproxy/master] Make sure that AES-CTR counter of obfs{2, 3} won't overflow.
by asn＠torproject.org 26 Apr '14

26 Apr '14

commit 7b562f53fb02f930b3c43f1571a90f6634df0664 Author: George Kadianakis <desnacked(a)riseup.net> Date: Sat Apr 26 19:14:51 2014 +0100 Make sure that AES-CTR counter of obfs{2,3} won't overflow. --- ChangeLog | 4 ++++ obfsproxy/common/aes.py | 11 ++++++++--- obfsproxy/transports/obfs2.py | 6 ++++-- obfsproxy/transports/obfs3.py | 3 ++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6cf2400..8c2e76c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Changes in version 0.2.9 - UNRELEASED: explicitly picks python2. Makes obfsproxy work in platforms like Linux Arch where python3 is the default. Fixes part of #11190. Patch by Yawning Angel. + - The AES-CTR counter of obfs2 and obfs3 now wraps around to 0. + Since, the counter value was derived from the protocol, there + was an unlikely chance that PyCrypto would raise an OverflowError + exception. Spotted by Yawning Angel. Fixes #11611. Changes in version 0.2.8 - 2014-03-28: diff --git a/obfsproxy/common/aes.py b/obfsproxy/common/aes.py index 3f29346..777fad0 100644 --- a/obfsproxy/common/aes.py +++ b/obfsproxy/common/aes.py @@ -9,13 +9,18 @@ from Crypto.Util import Counter class AES_CTR_128(object): """An AES-CTR-128 PyCrypto wrapper.""" - def __init__(self, key, iv): - """Initialize AES with the given key and IV.""" + def __init__(self, key, iv, counter_wraparound=False): + """Initialize AES with the given key and IV. + + If counter_wraparound is set to True, the AES-CTR counter will + wraparound to 0 when it overflows. + """ assert(len(key) == 16) assert(len(iv) == 16) - self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16)) + self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16), + allow_wraparound=counter_wraparound) self.cipher = AES.new(key, AES.MODE_CTR, counter=self.ctr) def crypt(self, data): diff --git a/obfsproxy/transports/obfs2.py b/obfsproxy/transports/obfs2.py index f8ba7c9..23a60d4 100644 --- a/obfsproxy/transports/obfs2.py +++ b/obfsproxy/transports/obfs2.py @@ -257,7 +257,8 @@ class Obfs2Transport(base.BaseTransport): secret = self.mac(pad_string, self.initiator_seed + self.responder_seed, self.shared_secret) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) def _derive_padding_crypto(self, seed, pad_string): # XXX consider secret_seed """ @@ -266,7 +267,8 @@ class Obfs2Transport(base.BaseTransport): secret = self.mac(pad_string, seed, self.shared_secret) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) def mac(self, s, x, secret): """ diff --git a/obfsproxy/transports/obfs3.py b/obfsproxy/transports/obfs3.py index 6a4df6b..ba45da1 100644 --- a/obfsproxy/transports/obfs3.py +++ b/obfsproxy/transports/obfs3.py @@ -221,7 +221,8 @@ class Obfs3Transport(base.BaseTransport): Derive and return an obfs3 key using the pad string in 'pad_string'. """ secret = hmac_sha256.hmac_sha256_digest(self.shared_secret, pad_string) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) class Obfs3Client(Obfs3Transport):

1 0

[tor-browser-bundle/master] Bump HTTPS-Everywhere version to 3.5.1.
by gk＠torproject.org 26 Apr '14

26 Apr '14

commit 13e785546c9197c1b8698a42e3e4c1909824545f Author: Georg Koppen <gk(a)torproject.org> Date: Sat Apr 26 14:05:19 2014 +0000 Bump HTTPS-Everywhere version to 3.5.1. --- Bundle-Data/Docs/ChangeLog.txt | 2 +- gitian/versions | 2 +- gitian/versions.alpha | 2 +- gitian/versions.beta | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 28e1ba2..52610c4 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -7,7 +7,7 @@ Tor Browser Bundle 3.6 -- Apr 29 2014 * Update Torbutton to 1.6.9.0 * Bug 7439: Improve download warning dialog text. * Bug 11384: Completely remove hidden toggle menu item. - * Update HTTPS-Everywhere to 3.5 + * Update HTTPS-Everywhere to 3.5.1 * Update NoScript to 2.6.8.20 * Update obfs3 transport to 0.2.8 * Update fte transport to 0.2.13 diff --git a/gitian/versions b/gitian/versions index c699242..81ec1e8 100755 --- a/gitian/versions +++ b/gitian/versions @@ -9,7 +9,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.4.4 TORBUTTON_TAG=1.6.7.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.alpha b/gitian/versions.alpha index cb0551c..4ede6e6 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.5.3-alpha TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.beta b/gitian/versions.beta index 91c4a2c..2560de3 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable

1 0

[meek/master] Add missing semicolon.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit baef666e1681b1d3129582cab9ac60692e1ee4c0 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:12:58 2014 -0700 Add missing semicolon. Found by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index 3db395c..d1283e7 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -54,7 +54,7 @@ MeekHTTPHelper.prototype = { // nsIObserver implementation. observe: function(subject, topic, data) { if (topic !== "profile-after-change") - return + return; try { // https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIServe…

1 0

[meek/master] More rigidly follow the camelcase convention.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit eab44b4fbaf3aabc7077a06d92ee02ce61b57932 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:40:49 2014 -0700 More rigidly follow the camelcase convention. Suggested by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index d8b40f4..b07ed84 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -122,14 +122,14 @@ MeekHTTPHelper.lookupStatus = function(status) { // happens within callbacks. MeekHTTPHelper.LocalConnectionHandler = function(transport) { this.transport = transport; - this.requestreader = null; + this.requestReader = null; this.channel = null; this.listener = null; this.readRequest(this.makeRequest.bind(this)); }; MeekHTTPHelper.LocalConnectionHandler.prototype = { readRequest: function(callback) { - this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, callback); + this.requestReader = new MeekHTTPHelper.RequestReader(this.transport, callback); }, makeRequest: function(req) {

1 0

[meek/master] Actually use the callback arg.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit f0083e5e5b9b4d05bb9da8f7180b53c7758aaba2 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:13:27 2014 -0700 Actually use the callback arg. Previously it was hardcoded to the same value that happened to be passed as an argument, so it worked the same but was confusing. Found by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index d1283e7..d8b40f4 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -129,7 +129,7 @@ MeekHTTPHelper.LocalConnectionHandler = function(transport) { }; MeekHTTPHelper.LocalConnectionHandler.prototype = { readRequest: function(callback) { - this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, this.makeRequest.bind(this)); + this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, callback); }, makeRequest: function(req) {

1 0

[tor/master] Bump version to 0.2.5.4-alpha-dev
by nickm＠torproject.org 26 Apr '14

26 Apr '14

commit 3a3ed2abb225f5534d1931e5549c6acb638d3de7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Apr 25 23:38:12 2014 -0400 Bump version to 0.2.5.4-alpha-dev --- configure.ac | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 30feda6..edfe2f8 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.5.4-alpha]) +AC_INIT([tor],[0.2.5.4-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 1d9274a..0e1594d 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.5.4-alpha" +!define VERSION "0.2.5.4-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index c865d56..7b5877c 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -241,7 +241,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.5.4-alpha" +#define VERSION "0.2.5.4-alpha-dev"

1 0

[meek/master] Update comment that claimed we listen on a fixed port.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit feb40572ec394664569e28176542bf13fb9de226 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 20:35:37 2014 -0700 Update comment that claimed we listen on a fixed port. That used to be the case but no longer. Noticed by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index 2890b37..3db395c 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -1,10 +1,11 @@ // This is an extension that allows external programs to make HTTP requests // using the browser's networking libraries. // -// The extension opens a TCP socket listening on localhost (port 7000). When it -// receives a connection, it reads a 4-byte big-endian length field, then tries -// to read that many bytes of data. The data is UTF-8–encoded JSON, having the -// format +// The extension opens a TCP socket listening on localhost on an ephemeral port. +// It writes the port number in a recognizable format to stdout so that a parent +// process can read it and connect. When the extension receives a connection, it +// reads a 4-byte big-endian length field, then tries to read that many bytes of +// data. The data is UTF-8–encoded JSON, having the format // { // "method": "POST", // "url": "https://www.google.com/",

1 0

r26740: {website} ready for new tarball if only we could push the website (in website/trunk: . include)
by Roger Dingledine 26 Apr '14

26 Apr '14

Author: arma Date: 2014-04-26 03:25:40 +0000 (Sat, 26 Apr 2014) New Revision: 26740 Modified: website/trunk/Makefile website/trunk/include/versions.wmi Log: ready for new tarball if only we could push the website Modified: website/trunk/Makefile =================================================================== --- website/trunk/Makefile 2014-04-26 02:26:35 UTC (rev 26739) +++ website/trunk/Makefile 2014-04-26 03:25:40 UTC (rev 26740) @@ -11,7 +11,7 @@ # 5. ./publish export STABLETAG=tor-0.2.4.21 -export DEVTAG=tor-0.2.5.3-alpha +export DEVTAG=tor-0.2.5.4-alpha WMLBASE=. SUBDIRS=docs eff projects press about download getinvolved donate docs/torbutton Modified: website/trunk/include/versions.wmi =================================================================== --- website/trunk/include/versions.wmi 2014-04-26 02:26:35 UTC (rev 26739) +++ website/trunk/include/versions.wmi 2014-04-26 03:25:40 UTC (rev 26740) @@ -1,5 +1,5 @@ <define-tag version-stable whitespace=delete>0.2.4.21</define-tag> -<define-tag version-alpha whitespace=delete>0.2.5.3-alpha</define-tag> +<define-tag version-alpha whitespace=delete>0.2.5.4-alpha</define-tag> <define-tag version-win32-stable whitespace=delete>0.2.4.21</define-tag> <define-tag version-win32-alpha whitespace=delete>0.2.4.21</define-tag>

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 26 Apr '14

26 Apr '14

commit 1861bbf5d758c6091d13b52bc6c0ec3eeb388558 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Apr 26 02:45:37 2014 +0000 Update translations for tails-misc --- zh_HK.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_HK.po b/zh_HK.po index 78e104c..a0992a7 100644 --- a/zh_HK.po +++ b/zh_HK.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-03-23 08:55+0100\n" -"PO-Revision-Date: 2014-04-26 02:10+0000\n" +"PO-Revision-Date: 2014-04-26 02:20+0000\n" "Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" "Language-Team: Chinese (Hong Kong) (http://www.transifex.com/projects/p/torproject/language/zh_HK/)\n" "MIME-Version: 1.0\n"

1 0

[translation/tails-persistence-setup] Update translations for tails-persistence-setup
by translation＠torproject.org 26 Apr '14

26 Apr '14

commit d1ada7273cf83c159b173699dcfa83287010fcfb Author: Translation commit bot <translation(a)torproject.org> Date: Sat Apr 26 02:45:19 2014 +0000 Update translations for tails-persistence-setup --- zh_HK/zh_HK.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_HK/zh_HK.po b/zh_HK/zh_HK.po index 8e07903..f71e4a5 100644 --- a/zh_HK/zh_HK.po +++ b/zh_HK/zh_HK.po @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers <tails(a)boum.org>\n" "POT-Creation-Date: 2014-04-16 21:26+0200\n" -"PO-Revision-Date: 2014-04-26 02:10+0000\n" +"PO-Revision-Date: 2014-04-26 02:20+0000\n" "Last-Translator: ronnietse <tseronnie(a)ymail.com>\n" "Language-Team: Chinese (Hong Kong) (http://www.transifex.com/projects/p/torproject/language/zh_HK/)\n" "MIME-Version: 1.0\n"

1 0