April 2015 - tor-commits - lists.torproject.org

[tor/master] Fix another signed/unsigned comparison bug
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit f1204e0c029b40d11360da57045ad9ae51264744 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 23 09:21:44 2015 -0400 Fix another signed/unsigned comparison bug --- src/or/or.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/or.h b/src/or/or.h index 4fd6d1d..2f6890a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4869,7 +4869,7 @@ typedef struct rend_intro_point_t { * will accept. This is a random value between * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */ - unsigned int max_introductions; + int max_introductions; /** (Service side only) The time at which this intro point was first * published, or -1 if this intro point has not yet been

1 0

[tor/master] Use a random count of INTRODUCE2 for IP rotation
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit 6f6881c4324f35d44b997591939de7e847cca7a3 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Apr 20 15:51:06 2015 -0400 Use a random count of INTRODUCE2 for IP rotation An introduction point is currently rotated when the amount of INTRODUCE2 cells reached a fixed value of 16384. This makes it pretty easy for an attacker to inflate that number and observe when the IP rotates which leaks the popularity of the HS (amount of client that passed through the IP). This commit makes it a random count between the current value of 16384 and two times that. Fixes #15745 Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- changes/bug15745 | 7 +++++++ src/or/or.h | 19 +++++++++++++------ src/or/rendservice.c | 17 +++++++++++------ 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/changes/bug15745 b/changes/bug15745 new file mode 100644 index 0000000..6e4bfa4 --- /dev/null +++ b/changes/bug15745 @@ -0,0 +1,7 @@ + o Minor feature (HS popularity countermeasure): + - To avoid leaking HS popularity, don't cycle the introduction point + when we've handled a fixed number of INTRODUCE2 cells but instead + cycle it when a random value of introductions is reached thus making + it more difficult for an attacker to find out the amount of clients + that has passed through the introduction point for a specific HS. + Closes ticket 15745. diff --git a/src/or/or.h b/src/or/or.h index d548aea..4fd6d1d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4805,12 +4805,13 @@ typedef struct rend_encoded_v2_service_descriptor_t { * introduction point. See also rend_intro_point_t.unreachable_count. */ #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5 -/** The maximum number of distinct INTRODUCE2 cells which a hidden - * service's introduction point will receive before it begins to - * expire. - * - * XXX023 Is this number at all sane? */ -#define INTRO_POINT_LIFETIME_INTRODUCTIONS 16384 +/** The minimum and maximum number of distinct INTRODUCE2 cells which a + * hidden service's introduction point will receive before it begins to + * expire. */ +#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384 +/* Double the minimum value so the interval is [min, min * 2]. */ +#define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \ + (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2) /** The minimum number of seconds that an introduction point will last * before expiring due to old age. (If it receives @@ -4864,6 +4865,12 @@ typedef struct rend_intro_point_t { */ int accepted_introduce2_count; + /** (Service side only) Number of maximum INTRODUCE2 cells that this IP + * will accept. This is a random value between + * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and + * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */ + unsigned int max_introductions; + /** (Service side only) The time at which this intro point was first * published, or -1 if this intro point has not yet been * published. */ diff --git a/src/or/rendservice.c b/src/or/rendservice.c index c1c0c46..cf0352c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1158,16 +1158,17 @@ rend_service_note_removing_intro_point(rend_service_t *service, /* This intro point was never used. Don't change * n_intro_points_wanted. */ } else { + /* We want to increase the number of introduction points service * operates if intro was heavily used, or decrease the number of * intro points if intro was lightly used. * * We consider an intro point's target 'usage' to be - * INTRO_POINT_LIFETIME_INTRODUCTIONS introductions in + * maximum of INTRODUCE2 cells divided by * INTRO_POINT_LIFETIME_MIN_SECONDS seconds. To calculate intro's - * fraction of target usage, we divide the fraction of - * _LIFETIME_INTRODUCTIONS introductions that it has handled by - * the fraction of _LIFETIME_MIN_SECONDS for which it existed. + * fraction of target usage, we divide the amount of INTRODUCE2 cells + * that it has handled by the fraction of _LIFETIME_MIN_SECONDS for + * which it existed. * * Then we multiply that fraction of desired usage by a fudge * factor of 1.5, to decide how many new introduction points @@ -1189,7 +1190,7 @@ rend_service_note_removing_intro_point(rend_service_t *service, intro_point_accepted_intro_count(intro) / (double)(now - intro->time_published); const double intro_point_target_usage = - INTRO_POINT_LIFETIME_INTRODUCTIONS / + intro->max_introductions / (double)INTRO_POINT_LIFETIME_MIN_SECONDS; const double fractional_n_intro_points_wanted_to_replace_this_one = (1.5 * (intro_point_usage / intro_point_target_usage)); @@ -3123,7 +3124,7 @@ intro_point_should_expire_now(rend_intro_point_t *intro, } if (intro_point_accepted_intro_count(intro) >= - INTRO_POINT_LIFETIME_INTRODUCTIONS) { + intro->max_introductions) { /* This intro point has been used too many times. Expire it now. */ return 1; } @@ -3335,6 +3336,10 @@ rend_services_introduce(void) intro->time_published = -1; intro->time_to_expire = -1; intro->time_expiring = -1; + intro->max_introductions = + INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS + + crypto_rand_int(INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS - + INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS); smartlist_add(service->intro_nodes, intro); log_info(LD_REND, "Picked router %s as an intro point for %s.", safe_str_client(node_describe(node)),

1 0

[tor/master] Add crypto_rand_int_range() and use it
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit 3f413184728c1d7b441b8e54585c43220665218c Author: David Goulet <dgoulet(a)ev0ke.net> Date: Tue Apr 21 10:17:12 2015 -0400 Add crypto_rand_int_range() and use it Incidently, this fixes a bug where the maximum value was never used when only using crypto_rand_int(). For instance this example below in rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS. int intro_point_lifetime_seconds = INTRO_POINT_LIFETIME_MIN_SECONDS + crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS - INTRO_POINT_LIFETIME_MIN_SECONDS); Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/crypto.c | 21 ++++++++++++++++++++- src/common/crypto.h | 1 + src/common/tortls.c | 3 ++- src/or/entrynodes.c | 6 ++++-- src/or/main.c | 2 +- src/or/rendservice.c | 10 ++++------ src/or/router.c | 4 +++- 7 files changed, 35 insertions(+), 12 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index f05be2e..1c4eda9 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2317,6 +2317,25 @@ crypto_rand_int(unsigned int max) } } +/** Return a pseudorandom integer, chosen uniformly from the values between + * min and max inclusive. + * + * min MUST be between 0 and max - 1. + * max MUST be bigger than min and <= to INT_MAX. + */ +int +crypto_rand_int_range(unsigned int min, unsigned int max) +{ + tor_assert(min <= max); + tor_assert(max <= INT_MAX); + + /* The overflow is avoided here because crypto_rand_int() returns a value + * between 0 and (max - min - 1) with max being <= INT_MAX and min <= max. + * This is why we add 1 to the maximum value so we can actually get max as + * a return value. */ + return min + crypto_rand_int(max - min + 1); +} + /** Return a pseudorandom 64-bit integer, chosen uniformly from the values * between 0 and max-1. */ uint64_t @@ -2379,7 +2398,7 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, if (min_rand_len > max_rand_len) min_rand_len = max_rand_len; - randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1); + randlen = crypto_rand_int_range(min_rand_len, max_rand_len); prefixlen = strlen(prefix); resultlen = prefixlen + strlen(suffix) + randlen + 16; diff --git a/src/common/crypto.h b/src/common/crypto.h index b9c26a4..3de3c7e 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -254,6 +254,7 @@ int crypto_seed_rng(int startup); MOCK_DECL(int,crypto_rand,(char *to, size_t n)); int crypto_strongest_rand(uint8_t *out, size_t out_len); int crypto_rand_int(unsigned int max); +int crypto_rand_int_range(unsigned int min, unsigned int max); uint64_t crypto_rand_uint64(uint64_t max); double crypto_rand_double(void); struct tor_weak_rng_t; diff --git a/src/common/tortls.c b/src/common/tortls.c index 32106eb..7809c1a 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -659,7 +659,8 @@ tor_tls_create_certificate(crypto_pk_t *rsa, * than having it start right now. Don't choose quite uniformly, since * then we might pick a time where we're about to expire. Lastly, be * sure to start on a day boundary. */ - start_time = time(NULL) - crypto_rand_int(cert_lifetime) + 2*24*3600; + time_t now = time(NULL); + start_time = crypto_rand_int_range(now - cert_lifetime, now) + 2*24*3600; start_time -= start_time % (24*3600); tor_assert(rsa); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9663f34..9f07d5a 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -440,7 +440,8 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, * don't all select them on the same day, and b) avoid leaving a * precise timestamp in the state file about when we first picked * this guard. For details, see the Jan 2010 or-dev thread. */ - entry->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30); + time_t now = time(NULL); + entry->chosen_on_date = crypto_rand_int_range(now - 3600*24*30, now); entry->chosen_by_version = tor_strdup(VERSION); /* Are we picking this guard because all of our current guards are @@ -1439,8 +1440,9 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg) } } else { if (state_version) { + time_t now = time(NULL); + e->chosen_on_date = crypto_rand_int_range(now - 3600*24*30, now); e->chosen_by_version = tor_strdup(state_version); - e->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30); } } if (e->path_bias_disabled && !e->bad_since) diff --git a/src/or/main.c b/src/or/main.c index 39c0f5c..b9009db 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1623,7 +1623,7 @@ run_scheduled_events(time_t now) time_to.check_for_correct_dns < now && ! router_my_exit_policy_is_reject_star()) { if (!time_to.check_for_correct_dns) { - time_to.check_for_correct_dns = now + 60 + crypto_rand_int(120); + time_to.check_for_correct_dns = crypto_rand_int_range(now, now + 120) + 60; } else { dns_launch_correctness_checks(); time_to.check_for_correct_dns = now + 12*3600 + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index cf0352c..4b2331f 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -3133,9 +3133,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro, /* This intro point has been published, but we haven't picked an * expiration time for it. Pick one now. */ int intro_point_lifetime_seconds = - INTRO_POINT_LIFETIME_MIN_SECONDS + - crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS - - INTRO_POINT_LIFETIME_MIN_SECONDS); + crypto_rand_int_range(INTRO_POINT_LIFETIME_MIN_SECONDS, + INTRO_POINT_LIFETIME_MAX_SECONDS); /* Start the expiration timer now, rather than when the intro * point was first published. There shouldn't be much of a time @@ -3337,9 +3336,8 @@ rend_services_introduce(void) intro->time_to_expire = -1; intro->time_expiring = -1; intro->max_introductions = - INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS + - crypto_rand_int(INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS - - INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS); + crypto_rand_int_range(INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS, + INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS); smartlist_add(service->intro_nodes, intro); log_info(LD_REND, "Picked router %s as an intro point for %s.", safe_str_client(node_describe(node)), diff --git a/src/or/router.c b/src/or/router.c index b8bfd3c..afe533f 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -683,7 +683,9 @@ router_initialize_tls_context(void) if (!lifetime) { /* we should guess a good ssl cert lifetime */ /* choose between 5 and 365 days, and round to the day */ - lifetime = 5*24*3600 + crypto_rand_int(361*24*3600); + unsigned int five_days = 5*24*3600; + unsigned int one_year = 365*24*3600; + lifetime = crypto_rand_int_range(five_days, one_year); lifetime -= lifetime % (24*3600); if (crypto_rand_int(2)) {

1 0

[tor/master] Make the crypto_rand_int_range return value right-exclusive.
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit 6bf31543dcda169aa1840fd7e0a0e0ff8a5f9640 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 21 11:30:21 2015 -0400 Make the crypto_rand_int_range return value right-exclusive. --- src/common/crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 1c4eda9..24706cc 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2317,23 +2317,23 @@ crypto_rand_int(unsigned int max) } } -/** Return a pseudorandom integer, chosen uniformly from the values between - * min and max inclusive. +/** Return a pseudorandom integer, chosen uniformly from the values i + * such that min <= i &lt max. * - * min MUST be between 0 and max - 1. - * max MUST be bigger than min and <= to INT_MAX. + * min MUST be in range [0, max). + * max MUST be in range (min, INT_MAX]. */ int crypto_rand_int_range(unsigned int min, unsigned int max) { - tor_assert(min <= max); + tor_assert(min < max); tor_assert(max <= INT_MAX); /* The overflow is avoided here because crypto_rand_int() returns a value * between 0 and (max - min - 1) with max being <= INT_MAX and min <= max. * This is why we add 1 to the maximum value so we can actually get max as * a return value. */ - return min + crypto_rand_int(max - min + 1); + return min + crypto_rand_int(max - min); } /** Return a pseudorandom 64-bit integer, chosen uniformly from the values @@ -2398,7 +2398,7 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, if (min_rand_len > max_rand_len) min_rand_len = max_rand_len; - randlen = crypto_rand_int_range(min_rand_len, max_rand_len); + randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1); prefixlen = strlen(prefix); resultlen = prefixlen + strlen(suffix) + randlen + 16;

1 0

[tor/master] Add test for random-int-in-range
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit e48ad353a31f3ee376f7914563d960916ad6aecd Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 21 11:41:31 2015 -0400 Add test for random-int-in-range --- src/test/test_crypto.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index e9fb8bf..9158390 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -105,6 +105,30 @@ test_crypto_rng(void *arg) ; } +static void +test_crypto_rng_range(void *arg) +{ + int got_smallest = 0, got_largest = 0; + int i; + + (void)arg; + for (i = 0; i < 1000; ++i) { + int x = crypto_rand_int_range(5,9); + tt_int_op(x, OP_GE, 5); + tt_int_op(x, OP_LT, 9); + if (x == 5) + got_smallest = 1; + if (x == 8) + got_largest = 1; + } + + /* These fail with probability 1/10^603. */ + tt_assert(got_smallest); + tt_assert(got_largest); + done: + ; +} + /** Run unit tests for our AES functionality */ static void test_crypto_aes(void *arg) @@ -1605,6 +1629,7 @@ test_crypto_siphash(void *arg) struct testcase_t crypto_tests[] = { CRYPTO_LEGACY(formats), CRYPTO_LEGACY(rng), + { "rng_range", test_crypto_rng_range, 0, NULL, NULL }, { "aes_AES", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"aes" }, { "aes_EVP", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"evp" }, CRYPTO_LEGACY(sha),

1 0

[tor/master] Merge remote-tracking branch 'public/bug15745_027_03'
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit 647b7d37c2b3de4a837d0a4bf810c0132624c15d Merge: 3acee61 e48ad35 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 23 09:10:35 2015 -0400 Merge remote-tracking branch 'public/bug15745_027_03' changes/bug15745 | 7 +++++++ src/common/crypto.c | 21 ++++++++++++++++++++- src/common/crypto.h | 1 + src/common/tortls.c | 3 ++- src/or/entrynodes.c | 6 ++++-- src/or/main.c | 2 +- src/or/or.h | 19 +++++++++++++------ src/or/rendservice.c | 21 ++++++++++++--------- src/or/router.c | 4 +++- src/test/test_crypto.c | 25 +++++++++++++++++++++++++ 10 files changed, 88 insertions(+), 21 deletions(-)

1 0

[translation/torcheck] Update translations for torcheck
by translation＠torproject.org 23 Apr '15

23 Apr '15

commit 762191f92247f474a5456bdc72bb7f5629e765ef Author: Translation commit bot <translation(a)torproject.org> Date: Thu Apr 23 13:15:11 2015 +0000 Update translations for torcheck --- hr/torcheck.po | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hr/torcheck.po b/hr/torcheck.po index 6fba7ed..37cfeeb 100644 --- a/hr/torcheck.po +++ b/hr/torcheck.po @@ -4,12 +4,13 @@ # Translators: # cisterna, 2012 # nvucinic <nvucinic(a)nestabilni.com>, 2012 +# 0Ensó0 <zelena990(a)gmail.com>, 2015 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2015-02-14 08:38+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"PO-Revision-Date: 2015-04-23 13:14+0000\n" +"Last-Translator: 0Ensó0 <zelena990(a)gmail.com>\n" "Language-Team: Croatian (http://www.transifex.com/projects/p/torproject/language/hr/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -19,7 +20,7 @@ msgstr "" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" msgid "Congratulations. This browser is configured to use Tor." -msgstr "" +msgstr "Čestitam. ovaj internet preglednik je konfiguriran da upotrebljava Tor." msgid "" "Please refer to the <a href=\"https://www.torproject.org/\">Tor website</a> " @@ -57,7 +58,7 @@ msgid "Your IP address appears to be: " msgstr "Vaša IP adresa je:" msgid "Are you using Tor?" -msgstr "" +msgstr "Koristite li Tor?" msgid "This page is also available in the following languages:" msgstr ""

1 0

[translation/bridgedb_completed] Update translations for bridgedb_completed
by translation＠torproject.org 23 Apr '15

23 Apr '15

commit 3e4a4065d93bf59f9fd7b494775a2725eb6f89fc Author: Translation commit bot <translation(a)torproject.org> Date: Thu Apr 23 13:15:06 2015 +0000 Update translations for bridgedb_completed --- sq/LC_MESSAGES/bridgedb.po | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/sq/LC_MESSAGES/bridgedb.po b/sq/LC_MESSAGES/bridgedb.po index 8bb85b4..707290d 100644 --- a/sq/LC_MESSAGES/bridgedb.po +++ b/sq/LC_MESSAGES/bridgedb.po @@ -7,9 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" -"Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" -"POT-Creation-Date: 2015-02-03 03:24+0000\n" -"PO-Revision-Date: 2015-02-23 22:51+0000\n" +"Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'POT-Creation-Date: 2015-03-19 22:13+0000\n" +"PO-Revision-Date: 2015-04-23 13:09+0000\n" "Last-Translator: Bujar Tafili\n" "Language-Team: Albanian (http://www.transifex.com/projects/p/torproject/language/sq/)\n" "MIME-Version: 1.0\n" @@ -30,7 +29,7 @@ msgstr "" #. "fteproxy" #. "Tor" #. "Tor Browser" -#: lib/bridgedb/HTTPServer.py:122 +#: lib/bridgedb/HTTPServer.py:107 msgid "Sorry! Something went wrong with your request." msgstr "Kërkojmë ndjesë! Diçka shkoi keq me kërkesën tuaj." @@ -201,26 +200,27 @@ msgstr "Si të nisni t'i përdorni urat tuaja" #: lib/bridgedb/strings.py:121 #, python-format msgid "" -"To enter bridges into Tor Browser, follow the instructions on the %s Tor\n" -"Browser download page %s to start Tor Browser." -msgstr "Për t'i futur urat në Tor Browser, ndiqini instruksionet në %s faqen e shkarkimit të Tor\nBrowser %s, që ta nisni Tor Browser." +"To enter bridges into Tor Browser, first go to the %s Tor Browser download\n" +"page %s and then follow the instructions there for downloading and starting\n" +"Tor Browser." +msgstr "Për t'i futur urat në Tor Browser, së pari shkoni tek %s faqja e shkarkimit \ntë Tor Browser %s dhe më pas ndiqini instruksionet aty, që ta shkarkoni dhe nisni \nTor Browser." #. TRANSLATORS: Please DO NOT translate "Tor". -#: lib/bridgedb/strings.py:125 +#: lib/bridgedb/strings.py:126 msgid "" "When the 'Tor Network Settings' dialogue pops up, click 'Configure' and follow\n" "the wizard until it asks:" msgstr "Kur dialogu i \"Konfigurimit të Rrjetit Tor\" të kërcejë, klikoni \"Konfiguroni\" dhe ndiqni\nasistentin derisa ta kërkojë ai:" #. TRANSLATORS: Please DO NOT translate "Tor". -#: lib/bridgedb/strings.py:129 +#: lib/bridgedb/strings.py:130 msgid "" "Does your Internet Service Provider (ISP) block or otherwise censor connections\n" "to the Tor network?" msgstr "A i pengon apo i censuron Ofruesi juaj i Shërbimt Internet (ISP) lidhjet\ntek rrjeti Tor?" #. TRANSLATORS: Please DO NOT translate "Tor". -#: lib/bridgedb/strings.py:133 +#: lib/bridgedb/strings.py:134 msgid "" "Select 'Yes' and then click 'Next'. To configure your new bridges, copy and\n" "paste the bridge lines into the text input box. Finally, click 'Connect', and\n" @@ -228,29 +228,29 @@ msgid "" "button in the 'Tor Network Settings' wizard for further assistance." msgstr "Përzgjidhni \"Po\" dhe më pas klikoni \"Tjetri\". Që të konfiguroni urat tuaja të reja, kopjojini dhe\nngjitini linjat e urave në kutinë e futjes së tekstit. Më në fund, klikoni \"Lidhuni\", dhe\ndo të jeni gati për t'ia nisur! Nëse do të përjetoni probleme, përpiquni të klikoni butonin \"Ndihmë\" \ntek asistenti i \"Konfigurimit të Rrjetit Tor\", për më shumë mbështetje." -#: lib/bridgedb/strings.py:141 +#: lib/bridgedb/strings.py:142 msgid "Displays this message." msgstr "Shfaq këtë mesazh." #. TRANSLATORS: Please try to make it clear that "vanilla" here refers to the #. same non-Pluggable Transport bridges described above as being #. "plain-ol'-vanilla" bridges. -#: lib/bridgedb/strings.py:145 +#: lib/bridgedb/strings.py:146 msgid "Request vanilla bridges." msgstr "Kërkoni urat vanilje ose non-Pluggable Transport." -#: lib/bridgedb/strings.py:146 +#: lib/bridgedb/strings.py:147 msgid "Request IPv6 bridges." msgstr "Kërkoni urat IPv6." #. TRANSLATORS: Please DO NOT translate the word the word "TYPE". -#: lib/bridgedb/strings.py:148 +#: lib/bridgedb/strings.py:149 msgid "Request a Pluggable Transport by TYPE." msgstr "Kërkoni një Pluggable Transport nëpërmjet TYPE." #. TRANSLATORS: Please DO NOT translate "BridgeDB". #. TRANSLATORS: Please DO NOT translate "GnuPG". -#: lib/bridgedb/strings.py:151 +#: lib/bridgedb/strings.py:152 msgid "Get a copy of BridgeDB's public GnuPG key." msgstr "Merrni një kopje të kyçit publik GnuPG të BridgeDB."

1 0

[translation/bridgedb] Update translations for bridgedb
by translation＠torproject.org 23 Apr '15

23 Apr '15

commit d084b2d2579b8a9141e83a5ab20a5304f5a32b11 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Apr 23 13:15:03 2015 +0000 Update translations for bridgedb --- sq/LC_MESSAGES/bridgedb.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sq/LC_MESSAGES/bridgedb.po b/sq/LC_MESSAGES/bridgedb.po index 7eb4463..707290d 100644 --- a/sq/LC_MESSAGES/bridgedb.po +++ b/sq/LC_MESSAGES/bridgedb.po @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'POT-Creation-Date: 2015-03-19 22:13+0000\n" -"PO-Revision-Date: 2015-04-19 08:23+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"PO-Revision-Date: 2015-04-23 13:09+0000\n" +"Last-Translator: Bujar Tafili\n" "Language-Team: Albanian (http://www.transifex.com/projects/p/torproject/language/sq/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -203,7 +203,7 @@ msgid "" "To enter bridges into Tor Browser, first go to the %s Tor Browser download\n" "page %s and then follow the instructions there for downloading and starting\n" "Tor Browser." -msgstr "" +msgstr "Për t'i futur urat në Tor Browser, së pari shkoni tek %s faqja e shkarkimit \ntë Tor Browser %s dhe më pas ndiqini instruksionet aty, që ta shkarkoni dhe nisni \nTor Browser." #. TRANSLATORS: Please DO NOT translate "Tor". #: lib/bridgedb/strings.py:126

1 0

[tor/master] Remove `USE_OPENSSL_BASE64` and the associated code.
by nickm＠torproject.org 23 Apr '15

23 Apr '15

commit ba2485f7df51b2daafaff8567320c34a22731e8e Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Apr 10 09:12:47 2015 +0000 Remove `USE_OPENSSL_BASE64` and the associated code. The alternative has been available since 2007, there's no way to actually enable the ifdef, and it breaks on well formed but not OpenSSL style inputs. --- changes/feature15652 | 5 +++++ src/common/crypto.c | 47 ----------------------------------------------- 2 files changed, 5 insertions(+), 47 deletions(-) diff --git a/changes/feature15652 b/changes/feature15652 new file mode 100644 index 0000000..d11b76f --- /dev/null +++ b/changes/feature15652 @@ -0,0 +1,5 @@ + o Removed code: + - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and + always use the internal Base64 decoder. The internal decoder has been + part of tor since tor-0.2.0.10-alpha, and no one should be using the + OpenSSL one. Part of ticket 15652. diff --git a/src/common/crypto.c b/src/common/crypto.c index f05be2e..c7e015b 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2500,26 +2500,6 @@ static const uint8_t base64_decode_table[256] = { int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) { -#ifdef USE_OPENSSL_BASE64 - EVP_ENCODE_CTX ctx; - int len, ret; - /* 64 bytes of input -> *up to* 48 bytes of output. - Plus one more byte, in case I'm wrong. - */ - if (destlen < ((srclen/64)+1)*49) - return -1; - if (destlen > SIZE_T_CEILING) - return -1; - - memset(dest, 0, destlen); - - EVP_DecodeInit(&ctx); - EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len, - (unsigned char*)src, srclen); - EVP_DecodeFinal(&ctx, (unsigned char*)dest, &ret); - ret += len; - return ret; -#else const char *eos = src+srclen; uint32_t n=0; int n_idx=0; @@ -2590,7 +2570,6 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) tor_assert((dest-dest_orig) <= INT_MAX); return (int)(dest-dest_orig); -#endif } #undef X #undef SP @@ -2615,23 +2594,10 @@ digest_to_base64(char *d64, const char *digest) int digest_from_base64(char *digest, const char *d64) { -#ifdef USE_OPENSSL_BASE64 - char buf_in[BASE64_DIGEST_LEN+3]; - char buf[256]; - if (strlen(d64) != BASE64_DIGEST_LEN) - return -1; - memcpy(buf_in, d64, BASE64_DIGEST_LEN); - memcpy(buf_in+BASE64_DIGEST_LEN, "=\n\0", 3); - if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST_LEN) - return -1; - memcpy(digest, buf, DIGEST_LEN); - return 0; -#else if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN) return 0; else return -1; -#endif } /** Base64 encode DIGEST256_LINE bytes from digest, remove the @@ -2653,23 +2619,10 @@ digest256_to_base64(char *d64, const char *digest) int digest256_from_base64(char *digest, const char *d64) { -#ifdef USE_OPENSSL_BASE64 - char buf_in[BASE64_DIGEST256_LEN+3]; - char buf[256]; - if (strlen(d64) != BASE64_DIGEST256_LEN) - return -1; - memcpy(buf_in, d64, BASE64_DIGEST256_LEN); - memcpy(buf_in+BASE64_DIGEST256_LEN, "=\n\0", 3); - if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST256_LEN) - return -1; - memcpy(digest, buf, DIGEST256_LEN); - return 0; -#else if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN) return 0; else return -1; -#endif } /** Implements base32 encoding as in RFC 4648. Limitation: Requires

1 0