date:20151125

[tor-commits] [tor/master] Fix a logic error in connection_tls_continue_handshake().

2015-11-25 Thread nickm

commit dce708d11c4ec94ece2fd49b6b697df759f93ef1
Author: Nick Mathewson 
Date:   Wed Nov 25 09:12:50 2015 -0500

Fix a logic error in connection_tls_continue_handshake().

(If we take the branch above this assertion, than we *didn't* have a
v1 handshake.  So if we don't take the branch, we did.  So if we
reach this assertion, we must be running as a server, since clients
no longer attempt v1 handshakes.)

Fix for bug 17654; bugfix on 9d019a7db725dca3dfdbf8d4dbc3b51835e0b49e.

Bug not in any released Tor.
---
 src/or/connection_or.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 59dea37..08962bd 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1480,7 +1480,7 @@ connection_tls_continue_handshake(or_connection_t *conn)
   return 0;
 }
   }
-  tor_assert(!tor_tls_is_server(conn->tls));
+  tor_assert(tor_tls_is_server(conn->tls));
   return connection_tls_finish_handshake(conn);
 case TOR_TLS_WANTWRITE:
   connection_start_writing(TO_CONN(conn));



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug17654_try1'

2015-11-25 Thread nickm

commit 289b184e112885d4feb9569c77d322995b9417c7
Merge: 5dff4ae dce708d
Author: Nick Mathewson 
Date:   Wed Nov 25 12:25:44 2015 -0500

Merge branch 'bug17654_try1'

 src/or/connection_or.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Give the footer a bit more space

2015-11-25 Thread sebastian

commit 7debd7b84d01160fc48e675642372687f5b04f59
Author: Sebastian Hahn 
Date:   Wed Nov 25 16:50:50 2015 +0100

Give the footer a bit more space
---
 include/donatehead.wmi |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/donatehead.wmi b/include/donatehead.wmi
index d0c20a4..8d0b35c 100644
--- a/include/donatehead.wmi
+++ b/include/donatehead.wmi
@@ -48,7 +48,7 @@
 
 .donation{
 text-align: center;
-  padding-bottom: 60px;
+  padding-bottom: 65px;
 }
 
 h6{

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Provide a height for the page footer

2015-11-25 Thread sebastian

commit 0f0351daae4e0b4dadc1975d021d9ca318a22bbd
Author: Sebastian Hahn 
Date:   Wed Nov 25 17:27:26 2015 +0100

Provide a height for the page footer
---
 include/donatehead.wmi |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/donatehead.wmi b/include/donatehead.wmi
index 8d0b35c..54e866e 100644
--- a/include/donatehead.wmi
+++ b/include/donatehead.wmi
@@ -32,7 +32,7 @@
 }
 
 body {
-  margin-bottom: 60px;
+  margin-bottom: 65px;
 }
 
 .footer {
@@ -40,7 +40,7 @@
   bottom: 0;
   width: 100%;
   /* Set the height of the footer here */
-  height: auto;
+  height: 65px;
   padding-top: 10px;
   padding-bottom: 10px;
   background-color: #f5f5f5;

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug17686_v2_027'

2015-11-25 Thread nickm

commit e5754c42d124549b3fd8e8d7c11d4dde3b5acec1
Merge: c875265 943369f
Author: Nick Mathewson 
Date:   Wed Nov 25 22:33:49 2015 -0500

Merge branch 'bug17686_v2_027'

 changes/bug17686   |4 
 src/common/compat.h|2 ++
 src/common/crypto.c|   35 +--
 src/common/crypto.h|   11 ++-
 src/common/crypto_curve25519.c |3 +--
 src/common/tortls.c|3 +--
 src/or/config.c|3 +--
 src/or/connection_or.c |3 +--
 src/or/control.c   |3 +--
 src/or/ext_orport.c|3 +--
 src/or/main.c  |6 --
 src/or/onion_fast.c|8 ++--
 src/or/rendclient.c|6 +-
 src/or/rendcommon.c|   12 ++--
 src/test/bench.c   |5 -
 src/test/test_extorport.c  |5 ++---
 src/test/test_workqueue.c  |   10 --
 src/test/testing_common.c  |5 -
 18 files changed, 66 insertions(+), 61 deletions(-)

diff --cc src/or/main.c
index c9007b9,0f8d7ff..1469fd1
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -1607,37 -1371,43 +1607,39 @@@ rotate_x509_certificate_callback(time_
  
/* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
 * TLS context. */
 -  if (!time_to.last_rotated_x509_certificate)
 -time_to.last_rotated_x509_certificate = now;
 -  if (time_to.last_rotated_x509_certificate +
 -  MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
 -log_info(LD_GENERAL,"Rotating tls context.");
 -if (router_initialize_tls_context() < 0) {
 -  log_warn(LD_BUG, "Error reinitializing TLS context");
 -  /* XXX is it a bug here, that we just keep going? -RD */
 -}
 -time_to.last_rotated_x509_certificate = now;
 -/* We also make sure to rotate the TLS connections themselves if they've
 - * been up for too long -- but that's done via is_bad_for_new_circs in
 - * connection_run_housekeeping() above. */
 -  }
 -
 -  if (time_to.add_entropy < now) {
 -if (time_to.add_entropy) {
 -  /* We already seeded once, so don't die on failure. */
 -  if (crypto_seed_rng() < 0) {
 -log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
 - "seeded once, though, so we won't exit here.");
 -  }
 -}
 -/** How often do we add more entropy to OpenSSL's RNG pool? */
 -#define ENTROPY_INTERVAL (60*60)
 -time_to.add_entropy = now + ENTROPY_INTERVAL;
 +  log_info(LD_GENERAL,"Rotating tls context.");
 +  if (router_initialize_tls_context() < 0) {
 +log_warn(LD_BUG, "Error reinitializing TLS context");
 +/* XXX is it a bug here, that we just keep going? -RD */
}
  
 -  /* 1c. If we have to change the accounting interval or record
 -   * bandwidth used in this accounting interval, do so. */
 -  if (accounting_is_enabled(options))
 -accounting_run_housekeeping(now);
 +  /* We also make sure to rotate the TLS connections themselves if they've
 +   * been up for too long -- but that's done via is_bad_for_new_circs in
 +   * run_connection_housekeeping() above. */
- 
 +  return MAX_SSL_KEY_LIFETIME_INTERNAL;
 +}
 +
 +static int
 +add_entropy_callback(time_t now, const or_options_t *options)
 +{
 +  (void)now;
 +  (void)options;
 +  /* We already seeded once, so don't die on failure. */
-   crypto_seed_rng();
++  if (crypto_seed_rng() < 0) {
++log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
++ "seeded once, though, so we won't exit here.");
++  }
 +
 +  /** How often do we add more entropy to OpenSSL's RNG pool? */
 +#define ENTROPY_INTERVAL (60*60)
 +  return ENTROPY_INTERVAL;
 +}
  
 -  if (time_to.launch_reachability_tests < now &&
 -  (authdir_mode_tests_reachability(options)) &&
 -   !net_is_disabled()) {
 -time_to.launch_reachability_tests = now + REACHABILITY_TEST_INTERVAL;
 +static int
 +launch_reachability_tests_callback(time_t now, const or_options_t *options)
 +{
 +  if (authdir_mode_tests_reachability(options) &&
 +  !net_is_disabled()) {
  /* try to determine reachability of the other Tor relays */
  dirserv_test_reachability(now);
}

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add a changes file for bug 17686

2015-11-25 Thread nickm

commit 943369f927967268cacd2067ccae0bc5f1c5835e
Author: Nick Mathewson 
Date:   Wed Nov 25 13:25:21 2015 -0500

Add a changes file for bug 17686
---
 changes/bug17686 |4 
 1 file changed, 4 insertions(+)

diff --git a/changes/bug17686 b/changes/bug17686
new file mode 100644
index 000..8fa16c7
--- /dev/null
+++ b/changes/bug17686
@@ -0,0 +1,4 @@
+  o Minor features:
+- Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
+  positively are not allowed to fail. Previously we depended on
+  internals about OpenSSL behavior. Closes ticket 17686.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fixup! Add controller getinfo exit-policy/reject-private

2015-11-25 Thread nickm

commit e14f9dd44f637c0211530e5e630eba1a129d1650
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 08:46:26 2015 +1100

fixup! Add controller getinfo exit-policy/reject-private

Stop ignoring ExitPolicyRejectPrivate in getinfo
exit-policy/reject-private. Fix a memory leak.

Set ExitPolicyRejectPrivate in the unit tests, and make a mock
function declaration static.
---
 src/or/policies.c  |   11 +--
 src/test/test_policy.c |1 +
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/or/policies.c b/src/or/policies.c
index 4d9b17c..ec11375 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -2140,14 +2140,20 @@ getinfo_helper_policies(control_connection_t *conn,
   } else if (!strcmp(question, "exit-policy/reject-private/relay")) {
 const or_options_t *options = get_options();
 const routerinfo_t *me = router_get_my_routerinfo();
-smartlist_t *private_policy_list = smartlist_new();
-smartlist_t *configured_addresses = smartlist_new();
 
 if (!me) {
   *errmsg = "router_get_my_routerinfo returned NULL";
   return -1;
 }
 
+if (!options->ExitPolicyRejectPrivate) {
+  *answer = tor_strdup("");
+  return 0;
+}
+
+smartlist_t *private_policy_list = smartlist_new();
+smartlist_t *configured_addresses = smartlist_new();
+
 /* Add the configured addresses to the tor_addr_t* list */
 policies_add_ipv4h_to_smartlist(configured_addresses, me->addr);
 policies_add_addr_to_smartlist(configured_addresses, >ipv6_addr);
@@ -2162,6 +2168,7 @@ getinfo_helper_policies(control_connection_t *conn,
 *answer = policy_dump_to_string(private_policy_list, 1, 1);
 
 addr_policy_list_free(private_policy_list);
+addr_policy_list_free(configured_addresses);
   } else if (!strcmpstart(question, "exit-policy/")) {
 const routerinfo_t *me = router_get_my_routerinfo();
 
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 63672ea..082f930 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -994,6 +994,7 @@ test_policies_getinfo_helper_policies(void *arg)
   append_exit_policy_string(_my_routerinfo.exit_policy, "reject *6:*");
 
   mock_options.IPv6Exit = 1;
+  mock_options.ExitPolicyRejectPrivate = 1;
   tor_addr_from_ipv4h(_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR);
   tor_addr_parse(_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR);
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix documentation for crypto_rand*

2015-11-25 Thread nickm

commit 1cfa2bc859c0a7f27b49b80dc1be4be2acc91ee8
Author: Nick Mathewson 
Date:   Wed Nov 25 12:28:20 2015 -0500

Fix documentation for crypto_rand*
---
 src/common/crypto.c |   14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 9e27ad3..9669493 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2364,8 +2364,11 @@ crypto_seed_rng(void)
 return -1;
 }
 
-/** Write n bytes of strong random data to to. Return 0 on
- * success, -1 on failure, with support for mocking for unit tests.
+/** Write n bytes of strong random data to to. Supports mocking
+ * for unit tests.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
  */
 MOCK_IMPL(void,
 crypto_rand, (char *to, size_t n))
@@ -2373,8 +2376,11 @@ crypto_rand, (char *to, size_t n))
   crypto_rand_unmocked(to, n);
 }
 
-/** Write n bytes of strong random data to to. Return 0 on
- * success, -1 on failure.  Most callers will want crypto_rand instead.
+/** Write n bytes of strong random data to to.  Most callers
+ * will want crypto_rand instead.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
  */
 void
 crypto_rand_unmocked(char *to, size_t n)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Now that crypto_rand() cannot fail, it should return void.

2015-11-25 Thread nickm

commit ddcbe264745a0c10d80d8ad74125d23eb251662d
Author: Nick Mathewson 
Date:   Wed Nov 25 10:42:00 2015 -0500

Now that crypto_rand() cannot fail, it should return void.
---
 src/common/crypto.c|   12 +---
 src/common/crypto.h|4 ++--
 src/common/crypto_curve25519.c |3 +--
 src/common/tortls.c|3 +--
 src/or/config.c|3 +--
 src/or/connection_or.c |3 +--
 src/or/control.c   |3 +--
 src/or/ext_orport.c|3 +--
 src/or/onion_fast.c|8 ++--
 src/or/rendclient.c|6 +-
 src/or/rendcommon.c|   12 ++--
 src/test/test_extorport.c  |5 ++---
 12 files changed, 20 insertions(+), 45 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 1ca86ea..9e27ad3 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -270,8 +270,7 @@ crypto_init_siphash_key(void)
   if (have_seeded_siphash)
 return 0;
 
-  if (crypto_rand((char*) , sizeof(key)) < 0)
-return -1;
+  crypto_rand((char*) , sizeof(key));
   siphash_set_global_key();
   have_seeded_siphash = 1;
   return 0;
@@ -2368,27 +2367,26 @@ crypto_seed_rng(void)
 /** Write n bytes of strong random data to to. Return 0 on
  * success, -1 on failure, with support for mocking for unit tests.
  */
-MOCK_IMPL(int,
+MOCK_IMPL(void,
 crypto_rand, (char *to, size_t n))
 {
-  return crypto_rand_unmocked(to, n);
+  crypto_rand_unmocked(to, n);
 }
 
 /** Write n bytes of strong random data to to. Return 0 on
  * success, -1 on failure.  Most callers will want crypto_rand instead.
  */
-int
+void
 crypto_rand_unmocked(char *to, size_t n)
 {
   int r;
   if (n == 0)
-return 0;
+return;
 
   tor_assert(n < INT_MAX);
   tor_assert(to);
   r = RAND_bytes((unsigned char*)to, (int)n);
   tor_assert(r >= 0);
-  return 0;
 }
 
 /** Return a pseudorandom integer, chosen uniformly from the values
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 60f9e28..3b471c2 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -260,8 +260,8 @@ int crypto_expand_key_material_rfc5869_sha256(
 
 /* random numbers */
 int crypto_seed_rng(void) ATTR_WUR;
-MOCK_DECL(int,crypto_rand,(char *to, size_t n));
-int crypto_rand_unmocked(char *to, size_t n);
+MOCK_DECL(void,crypto_rand,(char *to, size_t n));
+void crypto_rand_unmocked(char *to, size_t n);
 int crypto_strongest_rand(uint8_t *out, size_t out_len);
 int crypto_rand_int(unsigned int max);
 int crypto_rand_int_range(unsigned int min, unsigned int max);
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index ac0b08a..00302a2 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -113,8 +113,7 @@ curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong)
 {
   uint8_t k_tmp[CURVE25519_SECKEY_LEN];
 
-  if (crypto_rand((char*)out, CURVE25519_SECKEY_LEN) < 0)
-return -1;
+  crypto_rand((char*)out, CURVE25519_SECKEY_LEN);
   if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) {
 /* If they asked for extra-strong entropy and we have some, use it as an
  * HMAC key to improve not-so-good entropy rather than using it directly,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 536043e..e3c6859 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -601,8 +601,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
 goto error;
 
   { /* our serial number is 8 random bytes. */
-if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
-  goto error;
+crypto_rand((char *)serial_tmp, sizeof(serial_tmp));
 if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
   goto error;
 if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509
diff --git a/src/or/config.c b/src/or/config.c
index fa860af..431d366 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -7329,8 +7329,7 @@ init_cookie_authentication(const char *fname, const char 
*header,
 
   /* Generate the cookie */
   *cookie_out = tor_malloc(cookie_len);
-  if (crypto_rand((char *)*cookie_out, cookie_len) < 0)
-goto done;
+  crypto_rand((char *)*cookie_out, cookie_len);
 
   /* Create the string that should be written on the file. */
   memcpy(cookie_file_str, header, strlen(header));
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index a967c93..c454d3f 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2290,8 +2290,7 @@ connection_or_send_auth_challenge_cell(or_connection_t 
*conn)
 
   auth_challenge_cell_t *ac = auth_challenge_cell_new();
 
-  if (crypto_rand((char*)ac->challenge, sizeof(ac->challenge)) < 0)
-goto done;
+  crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
 
   auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
   auth_challenge_cell_set_n_methods(ac,
diff --git a/src/or/control.c b/src/or/control.c
index

[tor-commits] [tor/master] Make crypto_seed_rng() and crypto_rand() less scary.

2015-11-25 Thread nickm

commit dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2
Author: Nick Mathewson 
Date:   Wed Nov 25 10:30:58 2015 -0500

Make crypto_seed_rng() and crypto_rand() less scary.

These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
---
 src/common/compat.h   |2 ++
 src/common/crypto.c   |   10 ++
 src/common/crypto.h   |3 ++-
 src/or/main.c |5 -
 src/test/bench.c  |5 -
 src/test/test_workqueue.c |5 -
 src/test/testing_common.c |5 -
 7 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/common/compat.h b/src/common/compat.h
index c7c468c..c3d6abd 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -118,6 +118,7 @@
 #define ATTR_CONST __attribute__((const))
 #define ATTR_MALLOC __attribute__((malloc))
 #define ATTR_NORETURN __attribute__((noreturn))
+#define ATTR_WUR __attribute__((warn_unused_result))
 /* Alas, nonnull is not at present a good idea for us.  We'd like to get
  * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
  * spottily), but we don't want to tell the compiler to make optimizations
@@ -153,6 +154,7 @@
 #define ATTR_NORETURN
 #define ATTR_NONNULL(x)
 #define ATTR_UNUSED
+#define ATTR_WUR
 #define PREDICT_LIKELY(exp) (exp)
 #define PREDICT_UNLIKELY(exp) (exp)
 #endif
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 815c2ec..b7dc4b8 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2358,7 +2358,7 @@ crypto_seed_rng(void)
 
   memwipe(buf, 0, sizeof(buf));
 
-  if (rand_poll_ok || load_entropy_ok)
+  if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1)
 return 0;
   else
 return -1;
@@ -2380,12 +2380,14 @@ int
 crypto_rand_unmocked(char *to, size_t n)
 {
   int r;
+  if (n == 0)
+return 0;
+
   tor_assert(n < INT_MAX);
   tor_assert(to);
   r = RAND_bytes((unsigned char*)to, (int)n);
-  if (r == 0)
-crypto_log_errors(LOG_WARN, "generating random data");
-  return (r == 1) ? 0 : -1;
+  tor_assert(r >= 0);
+  return 0;
 }
 
 /** Return a pseudorandom integer, chosen uniformly from the values
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 6256f73..d2ced63 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -16,6 +16,7 @@
 #include 
 #include "torint.h"
 #include "testsupport.h"
+#include "compat.h"
 
 /*
   Macro to create an arbitrary OpenSSL version number as used by
@@ -258,7 +259,7 @@ int crypto_expand_key_material_rfc5869_sha256(
 uint8_t *key_out, size_t key_out_len);
 
 /* random numbers */
-int crypto_seed_rng(void);
+int crypto_seed_rng(void) ATTR_WUR;
 MOCK_DECL(int,crypto_rand,(char *to, size_t n));
 int crypto_rand_unmocked(char *to, size_t n);
 int crypto_strongest_rand(uint8_t *out, size_t out_len);
diff --git a/src/or/main.c b/src/or/main.c
index 9b3dbb5..0f8d7ff 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1389,7 +1389,10 @@ run_scheduled_events(time_t now)
   if (time_to.add_entropy < now) {
 if (time_to.add_entropy) {
   /* We already seeded once, so don't die on failure. */
-  crypto_seed_rng();
+  if (crypto_seed_rng() < 0) {
+log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
+ "seeded once, though, so we won't exit here.");
+  }
 }
 /** How often do we add more entropy to OpenSSL's RNG pool? */
 #define ENTROPY_INTERVAL (60*60)
diff --git a/src/test/bench.c b/src/test/bench.c
index 2a27377..70ec025 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -643,7 +643,10 @@ main(int argc, const char **argv)
 
   reset_perftime();
 
-  crypto_seed_rng();
+  if (crypto_seed_rng() < 0) {
+printf("Couldn't seed RNG; exiting.\n");
+return 1;
+  }
   crypto_init_siphash_key();
   options = options_new();
   init_logging(1);
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
index 0d79733..6edfd31 100644
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@@ -391,7 +391,10 @@ main(int argc, char **argv)
   init_logging(1);
   network_init();
   crypto_global_init(1, NULL, NULL);
-  crypto_seed_rng();
+  if (crypto_seed_rng() < 0) {
+printf("Couldn't seed RNG; exiting.\n");
+return 1;
+  }
 
   rq = replyqueue_new(as_flags);
   tor_assert(rq);
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 441024b..2ea158f 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -272,7 +272,10 @@ main(int c, const char **v)
 return 1;
   }
   crypto_set_tls_dh_prime();
-  crypto_seed_rng();
+  if (crypto_seed_rng() < 0) {
+printf("Couldn't seed RNG; exiting.\n");
+return 1;
+  }
   rep_hist_init();
   network_init();
   setup_directory();



___

[tor-commits] [tor/master] Add crypto-initializer functions to those whose return values must be checked

2015-11-25 Thread nickm

commit 10fdee628552bca65ddb86b17e0b057628ad3703
Author: Nick Mathewson 
Date:   Wed Nov 25 10:36:34 2015 -0500

Add crypto-initializer functions to those whose return values must be 
checked
---
 src/common/crypto.c   |3 ++-
 src/common/crypto.h   |4 ++--
 src/test/test_workqueue.c |5 -
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index b7dc4b8..1ca86ea 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -322,7 +322,8 @@ int
 crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 {
   if (!crypto_global_initialized_) {
-crypto_early_init();
+if (crypto_early_init() < 0)
+  return -1;
 
 crypto_global_initialized_ = 1;
 
diff --git a/src/common/crypto.h b/src/common/crypto.h
index d2ced63..60f9e28 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -112,10 +112,10 @@ typedef struct crypto_dh_t crypto_dh_t;
 /* global state */
 const char * crypto_openssl_get_version_str(void);
 const char * crypto_openssl_get_header_version_str(void);
-int crypto_early_init(void);
+int crypto_early_init(void) ATTR_WUR;
 int crypto_global_init(int hardwareAccel,
const char *accelName,
-   const char *accelPath);
+   const char *accelPath) ATTR_WUR;
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
index 6edfd31..1202f80 100644
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@@ -390,7 +390,10 @@ main(int argc, char **argv)
 
   init_logging(1);
   network_init();
-  crypto_global_init(1, NULL, NULL);
+  if (crypto_global_init(1, NULL, NULL) < 0) {
+printf("Couldn't initialize crypto subsystem; exiting.\n");
+return 1;
+  }
   if (crypto_seed_rng() < 0) {
 printf("Couldn't seed RNG; exiting.\n");
 return 1;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'teor/check-crypto-errors-v2'

2015-11-25 Thread nickm

commit c875265bbbddc50674f65169ee49d5612bef72a7
Merge: e14f9dd b1b8f79
Author: Nick Mathewson 
Date:   Wed Nov 25 22:28:12 2015 -0500

Merge remote-tracking branch 'teor/check-crypto-errors-v2'

 changes/check-crypto-errors |5 +
 src/common/crypto.c |7 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Check the return value of HMAC in crypto.c and assert on error

2015-11-25 Thread nickm

commit b1b8f7982ebac1347a86d5eb9eee8e5f3bd3d39c
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 20:53:59 2015 +1100

Check the return value of HMAC in crypto.c and assert on error

Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
---
 changes/check-crypto-errors |5 +
 src/common/crypto.c |7 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/changes/check-crypto-errors b/changes/check-crypto-errors
new file mode 100644
index 000..e41862c
--- /dev/null
+++ b/changes/check-crypto-errors
@@ -0,0 +1,5 @@
+  o Minor bugfix (crypto):
+- Check the return value of HMAC and assert on failure.
+  Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
+  in tor version 0.2.3.5-alpha-dev.
+  Patch by "teor".
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 913d1c2..86357b0 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1906,11 +1906,14 @@ crypto_hmac_sha256(char *hmac_out,
const char *key, size_t key_len,
const char *msg, size_t msg_len)
 {
+  unsigned char *rv = NULL;
   /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
   tor_assert(key_len < INT_MAX);
   tor_assert(msg_len < INT_MAX);
-  HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
-   (unsigned char*)hmac_out, NULL);
+  tor_assert(hmac_out);
+  rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
+(unsigned char*)hmac_out, NULL);
+  tor_assert(rv);
 }
 
 /* DH */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 16940: After update, load local change notes.

2015-11-25 Thread gk

commit 4a726fc8a675c0882cbfba2514deb32b53ade2ab
Author: Kathy Brade 
Date:   Wed Nov 25 11:36:20 2015 -0500

Bug 16940: After update, load local change notes.

Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).
---
 .../base/content/abouttbupdate/aboutTBUpdate.css   |   34 +++
 .../base/content/abouttbupdate/aboutTBUpdate.js|   10 +++
 .../base/content/abouttbupdate/aboutTBUpdate.xhtml |   34 +++
 .../content/abouttbupdate/aboutTBUpdateLogo.png|  Bin 0 -> 23266 bytes
 browser/base/content/browser.js|   14 -
 browser/base/content/content.js|   64 
 browser/base/jar.mn|8 ++-
 browser/components/about/AboutRedirector.cpp   |8 +++
 browser/components/build/nsModule.cpp  |3 +
 browser/components/nsBrowserContentHandler.js  |   12 
 .../locales/en-US/chrome/browser/aboutTBUpdate.dtd |6 ++
 browser/locales/jar.mn |3 +
 12 files changed, 194 insertions(+), 2 deletions(-)

diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css 
b/browser/base/content/abouttbupdate/aboutTBUpdate.css
new file mode 100644
index 000..489c9d2
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css
@@ -0,0 +1,34 @@
+body {
+  font-family: sans-serif;
+  font-size: 110%;
+  background-image: -moz-linear-gradient(top, #ff, #ff 10%, #d5ffd5 
50%, #d5ffd5);
+  background-attachment: fixed;
+  background-size: 100% 100%;
+}
+
+#logo {
+  background-image: 
url("chrome://browser/content/abouttbupdate/aboutTBUpdateLogo.png");
+  height: 128px;
+  width: 128px;
+  margin: 20px;
+  float: left;
+}
+
+#msg {
+  margin-top: 50px;
+  float: left;
+}
+
+#msg-updated {
+  font-size: 120%;
+  margin-bottom: 20px;
+}
+
+#changelog-container {
+  margin: 0px 20px 20px 20px;
+}
+
+#changelog {
+  margin-left: 20px;
+  white-space: pre;
+}
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.js 
b/browser/base/content/abouttbupdate/aboutTBUpdate.js
new file mode 100644
index 000..8243647
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.js
@@ -0,0 +1,10 @@
+// Copyright (c) 2015, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+function init()
+{
+  let event = new CustomEvent("AboutTBUpdateLoad", { bubbles: true });
+  document.dispatchEvent(event);
+}
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml 
b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
new file mode 100644
index 000..3a29e0c
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
@@ -0,0 +1,34 @@
+
+
+
+  %htmlDTD;
+  
+  %globalDTD;
+  
+  %tbUpdateDTD;
+]>
+
+http://www.w3.org/1999/xhtml;>
+
+  
+  
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png 
b/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png
new file mode 100644
index 000..be5cae9
Binary files /dev/null and 
b/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png differ
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index baddc59..815f018 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -216,6 +216,9 @@ XPCOMUtils.defineLazyModuleGetter(this, "ReaderParent",
 
 let gInitialPages = [
   "about:tor",
+#ifdef TOR_BROWSER_UPDATE
+  "about:tbupdate",
+#endif
   "about:blank",
   "about:newtab",
   "about:home",
@@ -2354,7 +2357,11 @@ function URLBarSetURI(aURI) {
 // Replace initial page URIs with an empty string
 // only if there's no opener (bug 370555).
 // Bug 863515 - Make content.opener checks work in electrolysis.
+#ifdef TOR_BROWSER_UPDATE
+if (gInitialPages.indexOf(uri.spec.split('?')[0]) != -1)
+#else
 if (gInitialPages.indexOf(uri.spec) != -1)
+#endif
   value = !gMultiProcessBrowser && content.opener ? uri.spec : "";
 else
   value = losslessDecodeURI(uri);
@@ -6951,8 +6958,13 @@ var gIdentityHandler = {
 
 // Chrome URIs however get special treatment. Some chrome URIs are
 // whitelisted to provide a positive security signal to the user.
-let whitelist = 
/^about:(accounts|addons|app-manager|config|crashes|customizing|downloads|healthreport|home|license|newaddon|permissions|preferences|privatebrowsing|rights|sessionrestore|support|welcomeback)/i;
+#ifdef TOR_BROWSER_UPDATE
+let whitelist = 
/^about:(accounts|addons|app-manager|config|crashes|customizing|downloads|healthreport|home|license|newaddon|permissions|preferences|privatebrowsing|rights|sessionrestore|support|welcomeback|tor|tbupdate)/i;
+let isChromeUI = uri.schemeIs("about") && 
whitelist.test(uri.spec.split('?')[0]);

[tor-commits] [torbutton/master] Bug 16940: After update, load local change notes.

2015-11-25 Thread gk

commit 9b800ffc669f7eb7dd6203a24aa85a39b5edd154
Author: Kathy Brade 
Date:   Thu Nov 19 10:13:11 2015 -0500

Bug 16940: After update, load local change notes.

Include the localizable strings for the about:tbupdate page
in Torbutton.
---
 src/chrome.manifest|3 +++
 src/chrome/locale/en/aboutTBUpdate.dtd |6 ++
 trans_tools/import-translations.sh |1 +
 3 files changed, 10 insertions(+)

diff --git a/src/chrome.manifest b/src/chrome.manifest
index 1d3efb4..30aa2ff 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -12,6 +12,9 @@ override chrome://branding/locale/brand.dtd 
chrome://torbutton/locale/brand.dtd
 override chrome://branding/locale/brand.properties 
chrome://torbutton/locale/brand.properties
 overlay chrome://browser/content/aboutDialog.xul 
chrome://torbutton/content/aboutDialog.xul
 
+# Strings for the about:tbupdate page
+override chrome://browser/locale/aboutTBUpdate.dtd 
chrome://torbutton/locale/aboutTBUpdate.dtd
+
 locale torbutton af chrome/locale/af/
 locale torbutton ak chrome/locale/ak/
 locale torbutton am chrome/locale/am/
diff --git a/src/chrome/locale/en/aboutTBUpdate.dtd 
b/src/chrome/locale/en/aboutTBUpdate.dtd
new file mode 100644
index 000..37567bd
--- /dev/null
+++ b/src/chrome/locale/en/aboutTBUpdate.dtd
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/trans_tools/import-translations.sh 
b/trans_tools/import-translations.sh
index 494e64f..cfaa05c 100755
--- a/trans_tools/import-translations.sh
+++ b/trans_tools/import-translations.sh
@@ -17,6 +17,7 @@ LOCALE_DIR=../src/chrome/locale
 FILEMAP=( "aboutDialog.dtd:torbutton-aboutdialogdtd"
   "aboutTor.dtd:abouttor-homepage"
   "aboutTor.properties:torbutton-abouttorproperties"
+  "aboutTBUpdate.dtd:torbutton-abouttbupdatedtd"
   "brand.dtd:torbutton-branddtd"
   "brand.properties:torbutton-brandproperties"
   "torbutton.dtd:torbutton-torbuttondtd"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

2015-11-25 Thread translation

commit d616b7c1c02c54630fb7d492a9c7121053d5a7d6
Author: Translation commit bot 
Date:   Wed Nov 25 15:15:03 2015 +

Update translations for bridgedb
---
 th/LC_MESSAGES/bridgedb.po |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/th/LC_MESSAGES/bridgedb.po b/th/LC_MESSAGES/bridgedb.po
index 9297187..e1c1e91 100644
--- a/th/LC_MESSAGES/bridgedb.po
+++ b/th/LC_MESSAGES/bridgedb.po
@@ -12,7 +12,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-25 14:44+\n"
+"PO-Revision-Date: 2015-11-25 14:46+\n"
 "Last-Translator: Ella Rudland \n"
 "Language-Team: Thai (http://www.transifex.com/otf/torproject/language/th/)\n"
 "MIME-Version: 1.0\n"
@@ -160,7 +160,7 @@ msgstr "%sà¹à¸à¹%s"
 #: bridgedb/https/templates/options.html:147
 #, python-format
 msgid "%sG%set Bridges"
-msgstr ""
+msgstr "%sà¹à¸à¸²%sà¸à¸£à¸´à¸à¸à¸ºà¸¡à¸²"
 
 #: bridgedb/strings.py:43
 msgid "[This is an automated message; please do not reply.]"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Fix links in donate page header

2015-11-25 Thread sebastian

commit 9ecd1937383fb4a80c9896cae7e8b174a8cf23b2
Author: Sebastian Hahn 
Date:   Wed Nov 25 11:10:02 2015 +0100

Fix links in donate page header
---
 include/donatehead.wmi |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/donatehead.wmi b/include/donatehead.wmi
index 616c461..d0c20a4 100644
--- a/include/donatehead.wmi
+++ b/include/donatehead.wmi
@@ -62,9 +62,9 @@
   
   
   
-  Home
-  About
-  Contact
+  Home
+  About
+  Contact
   
   
   

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Add link to donor page (#17681)

2015-11-25 Thread sebastian

commit cd0da7497adc1f435a0de4c409239c5fbe056ef5
Author: Sebastian Hahn 
Date:   Wed Nov 25 11:04:57 2015 +0100

Add link to donor page (#17681)
---
 donate/en/donor-faq.wml |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/donate/en/donor-faq.wml b/donate/en/donor-faq.wml
index 2fff4ab..e9005b4 100644
--- a/donate/en/donor-faq.wml
+++ b/donate/en/donor-faq.wml
@@ -147,7 +147,7 @@
   
   
 Can I become a Tor Project member?
-Right now, we don't have a membership program, but we may set 
one up in the future. If you want to get involved with the Tor Project, this is 
a good place to start.
+Right now, we don't have a membership program, but we may set 
one up in the future. If you want to get involved with the Tor Project, this is a good place to start.
   
   
 How can I get a Tor t-shirt or stickers?
@@ -199,4 +199,4 @@
   
 
 
-#include 
\ No newline at end of file
+#include 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

2015-11-25 Thread translation

commit 77047490d3b7b06c3d1f2bb852eb8963c72598d9
Author: Translation commit bot 
Date:   Wed Nov 25 13:45:03 2015 +

Update translations for bridgedb
---
 th/LC_MESSAGES/bridgedb.po |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/th/LC_MESSAGES/bridgedb.po b/th/LC_MESSAGES/bridgedb.po
index 44fea4c..71af3d9 100644
--- a/th/LC_MESSAGES/bridgedb.po
+++ b/th/LC_MESSAGES/bridgedb.po
@@ -12,7 +12,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-18 01:40+\n"
+"PO-Revision-Date: 2015-11-25 13:40+\n"
 "Last-Translator: Ella Rudland \n"
 "Language-Team: Thai (http://www.transifex.com/otf/torproject/language/th/)\n"
 "MIME-Version: 1.0\n"
@@ -235,7 +235,7 @@ msgid ""
 "Some bridges with IPv6 addresses are also available, though some Pluggable\n"
 "Transports aren't IPv6 compatible.\n"
 "\n"
-msgstr ""
+msgstr 
"à¸¡à¸µà¸à¸£à¸´à¸à¸à¸ºà¸à¸²à¸à¸à¸±à¸à¸à¸µà¹à¸¡à¸µà¸«à¸¡à¸²à¸¢à¹à¸¥à¸ 
IPv6 à¸à¹à¸§à¸¢ à¹à¸¡à¹à¸§à¹à¸² Pluggable\nTransports 
à¸à¸²à¸à¸ªà¹à¸§à¸à¹à¸¡à¹à¸ªà¸²à¸¡à¸²à¸£à¸à¸à¸³à¸à¸²à¸à¸£à¹à¸§à¸¡à¸à¸±à¸
 IPv6.\n\n"
 
 #. TRANSLATORS: Please DO NOT translate "BridgeDB".
 #. TRANSLATORS: The phrase "plain-ol'-vanilla" means "plain, boring,
@@ -253,7 +253,7 @@ msgstr ""
 
 #: bridgedb/strings.py:101
 msgid "What are bridges?"
-msgstr "à¸ªà¸°à¸à¸²à¸à¸«à¸¡à¸²à¸¢à¸à¸¶à¸à¸à¸°à¹à¸£"
+msgstr "à¸à¸£à¸´à¸à¸à¹à¸à¸·à¸à¸à¸°à¹à¸£?"
 
 #: bridgedb/strings.py:102
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'gtank/feature17663'

2015-11-25 Thread nickm

commit 74e5385da701392c3fb72487753831b30a0b0c5c
Merge: 2079ec9 1a7f6df
Author: Nick Mathewson 
Date:   Wed Nov 25 09:00:01 2015 -0500

Merge remote-tracking branch 'gtank/feature17663'

 changes/feature17663   |2 ++
 src/common/crypto.c|   89 +---
 src/common/crypto.h|   19 ---
 src/test/test_crypto.c |   28 +++
 4 files changed, 122 insertions(+), 16 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] add SHA512 support to crypto

2015-11-25 Thread nickm

commit ff54cc8481f88ecbc40a8abc0a1812fcf583ea73
Author: George Tankersley 
Date:   Wed Nov 18 08:37:05 2015 +

add SHA512 support to crypto
---
 src/common/crypto.c|   67 ++--
 src/common/crypto.h|   19 +++---
 src/test/test_crypto.c |   28 
 3 files changed, 102 insertions(+), 12 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index ffbeb81..161ea37 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1609,6 +1609,19 @@ crypto_digest256(char *digest, const char *m, size_t len,
   return (SHA256((const unsigned char*)m,len,(unsigned char*)digest) == NULL);
 }
 
+/** Compute a 512-bit digest of len bytes in data stored in m,
+ * using the algorithm algorithm.  Write the DIGEST_LEN512-byte result
+ * into digest.  Return 0 on success, -1 on failure. */
+int
+crypto_digest512(char *digest, const char *m, size_t len,
+ digest_algorithm_t algorithm)
+{
+  tor_assert(m);
+  tor_assert(digest);
+  tor_assert(algorithm == DIGEST_SHA512);
+  return (SHA512((const unsigned char*)m,len,(unsigned char*)digest) == NULL);
+}
+
 /** Set the digests_t in ds_out to contain every digest on the
  * len bytes in m that we know how to compute.  Return 0 on
  * success, -1 on failure. */
@@ -1621,8 +1634,18 @@ crypto_digest_all(digests_t *ds_out, const char *m, 
size_t len)
   if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
 return -1;
   for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) {
-if (crypto_digest256(ds_out->d[i], m, len, i) < 0)
-  return -1;
+  switch (i) {
+case DIGEST_SHA256:
+  if (crypto_digest256(ds_out->d[i], m, len, i) < 0)
+return -1;
+  break;
+case DIGEST_SHA512:
+  if (crypto_digest512(ds_out->d[i], m, len, i) < 0)
+return -1;
+  break;
+default:
+  return -1;
+  }
   }
   return 0;
 }
@@ -1636,6 +1659,8 @@ crypto_digest_algorithm_get_name(digest_algorithm_t alg)
   return "sha1";
 case DIGEST_SHA256:
   return "sha256";
+case DIGEST_SHA512:
+  return "sha512";
 default:
   tor_fragile_assert();
   return "??unknown_digest??";
@@ -1651,6 +1676,8 @@ crypto_digest_algorithm_parse_name(const char *name)
 return DIGEST_SHA1;
   else if (!strcmp(name, "sha256"))
 return DIGEST_SHA256;
+  else if (!strcmp(name, "sha512"))
+return DIGEST_SHA512;
   else
 return -1;
 }
@@ -1660,6 +1687,7 @@ struct crypto_digest_t {
   union {
 SHA_CTX sha1; /**< state for SHA1 */
 SHA256_CTX sha2; /**< state for SHA256 */
+SHA512_CTX sha512; /**< state for SHA512 */
   } d; /**< State for the digest we're using.  Only one member of the
 * union is usable, depending on the value of algorithm. */
   digest_algorithm_bitfield_t algorithm : 8; /**< Which algorithm is in use? */
@@ -1690,6 +1718,19 @@ crypto_digest256_new(digest_algorithm_t algorithm)
   return r;
 }
 
+/** Allocate and return a new digest object to compute 512-bit digests
+ * using algorithm. */
+crypto_digest_t *
+crypto_digest512_new(digest_algorithm_t algorithm)
+{
+  crypto_digest_t *r;
+  tor_assert(algorithm == DIGEST_SHA512);
+  r = tor_malloc(sizeof(crypto_digest_t));
+  SHA512_Init(>d.sha512);
+  r->algorithm = algorithm;
+  return r;
+}
+
 /** Deallocate a digest object.
  */
 void
@@ -1721,6 +1762,9 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const 
char *data,
 case DIGEST_SHA256:
   SHA256_Update(>d.sha2, (void*)data, len);
   break;
+case DIGEST_SHA512:
+  SHA512_Update(>d.sha512, (void*)data, len);
+  break;
 default:
   tor_fragile_assert();
   break;
@@ -1729,13 +1773,13 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const 
char *data,
 
 /** Compute the hash of the data that has been passed to the digest
  * object; write the first out_len bytes of the result to out.
- * out_len must be \<= DIGEST256_LEN.
+ * out_len must be \<= DIGEST512_LEN.
  */
 void
 crypto_digest_get_digest(crypto_digest_t *digest,
  char *out, size_t out_len)
 {
-  unsigned char r[DIGEST256_LEN];
+  unsigned char r[DIGEST512_LEN];
   crypto_digest_t tmpenv;
   tor_assert(digest);
   tor_assert(out);
@@ -1750,6 +1794,10 @@ crypto_digest_get_digest(crypto_digest_t *digest,
   tor_assert(out_len <= DIGEST256_LEN);
   SHA256_Final(r, );
   break;
+case DIGEST_SHA512:
+  tor_assert(out_len <= DIGEST512_LEN);
+  SHA512_Final(r, );
+  break;
 default:
   log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm);
   /* If fragile_assert is not enabled, then we should at least not
@@ -1791,7 +1839,7 @@ crypto_digest_assign(crypto_digest_t *into,
  * at digest_out to the hash of the concatenation of those strings,
  * plus the optional string append, computed with the algorithm
  * alg.
- * out_len must be \<=

[tor-commits] [tor/master] add changes for feature17663

2015-11-25 Thread nickm

commit 1a7f6df688d3879fd5ee378dfd8ea9f22a40020e
Author: George Tankersley 
Date:   Tue Nov 24 02:24:22 2015 +

add changes for feature17663
---
 changes/feature17663 |2 ++
 1 file changed, 2 insertions(+)

diff --git a/changes/feature17663 b/changes/feature17663
new file mode 100644
index 000..f867c03
--- /dev/null
+++ b/changes/feature17663
@@ -0,0 +1,2 @@
+  o Minor feature:
+- Adds SHA512 support to crypto.c



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Tweak gtank's sha512 patch a little

2015-11-25 Thread nickm

commit 7194d3d95705a30cec69574ff2800cba8e739df9
Author: Nick Mathewson 
Date:   Wed Nov 25 09:04:17 2015 -0500

Tweak gtank's sha512 patch a little
---
 changes/feature17663 |5 +++--
 src/common/crypto.c  |3 +--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/changes/feature17663 b/changes/feature17663
index f867c03..baad943 100644
--- a/changes/feature17663
+++ b/changes/feature17663
@@ -1,2 +1,3 @@
-  o Minor feature:
-- Adds SHA512 support to crypto.c
+  o Minor feature (crypto):
+- Add SHA512 support to crypto.c. Closes ticket 17663; patch from
+  George Tankersley.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 72e08c9..5879719 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1890,8 +1890,7 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t 
len_out,
   crypto_digest_get_digest(d, digest_out, len_out);
 
  free:
-  if (d != NULL)
-crypto_digest_free(d);
+  crypto_digest_free(d);
 }
 
 /** Compute the HMAC-SHA-256 of the msg_len bytes in msg, using

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] implement teor's comments

2015-11-25 Thread nickm

commit 695412302b37cf33c826e9af960474bed6180f3a
Author: George Tankersley 
Date:   Tue Nov 24 02:02:13 2015 +

implement teor's comments
---
 src/common/crypto.c |   34 --
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 161ea37..72e08c9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1611,7 +1611,7 @@ crypto_digest256(char *digest, const char *m, size_t len,
 
 /** Compute a 512-bit digest of len bytes in data stored in m,
  * using the algorithm algorithm.  Write the DIGEST_LEN512-byte result
- * into digest.  Return 0 on success, -1 on failure. */
+ * into digest.  Return 0 on success, 1 on failure. */
 int
 crypto_digest512(char *digest, const char *m, size_t len,
  digest_algorithm_t algorithm)
@@ -1854,7 +1854,7 @@ crypto_digest_smartlist(char *digest_out, size_t len_out,
  * optional string prepend, those strings,
  * and the optional string append, computed with the algorithm
  * alg.
- * out_len must be \<= DIGEST512_LEN. */
+ * len_out must be \<= DIGEST512_LEN. */
 void
 crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
 const char *prepend,
@@ -1862,13 +1862,24 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t 
len_out,
 const char *append,
 digest_algorithm_t alg)
 {
-  crypto_digest_t *d;
-  if (alg == DIGEST_SHA1) {
-d = crypto_digest_new();
-  } else if (alg == DIGEST_SHA512) {
-d = crypto_digest512_new(alg);
-  } else {
-d = crypto_digest256_new(alg);
+  crypto_digest_t *d = NULL;
+  switch (alg) {
+case DIGEST_SHA1:
+  d = crypto_digest_new();
+  break;
+case DIGEST_SHA256:
+  d = crypto_digest256_new(alg);
+  break;
+case DIGEST_SHA512:
+  d = crypto_digest512_new(alg);
+  break;
+default:
+  log_warn(LD_BUG, "Called with unknown algorithm %d", alg);
+  /* If fragile_assert is not enabled, wipe output and return
+   * without running any calculations */
+  memwipe(digest_out, 0xff, len_out);
+  tor_fragile_assert();
+  goto free;
   }
   if (prepend)
 crypto_digest_add_bytes(d, prepend, strlen(prepend));
@@ -1877,7 +1888,10 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t 
len_out,
   if (append)
 crypto_digest_add_bytes(d, append, strlen(append));
   crypto_digest_get_digest(d, digest_out, len_out);
-  crypto_digest_free(d);
+
+ free:
+  if (d != NULL)
+crypto_digest_free(d);
 }
 
 /** Compute the HMAC-SHA-256 of the msg_len bytes in msg, using



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.7'

2015-11-25 Thread nickm

commit be30c61ac1553cf4401c832019e213be907c0711
Merge: 6cdd024 273b267
Author: Nick Mathewson 
Date:   Wed Nov 25 08:53:46 2015 -0500

Merge branch 'maint-0.2.7'

 changes/bug16702 |4 
 src/or/rendservice.c |3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix: use the right list in find_expiring_intro_point()

2015-11-25 Thread nickm

commit 273b267fa234c5a26c9beaacede42a496c880e05
Author: David Goulet 
Date:   Mon Nov 23 09:02:54 2015 -0500

Fix: use the right list in find_expiring_intro_point()

The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet 
---
 changes/bug16702 |4 
 src/or/rendservice.c |3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/bug16702 b/changes/bug16702
new file mode 100644
index 000..5de36cd
--- /dev/null
+++ b/changes/bug16702
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service)
+- The wrong list was used when looking up expired intro points in a rend
+  service object causing what we think could be reachability issues and
+  triggering a BUG log. Fixes 16702; bugfix on tor-0.2.7.2-alpha.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 8ba5327..77d8b71 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3038,7 +3038,8 @@ find_expiring_intro_point(rend_service_t *service, 
origin_circuit_t *circ)
   tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
  TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
 
-  SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point,
+  SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
+intro_point,
 if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
   return intro_point;
   });



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Fix: use the right list in find_expiring_intro_point()

2015-11-25 Thread nickm

commit 273b267fa234c5a26c9beaacede42a496c880e05
Author: David Goulet 
Date:   Mon Nov 23 09:02:54 2015 -0500

Fix: use the right list in find_expiring_intro_point()

The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet 
---
 changes/bug16702 |4 
 src/or/rendservice.c |3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/bug16702 b/changes/bug16702
new file mode 100644
index 000..5de36cd
--- /dev/null
+++ b/changes/bug16702
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service)
+- The wrong list was used when looking up expired intro points in a rend
+  service object causing what we think could be reachability issues and
+  triggering a BUG log. Fixes 16702; bugfix on tor-0.2.7.2-alpha.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 8ba5327..77d8b71 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3038,7 +3038,8 @@ find_expiring_intro_point(rend_service_t *service, 
origin_circuit_t *circ)
   tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
  TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
 
-  SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point,
+  SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
+intro_point,
 if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
   return intro_point;
   });

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'teor/feature8961-replaycache-sha256'

2015-11-25 Thread nickm

commit 2079ec9ee62e34fd46a12a7bba87a71df167d7ee
Merge: be30c61 2e9779e
Author: Nick Mathewson 
Date:   Wed Nov 25 08:55:18 2015 -0500

Merge remote-tracking branch 'teor/feature8961-replaycache-sha256'

 changes/feature8961-replaycache-sha256 |4 
 src/or/replaycache.c   |   26 
 src/or/replaycache.h   |2 +-
 src/test/test_replay.c |   34 +++-
 4 files changed, 51 insertions(+), 15 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Use SHA256 in the replaycache, rather than SHA1

2015-11-25 Thread nickm

commit 2e9779e5d84db3e0d7b51ea34e73828253a298c2
Author: teor (Tim Wilson-Brown) 
Date:   Tue Nov 24 09:08:53 2015 +1100

Use SHA256 in the replaycache, rather than SHA1

This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
---
 changes/feature8961-replaycache-sha256 |4 
 src/or/replaycache.c   |   26 
 src/or/replaycache.h   |2 +-
 src/test/test_replay.c |   34 +++-
 4 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/changes/feature8961-replaycache-sha256 
b/changes/feature8961-replaycache-sha256
new file mode 100644
index 000..c5b5c85
--- /dev/null
+++ b/changes/feature8961-replaycache-sha256
@@ -0,0 +1,4 @@
+  o Minor enhancement (replaycache):
+- The replay cache now uses SHA256 instead of SHA1.
+  Implements feature #8961.
+  Patch by "teor", issue reported by "rransom".
diff --git a/src/or/replaycache.c b/src/or/replaycache.c
index 569e073..82e5c44 100644
--- a/src/or/replaycache.c
+++ b/src/or/replaycache.c
@@ -23,7 +23,7 @@ replaycache_free(replaycache_t *r)
 return;
   }
 
-  if (r->digests_seen) digestmap_free(r->digests_seen, tor_free_);
+  if (r->digests_seen) digest256map_free(r->digests_seen, tor_free_);
 
   tor_free(r);
 }
@@ -54,7 +54,7 @@ replaycache_new(time_t horizon, time_t interval)
   r->scrub_interval = interval;
   r->scrubbed = 0;
   r->horizon = horizon;
-  r->digests_seen = digestmap_new();
+  r->digests_seen = digest256map_new();
 
  err:
   return r;
@@ -69,7 +69,7 @@ replaycache_add_and_test_internal(
 time_t *elapsed)
 {
   int rv = 0;
-  char digest[DIGEST_LEN];
+  uint8_t digest[DIGEST256_LEN];
   time_t *access_time;
 
   /* sanity check */
@@ -80,10 +80,10 @@ replaycache_add_and_test_internal(
   }
 
   /* compute digest */
-  crypto_digest(digest, (const char *)data, len);
+  crypto_digest256((char *)digest, (const char *)data, len, DIGEST_SHA256);
 
   /* check map */
-  access_time = digestmap_get(r->digests_seen, digest);
+  access_time = digest256map_get(r->digests_seen, digest);
 
   /* seen before? */
   if (access_time != NULL) {
@@ -114,7 +114,7 @@ replaycache_add_and_test_internal(
 /* No, so no hit and update the digest map with the current time */
 access_time = tor_malloc(sizeof(*access_time));
 *access_time = present;
-digestmap_set(r->digests_seen, digest, access_time);
+digest256map_set(r->digests_seen, digest, access_time);
   }
 
   /* now scrub the cache if it's time */
@@ -130,8 +130,8 @@ replaycache_add_and_test_internal(
 STATIC void
 replaycache_scrub_if_needed_internal(time_t present, replaycache_t *r)
 {
-  digestmap_iter_t *itr = NULL;
-  const char *digest;
+  digest256map_iter_t *itr = NULL;
+  const uint8_t *digest;
   void *valp;
   time_t *access_time;
 
@@ -149,19 +149,19 @@ replaycache_scrub_if_needed_internal(time_t present, 
replaycache_t *r)
   if (r->horizon == 0) return;
 
   /* okay, scrub time */
-  itr = digestmap_iter_init(r->digests_seen);
-  while (!digestmap_iter_done(itr)) {
-digestmap_iter_get(itr, , );
+  itr = digest256map_iter_init(r->digests_seen);
+  while (!digest256map_iter_done(itr)) {
+digest256map_iter_get(itr, , );
 access_time = (time_t *)valp;
 /* aged out yet? */
 if (*access_time < present - r->horizon) {
   /* Advance the iterator and remove this one */
-  itr = digestmap_iter_next_rmv(r->digests_seen, itr);
+  itr = digest256map_iter_next_rmv(r->digests_seen, itr);
   /* Free the value removed */
   tor_free(access_time);
 } else {
   /* Just advance the iterator */
-  itr = digestmap_iter_next(r->digests_seen, itr);
+  itr = digest256map_iter_next(r->digests_seen, itr);
 }
   }
 
diff --git a/src/or/replaycache.h b/src/or/replaycache.h
index 9b9daf3..9c409f2 100644
--- a/src/or/replaycache.h
+++ b/src/or/replaycache.h
@@ -26,7 +26,7 @@ struct replaycache_s {
   /*
* Digest map: keys are digests, values are times the digest was last seen
*/
-  digestmap_t *digests_seen;
+  digest256map_t *digests_seen;
 };
 
 #endif /* REPLAYCACHE_PRIVATE */
diff --git a/src/test/test_replay.c b/src/test/test_replay.c
index a02c160..7a0f098 100644
--- a/src/test/test_replay.c
+++ b/src/test/test_replay.c
@@ -17,6 +17,20 @@ static const char *test_buffer =
   " occaecat cupidatat non proident, sunt in culpa qui officia deserunt"
   " mollit anim id est laborum.";
 
+static const char *test_buffer_2 =
+  "At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis"
+  " praesentium voluptatum deleniti atque corrupti quos dolores et quas"
+  " molestias excepturi sint occaecati cupiditate non provident, similique"
+  " sunt in culpa qui officia deserunt mollitia animi, id est laborum et"

[tor-commits] [tor/master] TestingLinkCertLifetime was misnamed as 'TestingLinkCertifetime'

2015-11-25 Thread nickm

commit 91b0ba1d197843848bea344e90704028779c4b7a
Author: Damian Johnson 
Date:   Mon Nov 23 17:51:30 2015 -0800

TestingLinkCertLifetime was misnamed as 'TestingLinkCertifetime'

Simple typo - we were missing a letter.
---
 doc/tor.1.txt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 0241046..0db88e6 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2449,7 +2449,7 @@ The following options are used for running a testing Tor 
network.
 authority on a testing network. Overrides the usual default lower bound
 of 4 KB. (Default: 0)
 
-[[TestingLinkCertLifetime]] **TestingLinkCertifetime** __N__ 
**seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
+[[TestingLinkCertLifetime]] **TestingLinkCertLifetime** __N__ 
**seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
 Overrides the default lifetime for the certificates used to authenticate
 our X509 link cert with our ed25519 signing key.
 (Default: 2 days)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'atagar/man_page_fixes'

2015-11-25 Thread nickm

commit ab1bc38d5ae28be7666a2b896d45aebe3ec5ce4b
Merge: 7194d3d dd63a6a
Author: Nick Mathewson 
Date:   Wed Nov 25 09:07:02 2015 -0500

Merge remote-tracking branch 'atagar/man_page_fixes'

 doc/tor.1.txt |   66 +
 1 file changed, 29 insertions(+), 37 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix typo in comment on crypto_add_spaces_to_fp

2015-11-25 Thread nickm

commit 84d1373ba075febd5c362701a4dfee66ca9a5c19
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 18:59:11 2015 +1100

Fix typo in comment on crypto_add_spaces_to_fp
---
 src/common/crypto.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index f5f9bbe..80345d4 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1332,7 +1332,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t 
*digests_out)
 }
 
 /** Copy in to the outlen-byte buffer out, adding spaces
- * every four spaces. */
+ * every four characters. */
 void
 crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in)
 {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add a missing "if" in the comment on warn_nonlocal_controller_ports

2015-11-25 Thread nickm

commit d3b7546753fbf37dfe2dc5dc774492c8d501409f
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 16 16:27:11 2015 +1100

Add a missing "if" in the comment on warn_nonlocal_controller_ports

Also reflow all the lines of that comment so that they're under
the maximum width.
---
 src/or/config.c |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index 22039b4..311d838 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5803,9 +5803,9 @@ warn_nonlocal_ext_orports(const smartlist_t *ports, const 
char *portname)
   } SMARTLIST_FOREACH_END(port);
 }
 
-/** Given a list of port_cfg_t in ports, warn any controller port there
- * is listening on any non-loopback address.  If forbid_nonlocal is
- * true, then emit a stronger warning and remove the port from the list.
+/** Given a list of port_cfg_t in ports, warn if any controller port
+ * there is listening on any non-loopback address.  If forbid_nonlocal
+ * is true, then emit a stronger warning and remove the port from the list.
  */
 static void
 warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add missing " in AccountingMax comment in or.h

2015-11-25 Thread nickm

commit dd82550a5e8dab342ab1c5d46c51b781fa6ab568
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 16 12:34:53 2015 +1100

Add missing " in AccountingMax comment in or.h
---
 src/or/or.h |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/or.h b/src/or/or.h
index 651d8be..48dd0bd 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3808,7 +3808,7 @@ typedef struct {
* hibernate." */
   /** How do we determine when our AccountingMax has been reached?
* "max" for when in or out reaches AccountingMax
-   * "sum for when in plus out reaches AccountingMax */
+   * "sum" for when in plus out reaches AccountingMax */
   char *AccountingRule_option;
   enum { ACCT_MAX, ACCT_SUM } AccountingRule;
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix comments to describe actual return values (crypto.c)

2015-11-25 Thread nickm

commit 5b2adfb3d431b8f39cbddbd530840cacbb9b5ce5
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 20:31:57 2015 +1100

Fix comments to describe actual return values (crypto.c)
---
 src/common/crypto.c |   44 +---
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 80345d4..a5a01ae 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -432,7 +432,8 @@ crypto_pk_get_rsa_(crypto_pk_t *env)
 }
 
 /** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t.  Iff
- * private is set, include the private-key portion of the key. */
+ * private is set, include the private-key portion of the key. Return a valid
+ * pointer on success, and NULL on failure. */
 MOCK_IMPL(EVP_PKEY *,
   crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private))
 {
@@ -656,7 +657,8 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env,
   return 0;
 }
 
-/** Helper function to implement crypto_pk_write_*_key_to_string. */
+/** Helper function to implement crypto_pk_write_*_key_to_string. Return 0 on
+ * success, -1 on failure. */
 static int
 crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
size_t *len, int is_public)
@@ -897,7 +899,8 @@ crypto_pk_dup_key(crypto_pk_t *env)
   return env;
 }
 
-/** Make a real honest-to-goodness copy of env, and return it. */
+/** Make a real honest-to-goodness copy of env, and return it.
+ * Returns NULL on failure. */
 crypto_pk_t *
 crypto_pk_copy_full(crypto_pk_t *env)
 {
@@ -1189,7 +1192,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
   return -1;
 }
 
-/** Invert crypto_pk_public_hybrid_encrypt. */
+/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes
+ * written on success, -1 on failure. */
 int
 crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
  char *to,
@@ -1484,7 +1488,7 @@ crypto_cipher_get_key(crypto_cipher_t *env)
 
 /** Encrypt fromlen bytes from from using the cipher
  * env; on success, store the result to to and return 0.
- * On failure, return -1.
+ * Does not check for failure.
  */
 int
 crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
@@ -1503,7 +1507,7 @@ crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
 
 /** Decrypt fromlen bytes from from using the cipher
  * env; on success, store the result to to and return 0.
- * On failure, return -1.
+ * Does not check for failure.
  */
 int
 crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
@@ -1519,7 +1523,7 @@ crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
 }
 
 /** Encrypt len bytes on from using the cipher in env;
- * on success, return 0.  On failure, return -1.
+ * on success, return 0. Does not check for failure.
  */
 int
 crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *buf, size_t len)
@@ -1591,7 +1595,7 @@ crypto_cipher_decrypt_with_iv(const char *key,
 
 /** Compute the SHA1 digest of the len bytes on data stored in
  * m.  Write the DIGEST_LEN byte result into digest.
- * Return 0 on success, -1 on failure.
+ * Return 0 on success, 1 on failure.
  */
 int
 crypto_digest(char *digest, const char *m, size_t len)
@@ -1603,7 +1607,7 @@ crypto_digest(char *digest, const char *m, size_t len)
 
 /** Compute a 256-bit digest of len bytes in data stored in m,
  * using the algorithm algorithm.  Write the DIGEST_LEN256-byte result
- * into digest.  Return 0 on success, -1 on failure. */
+ * into digest.  Return 0 on success, 1 on failure. */
 int
 crypto_digest256(char *digest, const char *m, size_t len,
  digest_algorithm_t algorithm)
@@ -1836,7 +1840,7 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t 
len_out,
 
 /** Compute the HMAC-SHA-256 of the msg_len bytes in msg, using
  * the key of length key_len.  Store the DIGEST256_LEN-byte
- * result in hmac_out.
+ * result in hmac_out. Asserts on failure.
  */
 void
 crypto_hmac_sha256(char *hmac_out,
@@ -1941,7 +1945,8 @@ init_dh_param(void)
  */
 #define DH_PRIVATE_KEY_BITS 320
 
-/** Allocate and return a new DH object for a key exchange.
+/** Allocate and return a new DH object for a key exchange. Returns NULL on
+ * failure.
  */
 crypto_dh_t *
 crypto_dh_new(int dh_type)
@@ -2196,7 +2201,7 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, 
size_t key_in_len,
  * secret key material; the salt_in_len bytes at salt_in and the
  * info_in_len bytes in info_in_len are the algorithm's "salt"
  * and "info" parameters respectively.  On success, write key_out_len
- * bytes to key_out and return 0.  On failure, return -1.
+ * bytes to key_out and return 0.  Assert on failure.
  */
 int
 crypto_expand_key_material_rfc5869_sha256(
@@ -2280,7 +2285,7 @@ crypto_seed_weak_rng(tor_weak_rng_t *rng)
 }
 
 /** Try to get out_len bytes of the strongest entropy we can generate,
- * storing it into out.
+ * storing it into out. Return -1 on success, 0 on failure.
  */
 int

[tor-commits] [tor/master] Comment only: crypto_seed_rng no longer has a "startup" parameter

2015-11-25 Thread nickm

commit 604d3ee48d5a407e525045138d45d40943b0eff6
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 10:26:07 2015 +1100

Comment only: crypto_seed_rng no longer has a "startup" parameter
---
 src/common/crypto.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 7b38568..f5f9bbe 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2335,8 +2335,7 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
 }
 
 /** Seed OpenSSL's random number generator with bytes from the operating
- * system.  startup should be true iff we have just started Tor and
- * have not yet allocated a bunch of fds.  Return 0 on success, -1 on failure.
+ * system.  Return 0 on success, -1 on failure.
  */
 int
 crypto_seed_rng(void)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Drop HidServDirectoryV2 and VoteOnHidServDirectoriesV2

2015-11-25 Thread nickm

commit 8661b4b5a2664f2bcda36d51371c0e141be497bd
Author: Damian Johnson 
Date:   Mon Nov 23 18:27:17 2015 -0800

Drop HidServDirectoryV2 and VoteOnHidServDirectoriesV2

These options were removed from tor in July. Time to axe them from our man
page. :P

  
https://gitweb.torproject.org/tor.git/commit/?id=2f8cf524ba4e565ab613504a4c41fd724d32facc
---
 doc/tor.1.txt |   12 +---
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 4daac3e..7f6d91d 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1936,11 +1936,6 @@ if DirPort is non-zero):
 to set up a separate webserver. There's a sample disclaimer in
 contrib/operator-tools/tor-exit-notice.html.
 
-[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
-When this option is set, Tor accepts and serves v2 hidden service
-descriptors. Setting DirPort is not required for this, because clients
-connect via the ORPort by default. (Default: 1)
-
 [[DirPort]] **DirPort** \['address':]__PORT__|**auto** [_flags_]::
 If this option is nonzero, advertise the directory service on this port.
 Set it to "auto" to have Tor pick a port for you.  This option can occur
@@ -2152,11 +2147,6 @@ on the public Tor network.
 that fine-grained information about nodes can be discarded when it hasn't
 changed for a given amount of time.  (Default: 24 hours)
 
-[[VoteOnHidServDirectoriesV2]] **VoteOnHidServDirectoriesV2** **0**|**1**::
-When this option is set in addition to **AuthoritativeDirectory**, Tor
-votes on whether to accept relays as hidden service directories.
-(Default: 1)
-
 [[AuthDirHasIPv6Connectivity]] **AuthDirHasIPv6Connectivity** **0**|**1**::
 Authoritative directories only. When set to 0, OR ports with an
 IPv6 address are being accepted without reachability testing.
@@ -2420,7 +2410,7 @@ The following options are used for running a testing Tor 
network.
 information on how to specify nodes.
  +
 In order for this option to have any effect, **TestingTorNetwork**
-and **VoteOnHidServDirectoriesV2** both have to be set.
+must be set.
 
 [[TestingDirAuthVoteHSDirIsStrict]] **TestingDirAuthVoteHSDirIsStrict** 
**0**|**1** ::
 If True (1), a node will never receive the HSDir flag unless it is 
specified



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

2015-11-25 Thread translation

commit 688fb9f184176e90593a578008194b02e17ce84e
Author: Translation commit bot 
Date:   Wed Nov 25 14:15:03 2015 +

Update translations for bridgedb
---
 th/LC_MESSAGES/bridgedb.po |   10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/th/LC_MESSAGES/bridgedb.po b/th/LC_MESSAGES/bridgedb.po
index 71af3d9..fe8b54b 100644
--- a/th/LC_MESSAGES/bridgedb.po
+++ b/th/LC_MESSAGES/bridgedb.po
@@ -12,7 +12,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-25 13:40+\n"
+"PO-Revision-Date: 2015-11-25 14:02+\n"
 "Last-Translator: Ella Rudland \n"
 "Language-Team: Thai (http://www.transifex.com/otf/torproject/language/th/)\n"
 "MIME-Version: 1.0\n"
@@ -249,7 +249,7 @@ msgid ""
 "Pluggable Transports %s which maybe doesn't sound as cool, but they can 
still\n"
 "help to circumvent internet censorship in many cases.\n"
 "\n"
-msgstr ""
+msgstr "à¸¢à¸´à¹à¸à¸à¸§à¹à¸²à¸à¸±à¹à¸ BridgeDB 
à¸¡à¸µà¸à¸£à¸´à¸à¸à¸ºà¸¡à¸²à¸à¸£à¸à¸²à¸ %s 
à¹à¸à¸¢à¹à¸¡à¹à¸¡à¸µ\nPluggable Transports 
%s\nà¸à¸µà¹à¸à¹à¸§à¸¢à¸«à¸¥à¸µà¸à¹à¸¥à¸µà¹à¸¢à¸à¸à¸²à¸£à¹à¸à¹à¸à¹à¸à¸à¸£à¹à¹à¸à¸ªà¸à¸²à¸à¸à¸²à¸£à¸à¹à¸ªà¹à¸§à¸à¸¡à¸²à¸\n\n"
 
 #: bridgedb/strings.py:101
 msgid "What are bridges?"
@@ -258,11 +258,11 @@ msgstr "à¸à¸£à¸´à¸à¸à¹à¸à¸·à¸à¸à¸°à¹à¸£?"
 #: bridgedb/strings.py:102
 #, python-format
 msgid "%s Bridges %s are Tor relays that help you circumvent censorship."
-msgstr ""
+msgstr "%s à¸à¸£à¸´à¸à¸à¸º %s à¸à¸·à¸ Tor 
à¸£à¸µà¹à¸¥à¸¢à¹à¸à¸µà¹à¸à¹à¸§à¸¢à¹à¸«à¹à¸à¸¸à¸à¸«à¸¥à¸µà¸à¹à¸¥à¸µà¹à¸¢à¸à¸à¸²à¸£à¹à¸à¹à¸à¹à¸à¸à¸£à¹."
 
 #: bridgedb/strings.py:107
 msgid "I need an alternative way of getting bridges!"
-msgstr 
"à¸à¸±à¸à¸à¹à¸à¸à¸à¸²à¸£à¸à¸²à¸à¹à¸¥à¸·à¸à¸à¸à¸·à¹à¸à¹à¸à¸·à¹à¸à¹à¸à¹à¸²à¸à¸¶à¸à¸ªà¸°à¸à¸²à¸"
+msgstr 
"à¸à¹à¸à¸à¸à¸²à¸£à¸à¸²à¸à¹à¸¥à¸·à¸à¸à¹à¸à¸·à¹à¸à¹à¸à¹à¸à¸£à¸´à¸à¸à¹"
 
 #: bridgedb/strings.py:108
 #, python-format
@@ -274,7 +274,7 @@ msgstr ""
 
 #: bridgedb/strings.py:115
 msgid "My bridges don't work! I need help!"
-msgstr "à¸à¹à¸à¸à¸à¸²à¸£à¸à¸§à¸²à¸¡à¸à¹à¸§à¸¢à¹à¸«à¸¥à¸·à¸ 
à¸ªà¸°à¸à¸²à¸à¹à¸¡à¹à¸à¸³à¸à¸²à¸"
+msgstr "à¸à¸£à¸´à¸à¸à¹à¹à¸¡à¹à¸à¸³à¸à¸²à¸ 
à¸à¹à¸à¸à¸à¸²à¸£à¸à¸§à¸²à¸¡à¸à¹à¸§à¸¢à¹à¸«à¸¥à¸·à¸ "
 
 #. TRANSLATORS: Please DO NOT translate "Tor".
 #: bridgedb/strings.py:117

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Include netinet/in.h (if detected) in check for net/pfvar.h

2015-11-25 Thread nickm

commit 232ccc18c40f0d0302b2e21b0f67885c548f8e63
Author: Nick Mathewson 
Date:   Wed Nov 25 09:27:52 2015 -0500

Include netinet/in.h (if detected) in check for net/pfvar.h

Patch from rubiate; fixes bug 17551.
---
 changes/bug17551 |4 
 configure.ac |3 +++
 2 files changed, 7 insertions(+)

diff --git a/changes/bug17551 b/changes/bug17551
new file mode 100644
index 000..27e4679
--- /dev/null
+++ b/changes/bug17551
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- When checking for net/pfvar.h, include netinet/in.h if possible.
+  This fixes transparent proxy detection on OpenBSD. Fixes bug
+  17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
diff --git a/configure.ac b/configure.ac
index 06d03ae..3236a81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -971,6 +971,9 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, 
net_pfvar_found=0,
 #endif
 #ifdef HAVE_NET_IF_H
 #include 
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include 
 #endif])
 
 AC_CHECK_HEADERS(linux/if.h,[],[],

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fixup! Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays

2015-11-25 Thread nickm

commit a09e7cd31a16244793c0848321c25e9cf6d8046f
Author: teor (Tim Wilson-Brown) 
Date:   Mon Nov 23 08:38:32 2015 +1100

fixup! Block OutboundBindAddressIPv[4|6]_ and configured ports on exit 
relays

Fix unit tests for get_interface_address6_list to assume less
about the interface addresses on the system.

Instead, mock get_interface_address6_list and use the mocked
function to provide a range of address combinations.
---
 src/test/test_policy.c |   91 
 1 file changed, 85 insertions(+), 6 deletions(-)

diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 52360f3..63672ea 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -692,8 +692,44 @@ test_policies_reject_port_address(void *arg)
   UNMOCK(get_configured_ports);
 }
 
-#undef TEST_IPV4_ADDR
-#undef TEST_IPV6_ADDR
+smartlist_t *mock_ipv4_addrs = NULL;
+smartlist_t *mock_ipv6_addrs = NULL;
+
+/* mock get_interface_address6_list, returning a deep copy of the template
+ * address list ipv4_interface_address_list or ipv6_interface_address_list */
+static smartlist_t *
+mock_get_interface_address6_list(int severity,
+sa_family_t family,
+int include_internal)
+{
+  (void)severity;
+  (void)include_internal;
+  smartlist_t *clone_list = smartlist_new();
+  smartlist_t *template_list = NULL;
+
+  if (family == AF_INET) {
+template_list = mock_ipv4_addrs;
+  } else if (family == AF_INET6) {
+template_list = mock_ipv6_addrs;
+  } else {
+return NULL;
+  }
+
+  tt_assert(template_list);
+
+  SMARTLIST_FOREACH_BEGIN(template_list, tor_addr_t *, src_addr) {
+tor_addr_t *dest_addr = malloc(sizeof(tor_addr_t));
+memset(dest_addr, 0, sizeof(*dest_addr));
+tor_addr_copy_tight(dest_addr, src_addr);
+smartlist_add(clone_list, dest_addr);
+  } SMARTLIST_FOREACH_END(src_addr);
+
+  return clone_list;
+
+ done:
+  free_interface_address6_list(clone_list);
+  return NULL;
+}
 
 /** Run unit tests for rejecting publicly routable interface addresses on this
  * exit relay using policies_parse_exit_policy_reject_private */
@@ -705,6 +741,7 @@ test_policies_reject_interface_address(void *arg)
 get_interface_address6_list(LOG_INFO, AF_INET, 0);
   smartlist_t *public_ipv6_addrs =
 get_interface_address6_list(LOG_INFO, AF_INET6, 0);
+  tor_addr_t ipv4_addr, ipv6_addr;
   (void)arg;
 
   /* test that no addresses are rejected when none are supplied/requested */
@@ -712,30 +749,72 @@ test_policies_reject_interface_address(void *arg)
   tt_assert(policy == NULL);
 
   /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   * (and allow for duplicates)
*/
   policies_parse_exit_policy_reject_private(, 0, NULL, 1, 0);
   if (policy) {
-tt_assert(smartlist_len(policy) == smartlist_len(public_ipv4_addrs));
+tt_assert(smartlist_len(policy) <= smartlist_len(public_ipv4_addrs));
 addr_policy_list_free(policy);
 policy = NULL;
   }
 
   /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
-   * exit */
-  policies_parse_exit_policy_reject_private(, 0, NULL, 1, 0);
+   * exit (and allow for duplicates) */
+  policies_parse_exit_policy_reject_private(, 1, NULL, 1, 0);
   if (policy) {
-tt_assert(smartlist_len(policy) == (smartlist_len(public_ipv4_addrs)
+tt_assert(smartlist_len(policy) <= (smartlist_len(public_ipv4_addrs)
 + smartlist_len(public_ipv6_addrs)));
 addr_policy_list_free(policy);
 policy = NULL;
   }
 
+  /* Now do it all again, but mocked */
+  tor_addr_from_ipv4h(_addr, TEST_IPV4_ADDR);
+  mock_ipv4_addrs = smartlist_new();
+  smartlist_add(mock_ipv4_addrs, (void *)_addr);
+
+  tor_addr_parse(_addr, TEST_IPV6_ADDR);
+  mock_ipv6_addrs = smartlist_new();
+  smartlist_add(mock_ipv6_addrs, (void *)_addr);
+
+  MOCK(get_interface_address6_list, mock_get_interface_address6_list);
+
+  /* test that no addresses are rejected when none are supplied/requested */
+  policies_parse_exit_policy_reject_private(, 0, NULL, 0, 0);
+  tt_assert(policy == NULL);
+
+  /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   */
+  policies_parse_exit_policy_reject_private(, 0, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == smartlist_len(mock_ipv4_addrs));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
+   * exit */
+  policies_parse_exit_policy_reject_private(, 1, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == (smartlist_len(mock_ipv4_addrs)
+  + smartlist_len(mock_ipv6_addrs)));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
  done:
   addr_policy_list_free(policy);
   free_interface_address6_list(public_ipv4_addrs);

[tor-commits] [tor/master] ControlPort's section on flags wasn't indented

2015-11-25 Thread nickm

commit 690b66ce48f98b9bf109d63ccce93a329e06d8cc
Author: Damian Johnson 
Date:   Mon Nov 23 17:25:26 2015 -0800

ControlPort's section on flags wasn't indented

Minor formatting issue with our ControlPort entry. The part about flags 
wasn't
indented with the rest of its description.
---
 doc/tor.1.txt |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 60fd5bd..00cdf27 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -289,9 +289,9 @@ GENERAL OPTIONS
 any process on the local host to control it. (Setting both authentication
 methods means eithermethod is sufficient to authenticate to Tor.) This
 option is required for many Tor controllers; most use the value of 9051.
-Set it to "auto" to have Tor pick a port for you. (Default: 0)
+Set it to "auto" to have Tor pick a port for you. (Default: 0) +
  +
-Recognized flags are::
+Recognized flags are...
 **GroupWritable**;;
 Unix domain sockets only: makes the socket get created as
 group-writable.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Malformed ExtORPort entry in man page

2015-11-25 Thread nickm

commit 4417effa52d24a665a4eb65c2533283dcb4f1fec
Author: Damian Johnson 
Date:   Mon Nov 23 17:23:14 2015 -0800

Malformed ExtORPort entry in man page

Minor formatting issue with our ExtORPort that caused its description to be 
on
the same line as the option (munging the two together).
---
 doc/tor.1.txt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index aba0c1c..60fd5bd 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -221,7 +221,7 @@ GENERAL OPTIONS
 any pluggable transport proxy that tries to launch __transport__. +
 (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd 
cache=/var/lib/tor/cache)
 
-[[ExtORPort]] **ExtORPort** \['address':]__port__|**auto**
+[[ExtORPort]] **ExtORPort** \['address':]__port__|**auto**::
 Open this port to listen for Extended ORPort connections from your
 pluggable transports.
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Note in man page where users can file bugs

2015-11-25 Thread nickm

commit 5812930dc1cc6577955e9dfef0f77e9ed27a6e0d
Author: Damian Johnson 
Date:   Mon Nov 23 17:26:46 2015 -0800

Note in man page where users can file bugs

In addition to inviting users to tell us about bugs, lets say where.
---
 doc/tor.1.txt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 00cdf27..2fd3740 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2654,7 +2654,7 @@ SEE ALSO
 BUGS
 
 
-Plenty, probably. Tor is still in development. Please report them.
+Plenty, probably. Tor is still in development. Please report them at 
https://trac.torproject.org/.
 
 AUTHORS
 ---



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fixes for tor's man page

2015-11-25 Thread nickm

commit dd63a6a73660ba4880eaf132ec99db489cbd136e
Merge: 6cdd024 8661b4b
Author: Damian Johnson 
Date:   Mon Nov 23 18:29:19 2015 -0800

Fixes for tor's man page

I'm adding Stem test coverage for tor's man page and in doing so ran into 
quite
a few issues. All of them are pretty minor (worst was misnaming a couple 
config
options), but still good things to fix. :P

 doc/tor.1.txt |   66 +
 1 file changed, 29 insertions(+), 37 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Replace 'SOCKSPort' with 'SocksPort'

2015-11-25 Thread nickm

commit 1193647ac81aaf37627c02b1653f5a9d7b5802fa
Author: Damian Johnson 
Date:   Mon Nov 23 17:32:49 2015 -0800

Replace 'SOCKSPort' with 'SocksPort'

When applying changes from proposal 171 Nick renamed SocksPort to SOCKSPort,
and SocksListenAddress to SOCKSListenAddress...

  
https://gitweb.torproject.org/tor.git/commit/?id=891ccd3cd0690e83f1dc4dde7698c3bd9d7fe98d

However, this didn't change the option itself in tor (it's still SocksPort),
and wasn't even uniform in the man page. Functionally this doesn't matter
(tor's config options are case insensitive) but this is a pretty clear
regression.
---
 doc/tor.1.txt |   36 ++--
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 2fd3740..927a188 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -98,8 +98,8 @@ COMMAND-LINE OPTIONS
 Other options can be specified on the command-line in the format "--option
 value", in the format "option value", or in a configuration file.  For
 instance, you can tell Tor to start listening for SOCKS connections on port
- by passing --SOCKSPort  or SOCKSPort  to it on the command line,
-or by putting "SOCKSPort " in the configuration file.  You will need to
+ by passing --SocksPort  or SocksPort  to it on the command line,
+or by putting "SocksPort " in the configuration file.  You will need to
 quote options with spaces in them: if you want Tor to log all debugging
 messages to debug.log, you will probably need to say --Log 'debug file
 debug.log'.
@@ -125,17 +125,17 @@ the defaults file.
 
 This rule is simple for options that take a single value, but it can become
 complicated for options that are allowed to occur more than once: if you
-specify four SOCKSPorts in your configuration file, and one more SOCKSPort on
+specify four SocksPorts in your configuration file, and one more SocksPort on
 the command line, the option on the command line will replace __all__ of the
-SOCKSPorts in the configuration file.  If this isn't what you want, prefix
+SocksPorts in the configuration file.  If this isn't what you want, prefix
 the option name with a plus sign (+), and it will be appended to the previous
-set of options instead.  For example, setting SOCKSPort 9100 will use only
-port 9100, but setting +SOCKSPort 9100 will use ports 9100 and 9050 (because
+set of options instead.  For example, setting SocksPort 9100 will use only
+port 9100, but setting +SocksPort 9100 will use ports 9100 and 9050 (because
 this is the default).
 
 Alternatively, you might want to remove every instance of an option in the
 configuration file, and not replace it at all: you might want to say on the
-command line that you want no SOCKSPorts at all.  To do that, prefix the
+command line that you want no SocksPorts at all.  To do that, prefix the
 option name with a forward slash (/).  You can use the plus sign (+) and the
 forward slash (/) in the configuration file and on the command line.
 
@@ -968,7 +968,7 @@ The following options are useful only for clients (that is, 
if
 the same circuit. Currently, two addresses are "too close" if they lie in
 the same /16 range. (Default: 1)
 
-[[SOCKSPort]] **SOCKSPort** \['address':]__port__|**unix:**__path__|**auto** 
[_flags_] [_isolation flags_]::
+[[SocksPort]] **SocksPort** \['address':]__port__|**unix:**__path__|**auto** 
[_flags_] [_isolation flags_]::
 Open this port to listen for connections from SOCKS-speaking
 applications. Set this to 0 if you don't want to allow application
 connections via SOCKS. Set it to "auto" to have Tor pick a port for
@@ -983,7 +983,7 @@ The following options are useful only for clients (that is, 
if
 to use your computer as an open proxy. +
  +
 The _isolation flags_ arguments give Tor rules for which streams
-received on this SOCKSPort are allowed to share circuits with one
+received on this SocksPort are allowed to share circuits with one
 another.  Recognized isolation flags are:
 **IsolateClientAddr**;;
 Don't share circuits with streams from a different
@@ -1010,11 +1010,11 @@ The following options are useful only for clients (that 
is, if
 If no other isolation rules would prevent it, allow streams
 on this port to share circuits with streams from every other
 port with the same session group.  (By default, streams received
-on different SOCKSPorts, TransPorts, etc are always isolated from one
+on different SocksPorts, TransPorts, etc are always isolated from one
 another. This option overrides that behavior.)
 
-[[OtherSOCKSPortFlags]]::
-Other recognized __flags__ for a SOCKSPort are:
+[[OtherSocksPortFlags]]::
+Other recognized __flags__ for a SocksPort are:
 **NoIPv4Traffic**;;
 Tell exits to not connect to IPv4 addresses in response to SOCKS
 requests on

[tor-commits] [tor/master] Rename RecommendedPackageVersions to RecommendedPackages

2015-11-25 Thread nickm

commit 961db64d3c106e5b8e370a2d8b2491344de6734a
Author: Damian Johnson 
Date:   Mon Nov 23 17:44:52 2015 -0800

Rename RecommendedPackageVersions to RecommendedPackages

A 'RecommendedPackageVersions' option doesn't exist in tor. However, it 
*does*
have RecommendedPackages...

  feature: https://gitweb.torproject.org/tor.git/commit/?id=c83d8381
  man addition: https://gitweb.torproject.org/tor.git/commit/?id=ddfdeb56
---
 doc/tor.1.txt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 927a188..0241046 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2001,7 +2001,7 @@ on the public Tor network.
 multiple times: the values from multiple lines are spliced together. When
 this is set then **VersioningAuthoritativeDirectory** should be set too.
 
-[[RecommendedPackageVersions]] **RecommendedPackageVersions** __PACKAGENAME__ 
__VERSION__ __URL__ __DIGESTTYPE__**=**__DIGEST__ ::
+[[RecommendedPackages]] **RecommendedPackages** __PACKAGENAME__ __VERSION__ 
__URL__ __DIGESTTYPE__**=**__DIGEST__ ::
 Adds "package" line to the directory authority's vote.  This information
 is used to vote on the correct URL and digest for the released versions
 of different Tor-related packages, so that the consensus can certify



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Split 'slop' man page options to their own lines

2015-11-25 Thread nickm

commit feeb3e761cafe0c3a5c0c8be58df54f1cde2fcdb
Author: Damian Johnson 
Date:   Mon Nov 23 18:21:38 2015 -0800

Split 'slop' man page options to their own lines

The slop testing options are the only spot where we try to enumerate 
multiple
options on the same line. Changing them to each be on their own line as we 
do
elsewhere.
---
 doc/tor.1.txt |6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 0db88e6..4daac3e 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2459,8 +2459,10 @@ The following options are used for running a testing Tor 
network.
 key.
 (Default: 2 days)
 
-[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ 
**seconds**|**minutes**|**hours**::
-[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ 
**seconds**|**minutes**|**hours**::
+[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ 
**seconds**|**minutes**|**hours** +
+
+[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ 
**seconds**|**minutes**|**hours** +
+
 [[TestingSigningKeySlop]] **TestingSigningKeySlop** __N__ 
**seconds**|**minutes**|**hours**::
 How early before the official expiration of a an Ed25519 signing key do
 we replace it and issue a new key?



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'teor/comments-20151123'

2015-11-25 Thread nickm

commit 45caeec9a03d7caca13ef4d6caeda23f7bb3129e
Merge: ab1bc38 5b2adfb
Author: Nick Mathewson 
Date:   Wed Nov 25 09:08:15 2015 -0500

Merge remote-tracking branch 'teor/comments-20151123'

 src/common/crypto.c |   49 +++--
 src/or/config.c |6 +++---
 src/or/or.h |2 +-
 3 files changed, 31 insertions(+), 26 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'public/decouple_dir_request_failed'

2015-11-25 Thread nickm

commit fe8eb9b366d9dccf06d8d4ce117b67bbb3aeba60
Merge: 45caeec dc0d2b5
Author: Nick Mathewson 
Date:   Wed Nov 25 09:21:25 2015 -0500

Merge remote-tracking branch 'public/decouple_dir_request_failed'

 changes/bug17589   |7 +++
 src/or/directory.c |5 +
 2 files changed, 8 insertions(+), 4 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Don't relaunch dir requests recursively if connection_connect() returns -1

2015-11-25 Thread nickm

commit dc0d2b59706d036b97451dc1f8addc86ed783c2e
Author: Nick Mathewson 
Date:   Tue Nov 17 09:40:05 2015 -0500

Don't relaunch dir requests recursively if connection_connect() returns -1

Closes ticket 17589.
---
 changes/bug17589   |7 +++
 src/or/directory.c |5 +
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/changes/bug17589 b/changes/bug17589
new file mode 100644
index 000..9110327
--- /dev/null
+++ b/changes/bug17589
@@ -0,0 +1,7 @@
+  o Code simplificiation and refactoring:
+- When a direct directory request fails immediately on launch,
+  instead of relaunching that request from inside the code that
+  launches it, instead mark the connection for teardown. This
+  change simplifies Tor's callback and prevents the directory-
+  request launching code from invoking itself recursively.
+  Closes ticket 17589.
\ No newline at end of file
diff --git a/src/or/directory.c b/src/or/directory.c
index 6f8edb5..8d4c0a8 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -991,10 +991,7 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
 switch (connection_connect(TO_CONN(conn), conn->base_.address, ,
dir_port, _error)) {
   case -1:
-connection_dir_request_failed(conn); /* retry if we want */
-/* XXX we only pass 'conn' above, not 'resource', 'payload',
- * etc. So in many situations it can't retry! -RD */
-connection_free(TO_CONN(conn));
+connection_mark_for_close(TO_CONN(conn));
 return;
   case 1:
 /* start flushing conn */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Include netinet/in.h (if detected) in check for net/pfvar.h

2015-11-25 Thread nickm

commit 232ccc18c40f0d0302b2e21b0f67885c548f8e63
Author: Nick Mathewson 
Date:   Wed Nov 25 09:27:52 2015 -0500

Include netinet/in.h (if detected) in check for net/pfvar.h

Patch from rubiate; fixes bug 17551.
---
 changes/bug17551 |4 
 configure.ac |3 +++
 2 files changed, 7 insertions(+)

diff --git a/changes/bug17551 b/changes/bug17551
new file mode 100644
index 000..27e4679
--- /dev/null
+++ b/changes/bug17551
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+- When checking for net/pfvar.h, include netinet/in.h if possible.
+  This fixes transparent proxy detection on OpenBSD. Fixes bug
+  17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
diff --git a/configure.ac b/configure.ac
index 06d03ae..3236a81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -971,6 +971,9 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, 
net_pfvar_found=0,
 #endif
 #ifdef HAVE_NET_IF_H
 #include 
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include 
 #endif])
 
 AC_CHECK_HEADERS(linux/if.h,[],[],



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.7'

2015-11-25 Thread nickm

commit 62aad9c0b6812d04cfca3ec9e104d8ee2cbebb7c
Merge: fe8eb9b 232ccc1
Author: Nick Mathewson 
Date:   Wed Nov 25 09:28:44 2015 -0500

Merge branch 'maint-0.2.7'

 changes/bug17551 |4 
 configure.ac |3 +++
 2 files changed, 7 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Initialize libevent before periodic events

2015-11-25 Thread nickm

commit c59c622d8590c4abed6b8095a7451e2ba4d9200a
Author: cypherpunks 
Date:   Wed Nov 25 15:20:07 2015 +0100

Initialize libevent before periodic events

The initialization of libevent interferes with other tests so we also
fork the circuit_timeout test.
---
 src/test/test.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/test/test.c b/src/test/test.c
index 0bc6292..1c4c292 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -319,6 +319,11 @@ test_circuit_timeout(void *arg)
   int i, runs;
   double close_ms;
   (void)arg;
+  tor_libevent_cfg cfg;
+
+  memset(, 0, sizeof(cfg));
+
+  tor_libevent_initialize();
   initialize_periodic_events();
 
   circuit_build_times_init();
@@ -1114,7 +1119,7 @@ static struct testcase_t test_array[] = {
   { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
   ENT(onion_queues),
   { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
-  ENT(circuit_timeout),
+  FORK(circuit_timeout),
   FORK(rend_fns),
   ENT(geoip),
   FORK(geoip_with_pt),

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Attempt to make openbsd compilation happier with libevent2 installed

2015-11-25 Thread nickm

commit 5dff4ae0ad5e2a1fb93ceae3446f0a315fbd8a3a
Author: Nick Mathewson 
Date:   Wed Nov 25 09:43:12 2015 -0500

Attempt to make openbsd compilation happier with libevent2 installed

Fix for bug 16651; patch from "rubiate".
---
 changes/bug16651 |5 +
 configure.ac |   21 +
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/changes/bug16651 b/changes/bug16651
new file mode 100644
index 000..096daea
--- /dev/null
+++ b/changes/bug16651
@@ -0,0 +1,5 @@
+  o Minor bugfixes (compilation):
+
+- Fix search for libevent libraries on OpenBSD (and similar systems
+  which install libevent 1 and libevent 2 in parallel). Resolves
+  ticket 16651.  Patch from "rubiate".
diff --git a/configure.ac b/configure.ac
index 868ff55..82b933a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -501,9 +501,6 @@ AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
 AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
 
 LIBS="$save_LIBS"
-LDFLAGS="$save_LDFLAGS"
-CPPFLAGS="$save_CPPFLAGS"
-
 
 AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes)
 
@@ -514,9 +511,25 @@ if test "$enable_static_libevent" = "yes"; then
  TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
fi
 else
- TOR_LIBEVENT_LIBS="-levent"
+ if test x$ac_cv_header_event2_event_h = "xyes"; then
+   AC_SEARCH_LIBS(event_new, [event event_core])
+   AC_SEARCH_LIBS(evdns_base_new, [event event_extra])
+
+   if test $ac_cv_search_event_new != "none required"; then
+ TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
+   fi
+   if test $ac_cv_search_evdns_base_new != "none required"; then
+ TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
+   fi
+ else
+   TOR_LIBEVENT_LIBS="-levent"
+ fi
 fi
 
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
 dnl This isn't the best test for Libevent 2.0.3-alpha.  Once it's released,
 dnl we can do much better.
 if test "$enable_bufferevents" = "yes" ; then

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

2015-11-25 Thread translation

commit 44da95f133260ea78f18c2570eac9e993b9d3e23
Author: Translation commit bot 
Date:   Wed Nov 25 14:45:03 2015 +

Update translations for bridgedb
---
 th/LC_MESSAGES/bridgedb.po |   14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/th/LC_MESSAGES/bridgedb.po b/th/LC_MESSAGES/bridgedb.po
index fe8b54b..9297187 100644
--- a/th/LC_MESSAGES/bridgedb.po
+++ b/th/LC_MESSAGES/bridgedb.po
@@ -12,7 +12,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-25 14:02+\n"
+"PO-Revision-Date: 2015-11-25 14:44+\n"
 "Last-Translator: Ella Rudland \n"
 "Language-Team: Thai (http://www.transifex.com/otf/torproject/language/th/)\n"
 "MIME-Version: 1.0\n"
@@ -98,7 +98,7 @@ msgstr "à¸à¹à¸²à¸à¸à¸§à¸£à¸à¸°à¸¥à¸à¸à¸à¸¹ %s 
à¸à¸¥à¸±à¸ %s à¹à¸¥à¸·
 #: bridgedb/https/templates/index.html:11
 #, python-format
 msgid "Step %s1%s"
-msgstr ""
+msgstr "à¸¥à¸³à¸à¸±à¸%s1%s"
 
 #: bridgedb/https/templates/index.html:13
 #, python-format
@@ -108,7 +108,7 @@ msgstr "à¸à¸²à¸§à¸à¹' à¹à¸¥à¸ %s Tor 
à¹à¸à¸£à¸²à¸§à¹à¹à¸à¸à¸£à¹ %s"
 #: bridgedb/https/templates/index.html:25
 #, python-format
 msgid "Step %s2%s"
-msgstr ""
+msgstr "à¸¥à¸³à¸à¸±à¸%s2%s"
 
 #: bridgedb/https/templates/index.html:27
 #, python-format
@@ -118,7 +118,7 @@ msgstr "à¹à¸à¸² %s à¸à¸£à¸´à¸à¸à¹ à¸¡à¸² %s"
 #: bridgedb/https/templates/index.html:36
 #, python-format
 msgid "Step %s3%s"
-msgstr ""
+msgstr "à¸¥à¸³à¸à¸±à¸%s3%s"
 
 #: bridgedb/https/templates/index.html:38
 #, python-format
@@ -132,7 +132,7 @@ msgstr "à¹à¸¥à¹à¸§ %s à¸à¸£à¸´à¸à¸à¹à¹ 
à¹à¸ªà¹à¹à¸à¸´à¹à¸¡à¹à¸«à¹
 #: bridgedb/https/templates/options.html:38
 #, python-format
 msgid "%sJ%sust give me bridges!"
-msgstr ""
+msgstr 
"%sà¹à¸à¸²%sà¸à¸£à¸´à¸à¸à¸ºà¹à¸«à¹à¸à¸±à¸à¹à¸à¹à¸²à¸à¸±à¹à¸!"
 
 #: bridgedb/https/templates/options.html:51
 msgid "Advanced Options"
@@ -152,7 +152,7 @@ msgstr "à¹à¸à¸¥à¹à¸²"
 #: bridgedb/https/templates/options.html:124
 #, python-format
 msgid "%sY%ses!"
-msgstr ""
+msgstr "%sà¹à¸à¹%s"
 
 #. TRANSLATORS: Please make sure the '%s' surrounding single letters at the
 #. beginning of words are present in your final translation. Thanks!
@@ -270,7 +270,7 @@ msgid ""
 "Another way to get bridges is to send an email to %s. Please note that you 
must\n"
 "send the email using an address from one of the following email providers:\n"
 "%s, %s or %s."
-msgstr ""
+msgstr 
"à¸à¸µà¸à¸§à¸´à¸à¸µà¸£à¸±à¸à¸à¸£à¸´à¸à¸à¸ºà¸«à¸à¸¶à¹à¸à¸à¸·à¸à¸ªà¹à¸à¸à¸µà¹à¸¡à¸¥à¹à¸«à¹
 %s 
à¹à¸à¸£à¸à¹à¸à¹à¸²à¹à¸à¸§à¹à¸²à¸à¸¸à¸à¸à¹à¸à¸\nà¸ªà¹à¸à¸à¸µà¹à¸¡à¸¥à¸à¹à¸§à¸¢à¸à¸µà¹à¸¡à¸¥à¸à¸²à¸à¸à¸£à¸´à¸à¸²à¸£à¸à¸µà¹à¸¡à¸¥à¸à¸¶à¹à¸à¸à¸²à¸¡à¸¡à¸²:\n%s
 %s à¸«à¸£à¸·à¸ %s."
 
 #: bridgedb/strings.py:115
 msgid "My bridges don't work! I need help!"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

55 matches

Mail list logo