Closes ticket 18242.

The rationale here is that I like having coverage on by default in my
own working directory, but I always want assertions turned on unless
I'm doing branch coverage specifically.

The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!

Also, add some sample tests to be examples.

Use it in the sample_laplace_distribution function to make sure we return
the correct converted value after math operations are done on the input
values.

Thanks to Yawning for proposing a solution.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>

This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.

Background processes spawned by Tor now will have a valid stdin.
Pluggable transports can detect this behavior with the aformentioned
enviornment variable, and exit if stdin ever gets closed.

This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.

Arthur Edelstein authored 10 years ago and Nick Mathewson committed 10 years ago

Introduces two new circuit status name-value parameters: SOCKS_USERNAME
and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
are escaped.

Example:

    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"

This helps avoid undefined behavior from casting big double values to
int64_t. Fixes #14090.

Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.

Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.

Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?

David Stainton authored 10 years ago and meejah committed 10 years ago

Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.

anonymous authored 10 years ago and meejah committed 10 years ago

test-11291-group-redable-hsdirs-wtests-may8.patch

This lets us avoid sending SIGTERM to something that has already
died, since we realize it has already died, and is a fix for the
unix version of #8746.

George Kadianakis authored 11 years ago and Nick Mathewson committed 11 years ago

Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.

George Kadianakis authored 11 years ago and Nick Mathewson committed 11 years ago

This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.

There are some other places in the code that will want a signal-safe
way to format numbers, so it shouldn't be static to util.c.

We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.

dana koch authored 11 years ago and Nick Mathewson committed 11 years ago

This lets us have the possibility of fine-tuning the check in the tor_sscanf test cases at a later date.

Fixes 8240.

(Don't actually increase the default guard lifetime. It seems likely to
break too many things if done precipitiously.)