wfn / tor Public

Use escaped() for every line of transport proxy stderr output that
we log.

This is for #9957.

Transport proxies may communicate useful information over stderr.
Thus far stderr has been ignored. We should at the very least let
the user know that we have some stderr output (NOTICE), and log it
at INFO level. For now, we assume transport proxy configuration
won't happen over stderr; but the output is meaningful.

Fixes #9957.

We already have the rest of the utilities needed for handling stderr
handles. Just need the actual higher-level function to get the pipe.

This is needed for #9957.

A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.

Conflicts:
	src/or/circuituse.c

Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.

Conflicts:
	src/or/routerlist.h

I used a list of certificate files from arma, and a little script,
both at 11464.

(I need a list of actual signing keys to blacklist.)

Back in 175b267, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.

This involves some duplicate code between backtrace.c and sandbox.c,
but I don't see a way around it: calling more functions would mean
adding more steps to our call stack, and running clean_backtrace()
against the wrong point on the stack.

Tor doesn't use it directly, but the glibc backtrace-to-fd code does

Resolves ticket 5286.

Fixes bug 11460; bug only affects unit tests and is not in any
released version of Tor.

This commit does nothing other than pull the changes/* files into
ChangeLog, sorted by declared type.  I haven't comined any entries or
vetted anything yet.