12 files changed, 81 insertions, 28 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 01607a4b3a..127e6a95bc 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -131,7 +131,8 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
 #endif
     sin6->sin6_family = AF_INET6;
     sin6->sin6_port = htons(port);
-    memcpy(&sin6->sin6_addr, tor_addr_to_in6(a), sizeof(struct in6_addr));
+    memcpy(&sin6->sin6_addr, tor_addr_to_in6_assert(a),
+           sizeof(struct in6_addr));
     return sizeof(struct sockaddr_in6);
   } else {
     return 0;
diff --git a/src/common/address.h b/src/common/address.h
index 3de67e1c74..3f0bb521cd 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -74,6 +74,7 @@ typedef struct tor_addr_port_t
 #define TOR_ADDR_NULL {AF_UNSPEC, {0}}
 
 static inline const struct in6_addr *tor_addr_to_in6(const tor_addr_t *a);
+static inline const struct in6_addr *tor_addr_to_in6_assert(const tor_addr_t *a);
 static inline uint32_t tor_addr_to_ipv4n(const tor_addr_t *a);
 static inline uint32_t tor_addr_to_ipv4h(const tor_addr_t *a);
 static inline uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a);
@@ -97,21 +98,30 @@ tor_addr_to_in6(const tor_addr_t *a)
   return a->family == AF_INET6 ? &a->addr.in6_addr : NULL;
 }
 
+/** As tor_addr_to_in6, but assert that the address truly is an IPv6 address. */
+static inline const struct in6_addr *
+tor_addr_to_in6_assert(const tor_addr_t *a)
+{
+  tor_assert(a->family == AF_INET6);
+  return &a->addr.in6_addr;
+}
+
 /** Given an IPv6 address <b>x</b>, yield it as an array of uint8_t.
  *
  * Requires that <b>x</b> is actually an IPv6 address.
  */
-#define tor_addr_to_in6_addr8(x) tor_addr_to_in6(x)->s6_addr
+#define tor_addr_to_in6_addr8(x) tor_addr_to_in6_assert(x)->s6_addr
+
 /** Given an IPv6 address <b>x</b>, yield it as an array of uint16_t.
  *
  * Requires that <b>x</b> is actually an IPv6 address.
  */
-#define tor_addr_to_in6_addr16(x) S6_ADDR16(*tor_addr_to_in6(x))
+#define tor_addr_to_in6_addr16(x) S6_ADDR16(*tor_addr_to_in6_assert(x))
 /** Given an IPv6 address <b>x</b>, yield it as an array of uint32_t.
  *
  * Requires that <b>x</b> is actually an IPv6 address.
  */
-#define tor_addr_to_in6_addr32(x) S6_ADDR32(*tor_addr_to_in6(x))
+#define tor_addr_to_in6_addr32(x) S6_ADDR32(*tor_addr_to_in6_assert(x))
 
 /** Return an IPv4 address in network order for <b>a</b>, or 0 if
  * <b>a</b> is not an IPv4 address. */
diff --git a/src/common/compat.h b/src/common/compat.h
index b6ee4106db..6f102becc2 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -82,6 +82,44 @@
 #define CHECK_SCANF(formatIdx, firstArg)
 #endif
 
+/* What GCC do we have? */
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#else
+#define GCC_VERSION 0
+#endif
+
+/* Temporarily enable and disable warnings. */
+#ifdef __GNUC__
+#  define PRAGMA_STRINGIFY_(s) #s
+#  define PRAGMA_JOIN_STRINGIFY_(a,b) PRAGMA_STRINGIFY_(a ## b)
+/* Support for macro-generated pragmas (c99) */
+#  define PRAGMA_(x) _Pragma (#x)
+#  ifdef __clang__
+#    define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(clang diagnostic x)
+#  else
+#    define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(GCC diagnostic x)
+#  endif
+#  if defined(__clang__) || GCC_VERSION >= 406
+/* we have push/pop support */
+#    define DISABLE_GCC_WARNING(warning) \
+          PRAGMA_DIAGNOSTIC_(push) \
+          PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warning))
+#    define ENABLE_GCC_WARNING(warning) \
+          PRAGMA_DIAGNOSTIC_(pop)
+#  else
+/* older version of gcc: no push/pop support. */
+#    define DISABLE_GCC_WARNING(warning) \
+         PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warning))
+#    define ENABLE_GCC_WARNING(warning) \
+         PRAGMA_DIAGNOSTIC_(warning PRAGMA_JOIN_STRINGIFY_(-W,warning))
+#  endif
+#else /* ifdef __GNUC__ */
+/* not gcc at all */
+# define DISABLE_GCC_WARNING(warning)
+# define ENABLE_GCC_WARNING(warning)
+#endif
+
 /* inline is __inline on windows. */
 #ifdef _WIN32
 #define inline __inline
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index cc58883750..96fcec54d4 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -125,7 +125,7 @@ tor_event_free(struct event *ev)
 #endif
 
 /** Global event base for use by the main thread. */
-struct event_base *the_event_base = NULL;
+static struct event_base *the_event_base = NULL;
 
 /* This is what passes for version detection on OSX.  We set
  * MACOSX_KQUEUE_IS_BROKEN to true iff we're on a version of OSX before
diff --git a/src/common/crypto.h b/src/common/crypto.h
index ff38cca0da..f8fb0daa81 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -319,6 +319,11 @@ void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
 #ifdef CRYPTO_PRIVATE
 STATIC int crypto_force_rand_ssleay(void);
 STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
+
+#ifdef TOR_UNIT_TESTS
+extern int break_strongest_rng_syscall;
+extern int break_strongest_rng_fallback;
+#endif
 #endif
 
 #endif
diff --git a/src/common/log.c b/src/common/log.c
index 6c387c6244..e948ccfa04 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -270,7 +270,7 @@ log_tor_version(logfile_t *lf, int reset)
   return 0;
 }
 
-const char bug_suffix[] = " (on Tor " VERSION
+static const char bug_suffix[] = " (on Tor " VERSION
 #ifndef _MSC_VER
   " "
 #include "micro-revision.i"
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 70c5bbd07c..4e2c5cde22 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1443,7 +1443,7 @@ static HT_HEAD(getaddrinfo_cache, cached_getaddrinfo_item_t)
 
 HT_PROTOTYPE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
              cached_getaddrinfo_item_hash,
-             cached_getaddrinfo_items_eq);
+             cached_getaddrinfo_items_eq)
 HT_GENERATE2(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
              cached_getaddrinfo_item_hash,
              cached_getaddrinfo_items_eq,
diff --git a/src/common/torlog.h b/src/common/torlog.h
index 578af7caea..80f37e0e48 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -176,7 +176,7 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
                      const char *format, ...)
   CHECK_PRINTF(5,6);
 
-#if defined(__GNUC__)
+#if defined(__GNUC__) && __GNUC__ <= 3
 
 /* These are the GCC varidaic macros, so that older versions of GCC don't
  * break. */
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4ffc672546..1cb6ca8777 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -24,18 +24,11 @@
   #include <ws2tcpip.h>
 #endif
 
-#ifdef __GNUC__
-#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
-#endif
+#include "compat.h"
 
-#if __GNUC__ && GCC_VERSION >= 402
-#if GCC_VERSION >= 406
-#pragma GCC diagnostic push
-#endif
 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
  * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
-#pragma GCC diagnostic ignored "-Wredundant-decls"
-#endif
+DISABLE_GCC_WARNING(redundant-decls)
 
 #include <openssl/opensslv.h>
 #include "crypto.h"
@@ -53,13 +46,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-#if __GNUC__ && GCC_VERSION >= 402
-#if GCC_VERSION >= 406
-#pragma GCC diagnostic pop
-#else
-#pragma GCC diagnostic warning "-Wredundant-decls"
-#endif
-#endif
+ENABLE_GCC_WARNING(redundant-decls)
 
 #ifdef USE_BUFFEREVENTS
 #include <event2/bufferevent_ssl.h>
@@ -575,7 +562,7 @@ MOCK_IMPL(STATIC X509 *,
 
 /** List of ciphers that servers should select from when we actually have
  * our choice of what cipher to use. */
-const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
+static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
   /* This list is autogenerated with the gen_server_ciphers.py script;
    * don't hand-edit it. */
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 1a59c67df3..b6ab2ec8f5 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -164,8 +164,18 @@ STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                                     int is_client);
 STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain,
                            const char *doing);
+
+#ifdef TOR_UNIT_TESTS
+extern int tor_tls_object_ex_data_index;
+extern tor_tls_context_t *server_tls_context;
+extern tor_tls_context_t *client_tls_context;
+extern uint16_t v2_cipher_list[];
+extern uint64_t total_bytes_written_over_tls;
+extern uint64_t total_bytes_written_by_tls;
 #endif
 
+#endif /* endif TORTLS_PRIVATE */
+
 const char *tor_tls_err_to_string(int err);
 void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
 
diff --git a/src/common/util.c b/src/common/util.c
index 78afe5954f..1546fd123d 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -342,6 +342,7 @@ tor_free_(void *mem)
   tor_free(mem);
 }
 
+DISABLE_GCC_WARNING(aggregate-return)
 /** Call the platform malloc info function, and dump the results to the log at
  * level <b>severity</b>.  If no such function exists, do nothing. */
 void
@@ -369,6 +370,7 @@ tor_log_mallinfo(int severity)
                       );
 #endif
 }
+ENABLE_GCC_WARNING(aggregate-return)
 
 /* =====
  * Math
@@ -5528,7 +5530,7 @@ clamp_double_to_int64(double number)
    * representable integer for which this is not the case is INT64_MIN, but
    * it is covered by the logic below. */
   if (isfinite(number) && exp <= 63) {
-    return number;
+    return (int64_t)number;
   }
 
   /* Handle infinities and finite numbers with magnitude >= 2^63. */
diff --git a/src/common/util_process.c b/src/common/util_process.c
index 848b238318..abda63720c 100644
--- a/src/common/util_process.c
+++ b/src/common/util_process.c
@@ -61,9 +61,9 @@ process_map_entries_eq_(const waitpid_callback_t *a,
 static HT_HEAD(process_map, waitpid_callback_t) process_map = HT_INITIALIZER();
 
 HT_PROTOTYPE(process_map, waitpid_callback_t, node, process_map_entry_hash_,
-             process_map_entries_eq_);
+             process_map_entries_eq_)
 HT_GENERATE2(process_map, waitpid_callback_t, node, process_map_entry_hash_,
-             process_map_entries_eq_, 0.6, tor_reallocarray_, tor_free_);
+             process_map_entries_eq_, 0.6, tor_reallocarray_, tor_free_)
 
 /**
  * Begin monitoring the child pid <b>pid</b> to see if we get a SIGCHLD for