4 files changed, 46 insertions, 83 deletions

diff --git a/src/rust/protover/Cargo.toml b/src/rust/protover/Cargo.toml
index 86301b8787..a8480e142a 100644
--- a/src/rust/protover/Cargo.toml
+++ b/src/rust/protover/Cargo.toml
@@ -3,6 +3,8 @@ authors = ["The Tor Project"]
 version = "0.0.1"
 name = "protover"
 
+[features]
+
 [dependencies]
 libc = "=0.2.39"
 
@@ -18,6 +20,9 @@ path = "../tor_util"
 [dependencies.tor_allocate]
 path = "../tor_allocate"
 
+[dependencies.tor_log]
+path = "../tor_log"
+
 [lib]
 name = "protover"
 path = "lib.rs"
diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs
index f0216f157b..7386e988c5 100644
--- a/src/rust/protover/ffi.rs
+++ b/src/rust/protover/ffi.rs
@@ -10,9 +10,6 @@ use std::ffi::CStr;
 
 use smartlist::*;
 use tor_allocate::allocate_and_copy_string;
-use tor_util::strings::byte_slice_is_c_like;
-use tor_util::strings::empty_static_cstr;
-
 
 use errors::ProtoverError;
 use protover::*;
@@ -182,18 +179,7 @@ pub extern "C" fn protocol_list_supports_protocol_or_later(
 pub extern "C" fn protover_get_supported_protocols() -> *const c_char {
     let supported: &'static CStr;
 
-    // If we're going to pass it to C, there cannot be any intermediate NUL
-    // bytes.  An assert is okay here, since changing the const byte slice
-    // in protover.rs to contain a NUL byte somewhere in the middle would be a
-    // programming error.
-    assert!(byte_slice_is_c_like(SUPPORTED_PROTOCOLS));
-
-    // It's okay to unwrap the result of this function because
-    // we can see that the bytes we're passing into it 1) are valid UTF-8,
-    // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
-    // byte.
-    supported = CStr::from_bytes_with_nul(SUPPORTED_PROTOCOLS).unwrap();
-
+    supported = get_supported_protocols_cstr();
     supported.as_ptr()
 }
 
@@ -252,10 +238,9 @@ pub extern "C" fn protover_is_supported_here(
 #[no_mangle]
 pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const c_char {
     let supported: &'static CStr;
-    let elder_protocols: &'static [u8];
     let empty: &'static CStr;
 
-    empty = empty_static_cstr();
+    empty = cstr!("");
 
     if version.is_null() {
         return empty.as_ptr();
@@ -270,19 +255,6 @@ pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const
         Err(_) => return empty.as_ptr(),
     };
 
-    elder_protocols = compute_for_old_tor_cstr(&version);
-
-    // If we're going to pass it to C, there cannot be any intermediate NUL
-    // bytes.  An assert is okay here, since changing the const byte slice
-    // in protover.rs to contain a NUL byte somewhere in the middle would be a
-    // programming error.
-    assert!(byte_slice_is_c_like(elder_protocols));
-
-    // It's okay to unwrap the result of this function because
-    // we can see that the bytes we're passing into it 1) are valid UTF-8,
-    // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
-    // byte.
-    supported = CStr::from_bytes_with_nul(elder_protocols).unwrap_or(empty);
-
+    supported = compute_for_old_tor_cstr(&version);
     supported.as_ptr()
 }
diff --git a/src/rust/protover/lib.rs b/src/rust/protover/lib.rs
index 483260bca8..ce964196fd 100644
--- a/src/rust/protover/lib.rs
+++ b/src/rust/protover/lib.rs
@@ -28,6 +28,7 @@ extern crate libc;
 extern crate smartlist;
 extern crate external;
 extern crate tor_allocate;
+#[macro_use]
 extern crate tor_util;
 
 pub mod errors;
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
index c11c7c1803..68027056c4 100644
--- a/src/rust/protover/protover.rs
+++ b/src/rust/protover/protover.rs
@@ -3,12 +3,12 @@
 
 use std::collections::HashMap;
 use std::collections::hash_map;
+use std::ffi::CStr;
 use std::fmt;
 use std::str;
 use std::str::FromStr;
 use std::string::String;
 
-use tor_util::strings::NUL_BYTE;
 use external::c_tor_version_as_new_as;
 
 use errors::ProtoverError;
@@ -31,30 +31,6 @@ const MAX_PROTOCOLS_TO_EXPAND: usize = (1<<16);
 /// The maximum size an `UnknownProtocol`'s name may be.
 pub(crate) const MAX_PROTOCOL_NAME_LENGTH: usize = 100;
 
-/// Currently supported protocols and their versions, as a byte-slice.
-///
-/// # Warning
-///
-/// This byte-slice ends in a NUL byte.  This is so that we can directly convert
-/// it to an `&'static CStr` in the FFI code, in order to hand the static string
-/// to C in a way that is compatible with C static strings.
-///
-/// Rust code which wishes to accesses this string should use
-/// `protover::get_supported_protocols()` instead.
-///
-/// C_RUST_COUPLED: src/or/protover.c `protover_get_supported_protocols`
-pub(crate) const SUPPORTED_PROTOCOLS: &'static [u8] =
-    b"Cons=1-2 \
-    Desc=1-2 \
-    DirCache=1-2 \
-    HSDir=1-2 \
-    HSIntro=3-4 \
-    HSRend=1-2 \
-    Link=1-5 \
-    LinkAuth=1,3 \
-    Microdesc=1-2 \
-    Relay=1-2\0";
-
 /// Known subprotocols in Tor. Indicates which subprotocol a relay supports.
 ///
 /// C_RUST_COUPLED: src/or/protover.h `protocol_type_t`
@@ -148,21 +124,33 @@ impl From<Protocol> for UnknownProtocol {
     }
 }
 
-/// Get the string representation of current supported protocols
+/// Get a CStr representation of current supported protocols, for
+/// passing to C, or for converting to a `&str` for Rust.
 ///
 /// # Returns
 ///
-/// A `String` whose value is the existing protocols supported by tor.
+/// An `&'static CStr` whose value is the existing protocols supported by tor.
 /// Returned data is in the format as follows:
 ///
 /// "HSDir=1-1 LinkAuth=1"
 ///
-pub fn get_supported_protocols() -> &'static str {
-    // The `len() - 1` is to remove the NUL byte.
-    // The `unwrap` is safe becauase we SUPPORTED_PROTOCOLS is under
-    // our control.
-    str::from_utf8(&SUPPORTED_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1])
-        .unwrap_or("")
+/// # Note
+///
+/// Rust code can use the `&'static CStr` as a normal `&'a str` by
+/// calling `protover::get_supported_protocols`.
+///
+//  C_RUST_COUPLED: src/or/protover.c `protover_get_supported_protocols`
+pub(crate) fn get_supported_protocols_cstr() -> &'static CStr {
+    cstr!("Cons=1-2 \
+           Desc=1-2 \
+           DirCache=1-2 \
+           HSDir=1-2 \
+           HSIntro=3-4 \
+           HSRend=1-2 \
+           Link=1-5 \
+           LinkAuth=1,3 \
+           Microdesc=1-2 \
+           Relay=1-2")
 }
 
 /// A map of protocol names to the versions of them which are supported.
@@ -185,7 +173,8 @@ impl ProtoEntry {
     /// ProtoEntry, which is useful when looking up a specific
     /// subprotocol.
     pub fn supported() -> Result<Self, ProtoverError> {
-        let supported: &'static str = get_supported_protocols();
+        let supported_cstr: &'static CStr = get_supported_protocols_cstr();
+        let supported: &str = supported_cstr.to_str().unwrap_or("");
 
         supported.parse()
     }
@@ -703,7 +692,7 @@ pub fn is_supported_here(proto: &Protocol, vers: &Version) -> bool {
 ///
 /// # Returns
 ///
-/// A `&'static [u8]` encoding a list of protocol names and supported
+/// A `&'static CStr` encoding a list of protocol names and supported
 /// versions. The string takes the following format:
 ///
 /// "HSDir=1-1 LinkAuth=1"
@@ -719,24 +708,25 @@ pub fn is_supported_here(proto: &Protocol, vers: &Version) -> bool {
 /// like to use this code in Rust, please see `compute_for_old_tor()`.
 //
 // C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor`
-pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static [u8] {
+pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static CStr {
+    let empty: &'static CStr = cstr!("");
+
     if c_tor_version_as_new_as(version, FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS) {
-        return NUL_BYTE;
+        return empty;
     }
     if c_tor_version_as_new_as(version, "0.2.9.1-alpha") {
-        return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \
-                 Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0";
+        return cstr!("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \
+                      Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2");
     }
     if c_tor_version_as_new_as(version, "0.2.7.5") {
-        return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
-                 Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0";
+        return cstr!("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
+                      Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2");
     }
     if c_tor_version_as_new_as(version, "0.2.4.19") {
-        return b"Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
-                 Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2\0";
+        return cstr!("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
+                      Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2");
     }
-
-    NUL_BYTE
+    empty
 }
 
 /// Since older versions of Tor cannot infer their own subprotocols,
@@ -767,14 +757,9 @@ pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static [u8] {
 //
 // C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor`
 pub fn compute_for_old_tor(version: &str) -> Result<&'static str, ProtoverError> {
-    let mut computed: &'static [u8] = compute_for_old_tor_cstr(version);
-
-    // Remove the NULL byte at the end.
-    computed = &computed[..computed.len() - 1];
-
-    // .from_utf8() fails with a Utf8Error if it couldn't validate the
+    // .to_str() fails with a Utf8Error if it couldn't validate the
     // utf-8, so convert that here into an Unparseable ProtoverError.
-    str::from_utf8(computed).or(Err(ProtoverError::Unparseable))
+    compute_for_old_tor_cstr(version).to_str().or(Err(ProtoverError::Unparseable))
 }
 
 #[cfg(test)]