Merge branch 'quiet_lib_versions_squashed'

2024-11-10 13:13:44 +01:00 · 2012-09-06 11:32:09 -04:00 · 2012-09-06 11:32:09 -04:00 · 1ca9e2685f
commit 1ca9e2685f
parent ad1e8b45df 7607ad2bec
8 changed files with 61 additions and 11 deletions
--- a/changes/detect_openssl_mismatch
+++ b/changes/detect_openssl_mismatch
@ -0,0 +1,4 @@
+  o Minor features:
+    - Detect when we're running with a version of OpenSSL other than the
+      one we compiled with. This has occasionally given people hard-to-
+      track-down errors.
--- a/changes/quiet_lib_init
+++ b/changes/quiet_lib_init
@ -0,0 +1,3 @@
+  o Minor features:
+    - Log less at level notice about our OpenSSL and Libevent versions
+      when everything is going right. Partial fix for 6736.
--- a/src/common/aes.c
+++ b/src/common/aes.c
@ -212,11 +212,11 @@ evaluate_evp_for_aes(int force_val)
  e = ENGINE_get_cipher_engine(NID_aes_128_ecb);

  if (e) {
-    log_notice(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
+    log_info(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
               ENGINE_get_name(e));
    should_use_EVP = 1;
  } else {
-    log_notice(LD_CRYPTO, "No AES engine found; using AES_* functions.");
+    log_info(LD_CRYPTO, "No AES engine found; using AES_* functions.");
    should_use_EVP = 0;
  }
 #endif
@ -263,12 +263,12 @@ evaluate_ctr_for_aes(void)
               "not using it.");
  } else {
    /* Counter mode is okay */
-    log_notice(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
+    log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
               "mode; using it.");
    should_use_openssl_CTR = 1;
  }
 #else
-  log_notice(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
+  log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
             "counter mode; not using it.");
 #endif
  return 0;
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@ -266,7 +266,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
  /* Making this a NOTICE for now so we can link bugs to a libevent versions
   * or methods better. */
-  log(LOG_NOTICE, LD_GENERAL,
+  log(LOG_INFO, LD_GENERAL,
      "Initialized libevent version %s using method %s. Good.",
      event_get_version(), tor_libevent_get_method());
 #else
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -221,6 +221,30 @@ try_load_engine(const char *path, const char *engine)
 }
 #endif

+static char *crypto_openssl_version_str = NULL;
+/* Return a human-readable version of the run-time openssl version number. */
+const char *
+crypto_openssl_get_version_str(void)
+{
+  if (crypto_openssl_version_str == NULL) {
+    const char *raw_version = SSLeay_version(SSLEAY_VERSION);
+    const char *end_of_version = NULL;
+    /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's
+       trim that down. */
+    if (!strcmpstart(raw_version, "OpenSSL ")) {
+      raw_version += strlen("OpenSSL ");
+      end_of_version = strchr(raw_version, ' ');
+    }
+
+    if (end_of_version)
+      crypto_openssl_version_str = tor_strndup(raw_version,
+                                               end_of_version-raw_version);
+    else
+      crypto_openssl_version_str = tor_strdup(raw_version);
+  }
+  return crypto_openssl_version_str;
+}
+
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
 int
@ -231,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
    OpenSSL_add_all_algorithms();
    _crypto_global_initialized = 1;
    setup_openssl_threading();
+
+    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
+        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
+                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    } else {
+      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
+               "version we're running with. If you get weird crashes, that "
+               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
+               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+               SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    }
+
    if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
      (void)accelName;
@ -3018,6 +3055,7 @@ crypto_global_cleanup(void)
    tor_free(ms);
  }
 #endif
+  tor_free(crypto_openssl_version_str);
  return 0;
 }

--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@ -111,6 +111,7 @@ typedef struct crypto_digest_t crypto_digest_t;
 typedef struct crypto_dh_t crypto_dh_t;

 /* global state */
+const char * crypto_openssl_get_version_str(void);
 int crypto_global_init(int hardwareAccel,
                       const char *accelName,
                       const char *accelPath);
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -478,7 +478,7 @@ tor_tls_init(void)
     * a test of intelligence and determination.
     */
    if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
                 "some vendors have backported renegotiation code from "
                 "0.9.8m without updating the version number. "
                 "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
@ -486,12 +486,12 @@ tor_tls_init(void)
      use_unsafe_renegotiation_flag = 1;
      use_unsafe_renegotiation_op = 1;
    } else if (version > OPENSSL_V(0,9,8,'l')) {
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
                 "I will try SSL_OP to enable renegotiation",
                 SSLeay_version(SSLEAY_VERSION));
      use_unsafe_renegotiation_op = 1;
    } else if (version <= OPENSSL_V(0,9,8,'k')) {
-      log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
+      log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
                 "0.9.8l, but some vendors have backported 0.9.8l's "
                 "renegotiation code to earlier versions, and some have "
                 "backported the code from 0.9.8m or 0.9.8n.  I'll set both "
--- a/src/or/main.c
+++ b/src/or/main.c
@ -2308,12 +2308,16 @@ tor_init(int argc, char *argv[])

  {
    const char *version = get_version();
+    log_notice(LD_GENERAL, "Tor v%s %srunning on %s with Libevent %s "
+               "and OpenSSL %s.", version,
 #ifdef USE_BUFFEREVENTS
-    log_notice(LD_GENERAL, "Tor v%s (with bufferevents) running on %s.",
-                version, get_uname());
+               "(with bufferevents) ",
 #else
-    log_notice(LD_GENERAL, "Tor v%s running on %s.", version, get_uname());
+               "",
 #endif
+               get_uname(),
+               tor_libevent_get_version_str(),
+               crypto_openssl_get_version_str());

    log_notice(LD_GENERAL, "Tor can't help you if you use it wrong! "
               "Learn how to be safe at "