Kezdőlap Felfedezés Súgó
Bejelentkezés
piros
/
tor
3
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Forráskód Böngészése

Merge branch 'quiet_lib_versions_squashed'

Nick Mathewson 11 éve
szülő
ad1e8b45df 7607ad2bec
commit
1ca9e2685f
8 módosított fájl, 61 hozzáadás és 11 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 4 0
      changes/detect_openssl_mismatch
  2. 3 0
      changes/quiet_lib_init
  3. 4 4
      src/common/aes.c
  4. 1 1
      src/common/compat_libevent.c
  5. 38 0
      src/common/crypto.c
  6. 1 0
      src/common/crypto.h
  7. 3 3
      src/common/tortls.c
  8. 7 3
      src/or/main.c

+ 4 - 0
changes/detect_openssl_mismatch
Fájl Megtekintése 

@@ -0,0 +1,4 @@
 
+  o Minor features:
 
+    - Detect when we're running with a version of OpenSSL other than the
 
+      one we compiled with. This has occasionally given people hard-to-
 
+      track-down errors.

+ 3 - 0
changes/quiet_lib_init
Fájl Megtekintése 

@@ -0,0 +1,3 @@
 
+  o Minor features:
 
+    - Log less at level notice about our OpenSSL and Libevent versions
 
+      when everything is going right. Partial fix for 6736.

+ 4 - 4
src/common/aes.c
Fájl Megtekintése 

@@ -212,11 +212,11 @@ evaluate_evp_for_aes(int force_val)
 
   e = ENGINE_get_cipher_engine(NID_aes_128_ecb);
 
 
   if (e) {
 
-    log_notice(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
 
+    log_info(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
 
                ENGINE_get_name(e));
 
     should_use_EVP = 1;
 
   } else {
 
-    log_notice(LD_CRYPTO, "No AES engine found; using AES_* functions.");
 
+    log_info(LD_CRYPTO, "No AES engine found; using AES_* functions.");
 
     should_use_EVP = 0;
 
   }
 
 #endif
 
@@ -263,12 +263,12 @@ evaluate_ctr_for_aes(void)
 
                "not using it.");
 
   } else {
 
     /* Counter mode is okay */
 
-    log_notice(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
 
+    log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
 
                "mode; using it.");
 
     should_use_openssl_CTR = 1;
 
   }
 
 #else
 
-  log_notice(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
 
+  log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
 
              "counter mode; not using it.");
 
 #endif
 
   return 0;

+ 1 - 1
src/common/compat_libevent.c
Fájl Megtekintése 

@@ -266,7 +266,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
 
 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
 
   /* Making this a NOTICE for now so we can link bugs to a libevent versions
 
    * or methods better. */
 
-  log(LOG_NOTICE, LD_GENERAL,
 
+  log(LOG_INFO, LD_GENERAL,
 
       "Initialized libevent version %s using method %s. Good.",
 
       event_get_version(), tor_libevent_get_method());
 
 #else

+ 38 - 0
src/common/crypto.c
Fájl Megtekintése 

@@ -221,6 +221,30 @@ try_load_engine(const char *path, const char *engine)
 
 }
 
 #endif
 
 
+static char *crypto_openssl_version_str = NULL;
 
+/* Return a human-readable version of the run-time openssl version number. */
 
+const char *
 
+crypto_openssl_get_version_str(void)
 
+{
 
+  if (crypto_openssl_version_str == NULL) {
 
+    const char *raw_version = SSLeay_version(SSLEAY_VERSION);
 
+    const char *end_of_version = NULL;
 
+    /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's
 
+       trim that down. */
 
+    if (!strcmpstart(raw_version, "OpenSSL ")) {
 
+      raw_version += strlen("OpenSSL ");
 
+      end_of_version = strchr(raw_version, ' ');
 
+    }
 
+
 
+    if (end_of_version)
 
+      crypto_openssl_version_str = tor_strndup(raw_version,
 
+                                               end_of_version-raw_version);
 
+    else
 
+      crypto_openssl_version_str = tor_strdup(raw_version);
 
+  }
 
+  return crypto_openssl_version_str;
 
+}
 
+
 
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 
  */
 
 int
 
@@ -231,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 
     OpenSSL_add_all_algorithms();
 
     _crypto_global_initialized = 1;
 
     setup_openssl_threading();
 
+
 
+    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
 
+        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
 
+      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
 
+                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
 
+    } else {
 
+      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
 
+               "version we're running with. If you get weird crashes, that "
 
+               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
 
+               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
 
+               SSLeay(), SSLeay_version(SSLEAY_VERSION));
 
+    }
 
+
 
     if (useAccel > 0) {
 
 #ifdef DISABLE_ENGINES
 
       (void)accelName;
 
@@ -3018,6 +3055,7 @@ crypto_global_cleanup(void)
 
     tor_free(ms);
 
   }
 
 #endif
 
+  tor_free(crypto_openssl_version_str);
 
   return 0;
 
 }

+ 1 - 0
src/common/crypto.h
Fájl Megtekintése 

@@ -111,6 +111,7 @@ typedef struct crypto_digest_t crypto_digest_t;
 
 typedef struct crypto_dh_t crypto_dh_t;
 
 
 /* global state */
 
+const char * crypto_openssl_get_version_str(void);
 
 int crypto_global_init(int hardwareAccel,
 
                        const char *accelName,
 
                        const char *accelPath);

+ 3 - 3
src/common/tortls.c
Fájl Megtekintése 

@@ -478,7 +478,7 @@ tor_tls_init(void)
 
      * a test of intelligence and determination.
 
      */
 
     if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
 
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
 
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
 
                  "some vendors have backported renegotiation code from "
 
                  "0.9.8m without updating the version number. "
 
                  "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
 
@@ -486,12 +486,12 @@ tor_tls_init(void)
 
       use_unsafe_renegotiation_flag = 1;
 
       use_unsafe_renegotiation_op = 1;
 
     } else if (version > OPENSSL_V(0,9,8,'l')) {
 
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
 
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
 
                  "I will try SSL_OP to enable renegotiation",
 
                  SSLeay_version(SSLEAY_VERSION));
 
       use_unsafe_renegotiation_op = 1;
 
     } else if (version <= OPENSSL_V(0,9,8,'k')) {
 
-      log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
 
+      log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
 
                  "0.9.8l, but some vendors have backported 0.9.8l's "
 
                  "renegotiation code to earlier versions, and some have "
 
                  "backported the code from 0.9.8m or 0.9.8n.  I'll set both "

+ 7 - 3
src/or/main.c
Fájl Megtekintése 

@@ -2308,12 +2308,16 @@ tor_init(int argc, char *argv[])
 
 
   {
 
     const char *version = get_version();
 
+    log_notice(LD_GENERAL, "Tor v%s %srunning on %s with Libevent %s "
 
+               "and OpenSSL %s.", version,
 
 #ifdef USE_BUFFEREVENTS
 
-    log_notice(LD_GENERAL, "Tor v%s (with bufferevents) running on %s.",
 
-                version, get_uname());
 
+               "(with bufferevents) ",
 
 #else
 
-    log_notice(LD_GENERAL, "Tor v%s running on %s.", version, get_uname());
 
+               "",
 
 #endif
 
+               get_uname(),
 
+               tor_libevent_get_version_str(),
 
+               crypto_openssl_get_version_str());
 
 
     log_notice(LD_GENERAL, "Tor can't help you if you use it wrong! "
 
                "Learn how to be safe at "