diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/aes.c | 8 | ||||
| -rw-r--r-- | src/common/compat_libevent.c | 2 | ||||
| -rw-r--r-- | src/common/crypto.c | 38 | ||||
| -rw-r--r-- | src/common/crypto.h | 1 | ||||
| -rw-r--r-- | src/common/include.am | 12 | ||||
| -rw-r--r-- | src/common/tortls.c | 6 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 10 | ||||
| -rw-r--r-- | src/or/circuitbuild.h | 2 | ||||
| -rw-r--r-- | src/or/circuituse.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 12 | ||||
| -rw-r--r-- | src/or/include.am | 15 | ||||
| -rw-r--r-- | src/or/main.c | 10 | ||||
| -rw-r--r-- | src/or/relay.c | 4 | ||||
| -rw-r--r-- | src/or/router.c | 2 |
14 files changed, 85 insertions, 39 deletions
diff --git a/src/common/aes.c b/src/common/aes.c index 59d864a3d0..dd89d5d1ec 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -212,11 +212,11 @@ evaluate_evp_for_aes(int force_val) e = ENGINE_get_cipher_engine(NID_aes_128_ecb); if (e) { - log_notice(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.", + log_info(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.", ENGINE_get_name(e)); should_use_EVP = 1; } else { - log_notice(LD_CRYPTO, "No AES engine found; using AES_* functions."); + log_info(LD_CRYPTO, "No AES engine found; using AES_* functions."); should_use_EVP = 0; } #endif @@ -263,12 +263,12 @@ evaluate_ctr_for_aes(void) "not using it."); } else { /* Counter mode is okay */ - log_notice(LD_CRYPTO, "This OpenSSL has a good implementation of counter " + log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter " "mode; using it."); should_use_openssl_CTR = 1; } #else - log_notice(LD_CRYPTO, "This version of OpenSSL has a slow implementation of " + log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of " "counter mode; not using it."); #endif return 0; diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c index 6655ca87d3..0d06c49c9f 100644 --- a/src/common/compat_libevent.c +++ b/src/common/compat_libevent.c @@ -266,7 +266,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg) #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD) /* Making this a NOTICE for now so we can link bugs to a libevent versions * or methods better. */ - log(LOG_NOTICE, LD_GENERAL, + log(LOG_INFO, LD_GENERAL, "Initialized libevent version %s using method %s. Good.", event_get_version(), tor_libevent_get_method()); #else diff --git a/src/common/crypto.c b/src/common/crypto.c index a69e6c5cb8..7768cc37b1 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -221,6 +221,30 @@ try_load_engine(const char *path, const char *engine) } #endif +static char *crypto_openssl_version_str = NULL; +/* Return a human-readable version of the run-time openssl version number. */ +const char * +crypto_openssl_get_version_str(void) +{ + if (crypto_openssl_version_str == NULL) { + const char *raw_version = SSLeay_version(SSLEAY_VERSION); + const char *end_of_version = NULL; + /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's + trim that down. */ + if (!strcmpstart(raw_version, "OpenSSL ")) { + raw_version += strlen("OpenSSL "); + end_of_version = strchr(raw_version, ' '); + } + + if (end_of_version) + crypto_openssl_version_str = tor_strndup(raw_version, + end_of_version-raw_version); + else + crypto_openssl_version_str = tor_strdup(raw_version); + } + return crypto_openssl_version_str; +} + /** Initialize the crypto library. Return 0 on success, -1 on failure. */ int @@ -231,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) OpenSSL_add_all_algorithms(); _crypto_global_initialized = 1; setup_openssl_threading(); + + if (SSLeay() == OPENSSL_VERSION_NUMBER && + !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) { + log_info(LD_CRYPTO, "OpenSSL version matches version from headers " + "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION)); + } else { + log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the " + "version we're running with. If you get weird crashes, that " + "might be why. (Compiled with %lx: %s; running with %lx: %s).", + (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, + SSLeay(), SSLeay_version(SSLEAY_VERSION)); + } + if (useAccel > 0) { #ifdef DISABLE_ENGINES (void)accelName; @@ -3018,6 +3055,7 @@ crypto_global_cleanup(void) tor_free(ms); } #endif + tor_free(crypto_openssl_version_str); return 0; } diff --git a/src/common/crypto.h b/src/common/crypto.h index 76bcbf7d43..456a61173f 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -111,6 +111,7 @@ typedef struct crypto_digest_t crypto_digest_t; typedef struct crypto_dh_t crypto_dh_t; /* global state */ +const char * crypto_openssl_get_version_str(void); int crypto_global_init(int hardwareAccel, const char *accelName, const char *accelPath); diff --git a/src/common/include.am b/src/common/include.am index 0ab4769847..299c92e065 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -36,7 +36,7 @@ src_common_libor_crypto_a_SOURCES = \ src_common_libor_event_a_SOURCES = src/common/compat_libevent.c -noinst_HEADERS+= \ +COMMONHEADERS = \ src/common/address.h \ src/common/aes.h \ src/common/ciphers.inc \ @@ -57,17 +57,19 @@ noinst_HEADERS+= \ src/common/tortls.h \ src/common/util.h +noinst_HEADERS+= $(COMMONHEADERS) + DISTCLEANFILES+= src/common/common_sha1.i -src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) +src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(COMMONHEADERS) $(AM_V_GEN)if test "@SHA1SUM@" != none; then \ - (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(noinst_HEADERS)) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > $@; \ + (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > $@; \ elif test "@OPENSSL@" != none; then \ - (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(noinst_HEADERS)) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > $@; \ + (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > $@; \ else \ rm $@; \ touch $@; \ fi src/common/util_codedigest.o: src/common/common_sha1.i -src/common/crypto.c: src/common/sha256.c +src/common/crypto.o: src/common/sha256.c diff --git a/src/common/tortls.c b/src/common/tortls.c index 53bcc98919..a3485c7686 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -478,7 +478,7 @@ tor_tls_init(void) * a test of intelligence and determination. */ if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) { - log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but " + log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but " "some vendors have backported renegotiation code from " "0.9.8m without updating the version number. " "I will try SSL3_FLAGS and SSL_OP to enable renegotation.", @@ -486,12 +486,12 @@ tor_tls_init(void) use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; } else if (version > OPENSSL_V(0,9,8,'l')) { - log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " + log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; } else if (version <= OPENSSL_V(0,9,8,'k')) { - log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " + log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " "0.9.8l, but some vendors have backported 0.9.8l's " "renegotiation code to earlier versions, and some have " "backported the code from 0.9.8m or 0.9.8n. I'll set both " diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 87a3fa67b1..8aa80cd8e2 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2470,7 +2470,7 @@ circuit_extend(cell_t *cell, circuit_t *circ) log_debug(LD_CIRC|LD_OR,"Next router (%s:%d): %s", fmt_addr(&n_addr), (int)n_port, msg?msg:"????"); - circ->n_hop = extend_info_alloc(NULL /*nickname*/, + circ->n_hop = extend_info_new(NULL /*nickname*/, id_digest, NULL /*onion_key*/, &n_addr, n_port); @@ -3846,7 +3846,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice) /** Allocate a new extend_info object based on the various arguments. */ extend_info_t * -extend_info_alloc(const char *nickname, const char *digest, +extend_info_new(const char *nickname, const char *digest, crypto_pk_t *onion_key, const tor_addr_t *addr, uint16_t port) { @@ -3887,13 +3887,13 @@ extend_info_from_node(const node_t *node, int for_direct_connect) node->ri ? node->ri->nickname : node->rs->nickname); if (node->ri) - return extend_info_alloc(node->ri->nickname, + return extend_info_new(node->ri->nickname, node->identity, node->ri->onion_pkey, &ap.addr, ap.port); else if (node->rs && node->md) - return extend_info_alloc(node->rs->nickname, + return extend_info_new(node->rs->nickname, node->identity, node->md->onion_pkey, &ap.addr, @@ -5382,7 +5382,7 @@ routerset_contains_bridge(const routerset_t *routerset, if (!routerset) return 0; - extinfo = extend_info_alloc( + extinfo = extend_info_new( NULL, bridge->identity, NULL, &bridge->addr, bridge->port); result = routerset_contains_extendinfo(routerset, extinfo); extend_info_free(extinfo); diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 55a7c723d0..c3905ca21a 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -41,7 +41,7 @@ int circuit_all_predicted_ports_handled(time_t now, int *need_uptime, int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *info); int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info); void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop); -extend_info_t *extend_info_alloc(const char *nickname, const char *digest, +extend_info_t *extend_info_new(const char *nickname, const char *digest, crypto_pk_t *onion_key, const tor_addr_t *addr, uint16_t port); extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 20f124eb4e..11d581148a 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1570,7 +1570,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, escaped_safe_str_client(conn->socks_request->address)); return -1; } - extend_info = extend_info_alloc(conn->chosen_exit_name+1, + extend_info = extend_info_new(conn->chosen_exit_name+1, digest, NULL, &addr, conn->socks_request->port); } else { diff --git a/src/or/config.c b/src/or/config.c index c6a4fe4303..7dd4539d4b 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -718,7 +718,7 @@ get_dirportfrontpage(void) /** Allocate an empty configuration object of a given format type. */ static void * -config_alloc(const config_format_t *fmt) +config_new(const config_format_t *fmt) { void *opts = tor_malloc_zero(fmt->size); *(uint32_t*)STRUCT_VAR_P(opts, fmt->magic_offset) = fmt->magic; @@ -3118,7 +3118,7 @@ options_dup(const config_format_t *fmt, const or_options_t *old) int i; config_line_t *line; - newopts = config_alloc(fmt); + newopts = config_new(fmt); for (i=0; fmt->vars[i].name; ++i) { if (fmt->vars[i].type == CONFIG_TYPE_LINELIST_S) continue; @@ -3143,7 +3143,7 @@ options_dup(const config_format_t *fmt, const or_options_t *old) or_options_t * options_new(void) { - return config_alloc(&options_format); + return config_new(&options_format); } /** Set <b>options</b> to hold reasonable defaults for most options. @@ -3189,7 +3189,7 @@ config_dump(const config_format_t *fmt, const void *default_options, char *msg = NULL; if (defaults == NULL) { - defaults = defaults_tmp = config_alloc(fmt); + defaults = defaults_tmp = config_new(fmt); config_init(fmt, defaults_tmp); } @@ -5514,8 +5514,8 @@ parse_dir_server_line(const char *line, dirinfo_type_t required_type, fingerprint = smartlist_join_strings(items, "", 0, NULL); if (strlen(fingerprint) != HEX_DIGEST_LEN) { - log_warn(LD_CONFIG, "Key digest for DirServer is wrong length %d.", - (int)strlen(fingerprint)); + log_warn(LD_CONFIG, "Key digest '%s' for DirServer is wrong length %d.", + fingerprint, (int)strlen(fingerprint)); goto err; } if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) { diff --git a/src/or/include.am b/src/or/include.am index 65ff684925..97072dce2f 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -64,7 +64,7 @@ src_or_libtor_a_SOURCES = \ src_or_tor_SOURCES = src/or/tor_main.c AM_CPPFLAGS += -I$(srcdir)/src/or -Isrc/or -src/or/tor_main.c: micro-revision.i +src/or/tor_main.o: micro-revision.i AM_CPPFLAGS += -DSHARE_DATADIR="\"$(datadir)\"" \ -DLOCALSTATEDIR="\"$(localstatedir)\"" \ @@ -81,7 +81,7 @@ src_or_tor_LDADD = src/or/libtor.a src/common/libor.a src/common/libor-crypto.a @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \ @TOR_LIB_WS32@ @TOR_LIB_GDI@ -noinst_HEADERS+= \ +ORHEADERS = \ src/or/buffers.h \ src/or/circuitbuild.h \ src/or/circuitlist.h \ @@ -122,8 +122,9 @@ noinst_HEADERS+= \ src/or/router.h \ src/or/routerlist.h \ src/or/routerparse.h \ - src/or/status.h \ - micro-revision.i + src/or/status.h + +noinst_HEADERS+= $(ORHEADERS) micro-revision.i src/or/config_codedigest.o: src/or/or_sha1.i @@ -143,12 +144,12 @@ micro-revision.i: FORCE mv micro-revision.tmp micro-revision.i; \ fi; true -src/or/or_sha1.i: $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) +src/or/or_sha1.i: $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) $(AM_V_GEN)if test "@SHA1SUM@" != none; then \ - (cd "$(srcdir)" && "@SHA1SUM@" $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES)) | \ + (cd "$(srcdir)" && "@SHA1SUM@" $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) ) | \ "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > src/or/or_sha1.i; \ elif test "@OPENSSL@" != none; then \ - (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES)) | \ + (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)) | \ "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > src/or/or_sha1.i; \ else \ rm src/or/or_sha1.i; \ diff --git a/src/or/main.c b/src/or/main.c index 75a6d65410..39eccd6e65 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2308,12 +2308,16 @@ tor_init(int argc, char *argv[]) { const char *version = get_version(); + log_notice(LD_GENERAL, "Tor v%s %srunning on %s with Libevent %s " + "and OpenSSL %s.", version, #ifdef USE_BUFFEREVENTS - log_notice(LD_GENERAL, "Tor v%s (with bufferevents) running on %s.", - version, get_uname()); + "(with bufferevents) ", #else - log_notice(LD_GENERAL, "Tor v%s running on %s.", version, get_uname()); + "", #endif + get_uname(), + tor_libevent_get_version_str(), + crypto_openssl_get_version_str()); log_notice(LD_GENERAL, "Tor can't help you if you use it wrong! " "Learn how to be safe at " diff --git a/src/or/relay.c b/src/or/relay.c index 90129660b4..169286ea5d 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1835,7 +1835,7 @@ packed_cell_free_unchecked(packed_cell_t *cell) /** Allocate and return a new packed_cell_t. */ static INLINE packed_cell_t * -packed_cell_alloc(void) +packed_cell_new(void) { ++total_cells_allocated; return mp_pool_get(cell_pool); @@ -1864,7 +1864,7 @@ dump_cell_pool_usage(int severity) static INLINE packed_cell_t * packed_cell_copy(const cell_t *cell) { - packed_cell_t *c = packed_cell_alloc(); + packed_cell_t *c = packed_cell_new(); cell_pack(c, cell); c->next = NULL; return c; diff --git a/src/or/router.c b/src/or/router.c index 9a3ef9dccf..bb8a6e3721 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -891,7 +891,7 @@ extend_info_from_router(const routerinfo_t *r) tor_assert(r); router_get_prim_orport(r, &ap); - return extend_info_alloc(r->nickname, r->cache_info.identity_digest, + return extend_info_new(r->nickname, r->cache_info.identity_digest, r->onion_pkey, &ap.addr, ap.port); } |