Merge branch 'quiet_lib_versions_squashed'

8 files changed, 61 insertions, 11 deletions

diff --git a/changes/detect_openssl_mismatch b/changes/detect_openssl_mismatch
new file mode 100644
index 000000000..62f0a9dbb
--- /dev/null
+++ b/changes/detect_openssl_mismatch
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Detect when we're running with a version of OpenSSL other than the
+      one we compiled with. This has occasionally given people hard-to-
+      track-down errors.
diff --git a/changes/quiet_lib_init b/changes/quiet_lib_init
new file mode 100644
index 000000000..c7e81d5cc
--- /dev/null
+++ b/changes/quiet_lib_init
@@ -0,0 +1,3 @@
+  o Minor features:
+    - Log less at level notice about our OpenSSL and Libevent versions
+      when everything is going right. Partial fix for 6736.
diff --git a/src/common/aes.c b/src/common/aes.c
index 59d864a3d..dd89d5d1e 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -212,11 +212,11 @@ evaluate_evp_for_aes(int force_val)
   e = ENGINE_get_cipher_engine(NID_aes_128_ecb);
 
   if (e) {
-    log_notice(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
+    log_info(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.",
                ENGINE_get_name(e));
     should_use_EVP = 1;
   } else {
-    log_notice(LD_CRYPTO, "No AES engine found; using AES_* functions.");
+    log_info(LD_CRYPTO, "No AES engine found; using AES_* functions.");
     should_use_EVP = 0;
   }
 #endif
@@ -263,12 +263,12 @@ evaluate_ctr_for_aes(void)
                "not using it.");
   } else {
     /* Counter mode is okay */
-    log_notice(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
+    log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
                "mode; using it.");
     should_use_openssl_CTR = 1;
   }
 #else
-  log_notice(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
+  log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
              "counter mode; not using it.");
 #endif
   return 0;
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 6655ca87d..0d06c49c9 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -266,7 +266,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
   /* Making this a NOTICE for now so we can link bugs to a libevent versions
    * or methods better. */
-  log(LOG_NOTICE, LD_GENERAL,
+  log(LOG_INFO, LD_GENERAL,
       "Initialized libevent version %s using method %s. Good.",
       event_get_version(), tor_libevent_get_method());
 #else
diff --git a/src/common/crypto.c b/src/common/crypto.c
index a69e6c5cb..7768cc37b 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -221,6 +221,30 @@ try_load_engine(const char *path, const char *engine)
 }
 #endif
 
+static char *crypto_openssl_version_str = NULL;
+/* Return a human-readable version of the run-time openssl version number. */
+const char *
+crypto_openssl_get_version_str(void)
+{
+  if (crypto_openssl_version_str == NULL) {
+    const char *raw_version = SSLeay_version(SSLEAY_VERSION);
+    const char *end_of_version = NULL;
+    /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's
+       trim that down. */
+    if (!strcmpstart(raw_version, "OpenSSL ")) {
+      raw_version += strlen("OpenSSL ");
+      end_of_version = strchr(raw_version, ' ');
+    }
+
+    if (end_of_version)
+      crypto_openssl_version_str = tor_strndup(raw_version,
+                                               end_of_version-raw_version);
+    else
+      crypto_openssl_version_str = tor_strdup(raw_version);
+  }
+  return crypto_openssl_version_str;
+}
+
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
  */
 int
@@ -231,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
     OpenSSL_add_all_algorithms();
     _crypto_global_initialized = 1;
     setup_openssl_threading();
+
+    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
+        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
+                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    } else {
+      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
+               "version we're running with. If you get weird crashes, that "
+               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
+               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+               SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    }
+
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;
@@ -3018,6 +3055,7 @@ crypto_global_cleanup(void)
     tor_free(ms);
   }
 #endif
+  tor_free(crypto_openssl_version_str);
   return 0;
 }
 
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 76bcbf7d4..456a61173 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -111,6 +111,7 @@ typedef struct crypto_digest_t crypto_digest_t;
 typedef struct crypto_dh_t crypto_dh_t;
 
 /* global state */
+const char * crypto_openssl_get_version_str(void);
 int crypto_global_init(int hardwareAccel,
                        const char *accelName,
                        const char *accelPath);
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 53bcc9891..a3485c768 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -478,7 +478,7 @@ tor_tls_init(void)
      * a test of intelligence and determination.
      */
     if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
                  "some vendors have backported renegotiation code from "
                  "0.9.8m without updating the version number. "
                  "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
@@ -486,12 +486,12 @@ tor_tls_init(void)
       use_unsafe_renegotiation_flag = 1;
       use_unsafe_renegotiation_op = 1;
     } else if (version > OPENSSL_V(0,9,8,'l')) {
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
+      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
                  "I will try SSL_OP to enable renegotiation",
                  SSLeay_version(SSLEAY_VERSION));
       use_unsafe_renegotiation_op = 1;
     } else if (version <= OPENSSL_V(0,9,8,'k')) {
-      log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
+      log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
                  "0.9.8l, but some vendors have backported 0.9.8l's "
                  "renegotiation code to earlier versions, and some have "
                  "backported the code from 0.9.8m or 0.9.8n.  I'll set both "
diff --git a/src/or/main.c b/src/or/main.c
index 75a6d6541..39eccd6e6 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2308,12 +2308,16 @@ tor_init(int argc, char *argv[])
 
   {
     const char *version = get_version();
+    log_notice(LD_GENERAL, "Tor v%s %srunning on %s with Libevent %s "
+               "and OpenSSL %s.", version,
 #ifdef USE_BUFFEREVENTS
-    log_notice(LD_GENERAL, "Tor v%s (with bufferevents) running on %s.",
-                version, get_uname());
+               "(with bufferevents) ",
 #else
-    log_notice(LD_GENERAL, "Tor v%s running on %s.", version, get_uname());
+               "",
 #endif
+               get_uname(),
+               tor_libevent_get_version_str(),
+               crypto_openssl_get_version_str());
 
     log_notice(LD_GENERAL, "Tor can't help you if you use it wrong! "
                "Learn how to be safe at "