diff options
author | Darren Tucker <dtucker@zip.com.au> | 2014-06-17 23:06:07 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2014-06-17 23:06:07 +1000 |
commit | 316fac6f18f87262a315c79bcf68b9f92c9337e4 (patch) | |
tree | 4ca56b926c75d844cf69b33461be32ae178e62e7 /entropy.c | |
parent | af665bb7b092a59104db1e65577851cf35b86e32 (diff) |
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
Move the OpenSSL header/library version test into its own function and add
tests for it. Fix it to allow fix version upgrades (but not downgrades).
Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
ok djm@ chl@
Diffstat (limited to 'entropy.c')
-rw-r--r-- | entropy.c | 11 |
1 files changed, 1 insertions, 10 deletions
@@ -209,16 +209,7 @@ seed_rng(void) | |||
209 | #ifndef OPENSSL_PRNG_ONLY | 209 | #ifndef OPENSSL_PRNG_ONLY |
210 | unsigned char buf[RANDOM_SEED_SIZE]; | 210 | unsigned char buf[RANDOM_SEED_SIZE]; |
211 | #endif | 211 | #endif |
212 | /* | 212 | if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) |
213 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | ||
214 | * We match major, minor, fix and status (not patch) for <1.0.0. | ||
215 | * After that, we acceptable compatible fix versions (so we | ||
216 | * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed | ||
217 | * within a patch series. | ||
218 | */ | ||
219 | u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; | ||
220 | if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || | ||
221 | (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) | ||
222 | fatal("OpenSSL version mismatch. Built against %lx, you " | 213 | fatal("OpenSSL version mismatch. Built against %lx, you " |
223 | "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); | 214 | "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); |
224 | 215 | ||