diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2014-06-17 23:06:07 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2014-06-17 23:06:07 +1000 |
| commit | 316fac6f18f87262a315c79bcf68b9f92c9337e4 (patch) | |
| tree | 4ca56b926c75d844cf69b33461be32ae178e62e7 /openbsd-compat/openssl-compat.c | |
| parent | af665bb7b092a59104db1e65577851cf35b86e32 (diff) | |
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
Move the OpenSSL header/library version test into its own function and add
tests for it. Fix it to allow fix version upgrades (but not downgrades).
Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
ok djm@ chl@
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
| -rw-r--r-- | openbsd-compat/openssl-compat.c | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 885c121f2..0e5f2cea5 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
| @@ -35,6 +35,41 @@ | |||
| 35 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS | 35 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
| 36 | #include "openssl-compat.h" | 36 | #include "openssl-compat.h" |
| 37 | 37 | ||
| 38 | /* | ||
| 39 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | ||
| 40 | * We match major, minor, fix and status (not patch) for <1.0.0. | ||
| 41 | * After that, we acceptable compatible fix versions (so we | ||
| 42 | * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed | ||
| 43 | * within a patch series. | ||
| 44 | */ | ||
| 45 | |||
| 46 | int | ||
| 47 | ssh_compatible_openssl(long headerver, long libver) | ||
| 48 | { | ||
| 49 | long mask, hfix, lfix; | ||
| 50 | |||
| 51 | /* exact match is always OK */ | ||
| 52 | if (headerver == libver) | ||
| 53 | return 1; | ||
| 54 | |||
| 55 | /* for versions < 1.0.0, major,minor,fix,status must match */ | ||
| 56 | if (headerver < 0x1000000f) { | ||
| 57 | mask = 0xfffff00fL; /* major,minor,fix,status */ | ||
| 58 | return (headerver & mask) == (libver & mask); | ||
| 59 | } | ||
| 60 | |||
| 61 | /* | ||
| 62 | * For versions >= 1.0.0, major,minor,status must match and library | ||
| 63 | * fix version must be equal to or newer than the header. | ||
| 64 | */ | ||
| 65 | mask = 0xfff0000fL; /* major,minor,status */ | ||
| 66 | hfix = (headerver & 0x000ff000) >> 12; | ||
| 67 | lfix = (libver & 0x000ff000) >> 12; | ||
| 68 | if ( (headerver & mask) == (libver & mask) && lfix >= hfix) | ||
| 69 | return 1; | ||
| 70 | return 0; | ||
| 71 | } | ||
| 72 | |||
| 38 | #ifdef SSH_OLD_EVP | 73 | #ifdef SSH_OLD_EVP |
| 39 | int | 74 | int |
| 40 | ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, | 75 | ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, |