1 files changed, 36 insertions, 1 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 885c121f2..0e5f2cea5 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -35,6 +35,41 @@
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 #include "openssl-compat.h"
+/*
+ * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible fix versions (so we
+ * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+ * within a patch series.
+ */
+int
+ssh_compatible_openssl(long headerver, long libver)
+{
+        long mask, hfix, lfix;
+        /* exact match is always OK */
+        if (headerver == libver)
+                return 1;
+        /* for versions < 1.0.0, major,minor,fix,status must match */
+        if (headerver < 0x1000000f) {
+                mask = 0xfffff00fL; /* major,minor,fix,status */
+                return (headerver & mask) == (libver & mask);
+        }
+        
+        /*
+         * For versions >= 1.0.0, major,minor,status must match and library
+         * fix version must be equal to or newer than the header.
+         */
+        mask = 0xfff0000fL; /* major,minor,status */
+        hfix = (headerver & 0x000ff000) >> 12;
+        lfix = (libver & 0x000ff000) >> 12;
+        if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
+                return 1;
+        return 0;
+}
 #ifdef SSH_OLD_EVP
 int
 ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,

diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 885c121f2..0e5f2cea5 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
1	/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */	1	/* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>	4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -35,6 +35,41 @@
35	#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS	35	#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
36	#include "openssl-compat.h"	36	#include "openssl-compat.h"
37		37
		38	/*
		39	* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
		40	* We match major, minor, fix and status (not patch) for <1.0.0.
		41	* After that, we acceptable compatible fix versions (so we
		42	* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
		43	* within a patch series.
		44	*/
		45
		46	int
		47	ssh_compatible_openssl(long headerver, long libver)
		48	{
		49	long mask, hfix, lfix;
		50
		51	/* exact match is always OK */
		52	if (headerver == libver)
		53	return 1;
		54
		55	/* for versions < 1.0.0, major,minor,fix,status must match */
		56	if (headerver < 0x1000000f) {
		57	mask = 0xfffff00fL; /* major,minor,fix,status */
		58	return (headerver & mask) == (libver & mask);
		59	}
		60
		61	/*
		62	* For versions >= 1.0.0, major,minor,status must match and library
		63	* fix version must be equal to or newer than the header.
		64	*/
		65	mask = 0xfff0000fL; /* major,minor,status */
		66	hfix = (headerver & 0x000ff000) >> 12;
		67	lfix = (libver & 0x000ff000) >> 12;
		68	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
		69	return 1;
		70	return 0;
		71	}
		72
38	#ifdef SSH_OLD_EVP	73	#ifdef SSH_OLD_EVP
39	int	74	int
40	ssh_EVP_CipherInit(EVP_CIPHER_CTX evp, const EVP_CIPHER type,	75	ssh_EVP_CipherInit(EVP_CIPHER_CTX evp, const EVP_CIPHER type,