From 316fac6f18f87262a315c79bcf68b9f92c9337e4 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 17 Jun 2014 23:06:07 +1000
Subject:  - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}   
 openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]    Move the
 OpenSSL header/library version test into its own function and add    tests
 for it. Fix it to allow fix version upgrades (but not downgrades).   
 Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).    ok
 djm@ chl@

---
 entropy.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

(limited to 'entropy.c')

diff --git a/entropy.c b/entropy.c
index 2d483b391..e1a8e142b 100644
--- a/entropy.c
+++ b/entropy.c
@@ -209,16 +209,7 @@ seed_rng(void)
 #ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
 #endif
-	/*
-	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-	 * We match major, minor, fix and status (not patch) for <1.0.0.
-	 * After that, we acceptable compatible fix versions (so we
-	 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
-	 * within a patch series.
-	 */
-	u_long version_mask = SSLeay() >= 0x1000000f ?  ~0xffff0L : ~0xff0L;
-	if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
-	    (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
+	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
 
-- 
cgit v1.2.3