summaryrefslogtreecommitdiff
path: root/entropy.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2014-06-17 23:06:07 +1000
committerDarren Tucker <dtucker@zip.com.au>2014-06-17 23:06:07 +1000
commit316fac6f18f87262a315c79bcf68b9f92c9337e4 (patch)
tree4ca56b926c75d844cf69b33461be32ae178e62e7 /entropy.c
parentaf665bb7b092a59104db1e65577851cf35b86e32 (diff)
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
Diffstat (limited to 'entropy.c')
-rw-r--r--entropy.c11
1 files changed, 1 insertions, 10 deletions
diff --git a/entropy.c b/entropy.c
index 2d483b39..e1a8e142 100644
--- a/entropy.c
+++ b/entropy.c
@@ -209,16 +209,7 @@ seed_rng(void)
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
- /*
- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
- * We match major, minor, fix and status (not patch) for <1.0.0.
- * After that, we acceptable compatible fix versions (so we
- * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
- * within a patch series.
- */
- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
- if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
- (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
+ if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());