summaryrefslogtreecommitdiff
path: root/openbsd-compat/openssl-compat.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2014-06-17 23:06:07 +1000
committerDarren Tucker <dtucker@zip.com.au>2014-06-17 23:06:07 +1000
commit316fac6f18f87262a315c79bcf68b9f92c9337e4 (patch)
tree4ca56b926c75d844cf69b33461be32ae178e62e7 /openbsd-compat/openssl-compat.c
parentaf665bb7b092a59104db1e65577851cf35b86e32 (diff)
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
-rw-r--r--openbsd-compat/openssl-compat.c37
1 files changed, 36 insertions, 1 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 885c121f..0e5f2cea 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -35,6 +35,41 @@
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
#include "openssl-compat.h"
+/*
+ * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible fix versions (so we
+ * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+ * within a patch series.
+ */
+
+int
+ssh_compatible_openssl(long headerver, long libver)
+{
+ long mask, hfix, lfix;
+
+ /* exact match is always OK */
+ if (headerver == libver)
+ return 1;
+
+ /* for versions < 1.0.0, major,minor,fix,status must match */
+ if (headerver < 0x1000000f) {
+ mask = 0xfffff00fL; /* major,minor,fix,status */
+ return (headerver & mask) == (libver & mask);
+ }
+
+ /*
+ * For versions >= 1.0.0, major,minor,status must match and library
+ * fix version must be equal to or newer than the header.
+ */
+ mask = 0xfff0000fL; /* major,minor,status */
+ hfix = (headerver & 0x000ff000) >> 12;
+ lfix = (libver & 0x000ff000) >> 12;
+ if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
+ return 1;
+ return 0;
+}
+
#ifdef SSH_OLD_EVP
int
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,