[Bug 1991] New: openssl version checking needs updating

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Mar 15 15:05:05 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1991

             Bug #: 1991
           Summary: openssl version checking needs updating
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: vapier at gentoo.org


Created attachment 2137
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2137
update openssl ver check

with openssl-1.0.0, they've started a new binary compatibility scheme. 
in the past, only patchset versions were compatible (so
0.9.8[abcdefgh...]).  but now, minor versions are compatible as well. 
so 1.0.[01234...] should be acceptable.

as such, the seed_rng() check in entropy.c needs updating.  perhaps
something like the (compile-only tested) attached patch.

--- a/entropy.c
+++ b/entropy.c
@@ -211,9 +211,14 @@ seed_rng(void)
 #endif
    /*
     * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-    * We match major, minor, fix and status (not patch)
+    * We match major, minor, fix and status (not patch) for <1.0.0.
+    * After that, we acceptable compatible minor versions (so we
+    * allow 1.0.1 to work with 1.0.0).
     */
-   if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+   u_long bldver = OPENSSL_VERSION_NUMBER & ~0xff0L;
+   u_long runver = SSLeay() & ~0xff0L;
+   if ((bldver >> 12) < 0x10000 && bldver != runver) ||
+       (bldver >> 12) >= 0x10000 && (runver >> 12) < (bldver >> 12)))
        fatal("OpenSSL version mismatch. Built against %lx, you "
            "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list