[Bug 1991] New: openssl version checking needs updating
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Mar 15 15:05:05 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
Bug #: 1991
Summary: openssl version checking needs updating
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: vapier at gentoo.org
Created attachment 2137
--> https://bugzilla.mindrot.org/attachment.cgi?id=2137
update openssl ver check
with openssl-1.0.0, they've started a new binary compatibility scheme.
in the past, only patchset versions were compatible (so
0.9.8[abcdefgh...]). but now, minor versions are compatible as well.
so 1.0.[01234...] should be acceptable.
as such, the seed_rng() check in entropy.c needs updating. perhaps
something like the (compile-only tested) attached patch.
--- a/entropy.c
+++ b/entropy.c
@@ -211,9 +211,14 @@ seed_rng(void)
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
- * We match major, minor, fix and status (not patch)
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible minor versions (so we
+ * allow 1.0.1 to work with 1.0.0).
*/
- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+ u_long bldver = OPENSSL_VERSION_NUMBER & ~0xff0L;
+ u_long runver = SSLeay() & ~0xff0L;
+ if ((bldver >> 12) < 0x10000 && bldver != runver) ||
+ (bldver >> 12) >= 0x10000 && (runver >> 12) < (bldver >> 12)))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list