[PATCH] compat: Relax version check with OpenSSL 3.0+

Sebastian Andrzej Siewior openssh at ml.breakpoint.cc
Mon May 8 05:52:31 AEST 2023


From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>

OpenSSL 3.1.0 uses the same ABI as OpenSSL 3.0.x series. Further 3.1.x
release are just stable updates and no ABI change (is expected) just
like the 3.0.x series.

Relax the version check for OpenSSL 3+ and rely on ABI compatibility.

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
 openbsd-compat/openssl-compat.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index c1749210d586f..5b35253f1d19b 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -54,6 +54,10 @@ ssh_compatible_openssl(long headerver, long libver)
 		return (headerver & mask) == (libver & mask);
 	}
 
+	/* For versions > 3.0.0, we rely on upstream's ABI */
+	if (headerver > 0x3000000f)
+		return 1;
+
 	/*
 	 * For versions >= 1.0.0, major,minor must match and library
 	 * fix version must be equal to or newer than the header.
-- 
2.40.1



More information about the openssh-unix-dev mailing list