tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} 

openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
   Move the OpenSSL header/library version test into its own function and add
   tests for it. Fix it to allow fix version upgrades (but not downgrades).
   Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
   ok djm@ chl@
This commit is contained in:
Darren Tucker 2014-06-17 23:06:07 +10:00
parent af665bb7b0
commit 316fac6f18
7 changed files with 122 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
20140617
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
Move the OpenSSL header/library version test into its own function and add
tests for it. Fix it to allow fix version upgrades (but not downgrades).
Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
ok djm@ chl@
20140616 20140616
- (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via
OpenSMTPD and chl@ OpenSMTPD and chl@

11
entropy.c
View File

@ -209,16 +209,7 @@ seed_rng(void)
#ifndef OPENSSL_PRNG_ONLY #ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE]; unsigned char buf[RANDOM_SEED_SIZE];
#endif #endif
/* if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you " fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());

37
openbsd-compat/openssl-compat.c
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */ /* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */
/* /*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -35,6 +35,41 @@
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
#include "openssl-compat.h" #include "openssl-compat.h"
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
int
ssh_compatible_openssl(long headerver, long libver)
{
long mask, hfix, lfix;
/* exact match is always OK */
if (headerver == libver)
return 1;
/* for versions < 1.0.0, major,minor,fix,status must match */
if (headerver < 0x1000000f) {
mask = 0xfffff00fL; /* major,minor,fix,status */
return (headerver & mask) == (libver & mask);
}
/*
* For versions >= 1.0.0, major,minor,status must match and library
* fix version must be equal to or newer than the header.
*/
mask = 0xfff0000fL; /* major,minor,status */
hfix = (headerver & 0x000ff000) >> 12;
lfix = (libver & 0x000ff000) >> 12;
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
return 1;
return 0;
}
#ifdef SSH_OLD_EVP #ifdef SSH_OLD_EVP
int int
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,

4
openbsd-compat/openssl-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.h,v 1.26 2014/02/13 05:38:33 dtucker Exp $ */ /* $Id: openssl-compat.h,v 1.27 2014/06/17 13:06:08 dtucker Exp $ */
/* /*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -22,6 +22,8 @@
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/dsa.h> #include <openssl/dsa.h>
int ssh_compatible_openssl(long, long);
/* Only in 0.9.8 */ /* Only in 0.9.8 */
#ifndef OPENSSL_DSA_MAX_MODULUS_BITS #ifndef OPENSSL_DSA_MAX_MODULUS_BITS
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000

3
openbsd-compat/regress/.cvsignore
View File

@ -2,4 +2,5 @@ Makefile
snprintftest snprintftest
strduptest strduptest
strtonumtest strtonumtest
closefromtest
opensslvertest

6
openbsd-compat/regress/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $ # $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $
sysconfdir=@sysconfdir@ sysconfdir=@sysconfdir@
piddir=@piddir@ piddir=@piddir@
@ -16,11 +16,11 @@ LIBS=@LIBS@
LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) LDFLAGS=@LDFLAGS@ $(LIBCOMPAT)
TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \
strtonumtest$(EXEEXT) strtonumtest$(EXEEXT) opensslvertest$(EXEEXT)
all: t-exec ${OTHERTESTS} all: t-exec ${OTHERTESTS}
%$(EXEEXT): %.c %$(EXEEXT): %.c $(LIBCOMPAT)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS)
t-exec: $(TESTPROGS) t-exec: $(TESTPROGS)

69
openbsd-compat/regress/opensslvertest.c Normal file
View File

@ -0,0 +1,69 @@
/*
* Copyright (c) 2014 Darren Tucker
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
int ssh_compatible_openssl(long, long);
struct version_test {
long headerver;
long libver;
int result;
} version_tests[] = {
/* built with 0.9.8b release headers */
{ 0x0090802fL, 0x0090802fL, 1}, /* exact match */
{ 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */
{ 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */
{ 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */
{ 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */
{ 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */
{ 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */
/* built with 1.0.1b release headers */
{ 0x1000101fL, 0x1000101fL, 1},/* exact match */
{ 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */
{ 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
{ 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */
{ 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */
{ 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */
{ 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */
{ 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */
};
void
fail(long hver, long lver, int result)
{
fprintf(stderr, "opensslver: header %lx library %lx != %d \n", hver, lver, result);
exit(1);
}
int
main(void)
{
unsigned int i;
int res;
long hver, lver;
for (i = 0; i < sizeof(version_tests) / sizeof(version_tests[0]); i++) {
hver = version_tests[i].headerver;
lver = version_tests[i].libver;
res = version_tests[i].result;
if (ssh_compatible_openssl(hver, lver) != res)
fail(hver, lver, res);
}
exit(0);
}