- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}

openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
2014-06-17 23:06:07 +10:00 · 2014-06-17 23:06:07 +10:00 · 316fac6f18
parent af665bb7b0
commit 316fac6f18
7 changed files with 122 additions and 16 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+20140617
+ - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
+   openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
+   Move the OpenSSL header/library version test into its own function and add
+   tests for it. Fix it to allow fix version upgrades (but not downgrades).
+   Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
+   ok djm@ chl@
+
 20140616
 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR.  From rak at debian via
   OpenSMTPD and chl@
--- a/entropy.c
+++ b/entropy.c
@ -209,16 +209,7 @@ seed_rng(void)
 #ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
 #endif
-	/*
-	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-	 * We match major, minor, fix and status (not patch) for <1.0.0.
-	 * After that, we acceptable compatible fix versions (so we
-	 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
-	 * within a patch series.
-	 */
-	u_long version_mask = SSLeay() >= 0x1000000f ?  ~0xffff0L : ~0xff0L;
-	if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
-	    (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
+	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());

--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */

 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -35,6 +35,41 @@
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 #include "openssl-compat.h"

+/*
+ * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible fix versions (so we
+ * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+ * within a patch series.
+ */
+
+int
+ssh_compatible_openssl(long headerver, long libver)
+{
+	long mask, hfix, lfix;
+
+	/* exact match is always OK */
+	if (headerver == libver)
+		return 1;
+
+	/* for versions < 1.0.0, major,minor,fix,status must match */
+	if (headerver < 0x1000000f) {
+		mask = 0xfffff00fL; /* major,minor,fix,status */
+		return (headerver & mask) == (libver & mask);
+	}
+	
+	/*
+	 * For versions >= 1.0.0, major,minor,status must match and library
+	 * fix version must be equal to or newer than the header.
+	 */
+	mask = 0xfff0000fL; /* major,minor,status */
+	hfix = (headerver & 0x000ff000) >> 12;
+	lfix = (libver & 0x000ff000) >> 12;
+	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
+		return 1;
+	return 0;
+}
+
 #ifdef SSH_OLD_EVP
 int
 ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.26 2014/02/13 05:38:33 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.27 2014/06/17 13:06:08 dtucker Exp $ */

 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -22,6 +22,8 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>

+int ssh_compatible_openssl(long, long);
+
 /* Only in 0.9.8 */
 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS
 # define OPENSSL_DSA_MAX_MODULUS_BITS        10000
--- a/openbsd-compat/regress/.cvsignore
+++ b/openbsd-compat/regress/.cvsignore
@ -2,4 +2,5 @@ Makefile
 snprintftest
 strduptest
 strtonumtest
-
+closefromtest
+opensslvertest
--- a/openbsd-compat/regress/Makefile.in
+++ b/openbsd-compat/regress/Makefile.in
@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $
+# $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $

 sysconfdir=@sysconfdir@
 piddir=@piddir@
@ -16,11 +16,11 @@ LIBS=@LIBS@
 LDFLAGS=@LDFLAGS@ $(LIBCOMPAT)

 TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \
-	strtonumtest$(EXEEXT)
+	strtonumtest$(EXEEXT) opensslvertest$(EXEEXT)

 all:	t-exec ${OTHERTESTS}

-%$(EXEEXT):	%.c
+%$(EXEEXT):	%.c $(LIBCOMPAT)
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS)

 t-exec:	$(TESTPROGS)
--- a/openbsd-compat/regress/opensslvertest.c
+++ b/openbsd-compat/regress/opensslvertest.c
@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2014 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+int ssh_compatible_openssl(long, long);
+
+struct version_test {
+	long headerver;
+	long libver;
+	int result;
+} version_tests[] = {
+	/* built with 0.9.8b release headers */
+	{ 0x0090802fL, 0x0090802fL, 1},	/* exact match */
+	{ 0x0090802fL, 0x0090804fL, 1},	/* newer library fix version: ok */
+	{ 0x0090802fL, 0x0090801fL, 1},	/* older library fix version: ok */
+	{ 0x0090802fL, 0x0090702fL, 0},	/* older library minor version: NO */
+	{ 0x0090802fL, 0x0090902fL, 0},	/* newer library minor version: NO */
+	{ 0x0090802fL, 0x0080802fL, 0},	/* older library major version: NO */
+	{ 0x0090802fL, 0x1000100fL, 0},	/* newer library major version: NO */
+
+	/* built with 1.0.1b release headers */
+	{ 0x1000101fL, 0x1000101fL, 1},/* exact match */
+	{ 0x1000101fL, 0x1000102fL, 1},	/* newer library patch version: ok */
+	{ 0x1000101fL, 0x1000100fL, 1},	/* older library patch version: ok */
+	{ 0x1000101fL, 0x1000201fL, 1},	/* newer library fix version: ok */
+	{ 0x1000101fL, 0x1000001fL, 0},	/* older library fix version: NO */
+	{ 0x1000101fL, 0x1010101fL, 0},	/* newer library minor version: NO */
+	{ 0x1000101fL, 0x0000101fL, 0},	/* older library major version: NO */
+	{ 0x1000101fL, 0x2000101fL, 0},	/* newer library major version: NO */
+};
+
+void
+fail(long hver, long lver, int result)
+{
+	fprintf(stderr, "opensslver: header %lx library %lx != %d \n", hver, lver, result);
+	exit(1);
+}
+
+int
+main(void)
+{
+	unsigned int i;
+	int res;
+	long hver, lver;
+
+	for (i = 0; i < sizeof(version_tests) / sizeof(version_tests[0]); i++) {
+		hver = version_tests[i].headerver;
+		lver = version_tests[i].libver;
+		res = version_tests[i].result;
+		if (ssh_compatible_openssl(hver, lver) != res)
+			fail(hver, lver, res);
+	}
+	exit(0);
+}