From: Arran Cudbard-Bell Date: Thu, 16 Oct 2014 15:16:57 +0000 (-0400) Subject: Fix OpenSSL version check issues X-Git-Tag: release_3_0_7_rc0~811 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=3eb1025dc6ac;hp=e59d9024461faddfec4444c40141666605f312e5;p=freeradius.git Fix OpenSSL version check issues --- diff --git a/src/include/radiusd.h b/src/include/radiusd.h index e184982..319668a 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -591,8 +591,8 @@ void pairlist_free(PAIR_LIST **); /* version.c */ int rad_check_lib_magic(uint64_t magic); int ssl_check_consistency(void); -char const *ssl_version_by_num(uint64_t version); -char const *ssl_version_range(uint64_t low, uint64_t high); +char const *ssl_version_by_num(uint32_t version); +char const *ssl_version_range(uint32_t low, uint32_t high); char const *ssl_version(void); void version(void); diff --git a/src/main/version.c b/src/main/version.c index 8b56ffa..fd97970 100644 --- a/src/main/version.c +++ b/src/main/version.c @@ -38,7 +38,7 @@ static long ssl_built = OPENSSL_VERSION_NUMBER; /** Check built and linked versions of OpenSSL match * * OpenSSL version number consists of: - * MMNNFFPPS: major minor fix patch status + * MNNFFPPS: major minor fix patch status * * Where status >= 0 && < 10 means beta, and status 10 means release. * @@ -56,11 +56,11 @@ int ssl_check_consistency(void) /* * Status mismatch always triggers error. */ - if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) { + if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { mismatch: ERROR("libssl version mismatch. built: %lx linked: %lx", - (unsigned long) ssl_built, - (unsigned long) ssl_linked); + (unsigned long) ssl_built, + (unsigned long) ssl_linked); return -1; } @@ -70,14 +70,14 @@ int ssl_check_consistency(void) * 1.0.0 and only allow moving backwards within a patch * series. */ - if (ssl_built & 0xff) { - if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) || - (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch; + if (ssl_built & 0xf00000000) { + if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || + (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; /* * Before 1.0.0 we require the same major minor and fix version * and ignore the patch number. */ - } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch; + } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; return 0; } @@ -89,22 +89,22 @@ int ssl_check_consistency(void) * @param v version to convert. * @return pointer to a static buffer containing the version string. */ -char const *ssl_version_by_num(uint64_t v) +char const *ssl_version_by_num(uint32_t v) { /* 2 (%s) + 1 (.) + 2 (%i) + 1 (.) + 2 (%i) + 1 (c) + 1 (-) + 2 (%i) + \0 */ static char buffer[13]; char *p = buffer; - p += sprintf(p, "%i.%i.%i", - (int) ((0xff0000000 & v) >> 28), - (int) ((0x00ff00000 & v) >> 20), - (int) ((0x0000ff000 & v) >> 12)); + p += sprintf(p, "%u.%u.%u", + (0xf0000000 & v) >> 28, + (0x0ff00000 & v) >> 20, + (0x000ff000 & v) >> 12); - if ((0x000000ff0 & v) >> 4) { - *p++ = (char) (0x60 + ((0x000000ff0 & v) >> 4)); + if ((0x00000ff0 & v) >> 4) { + *p++ = (char) (0x60 + ((0x00000ff0 & v) >> 4)); } - sprintf(p, "-%i", (int) (0x00000000f & v)); + sprintf(p, "%x", 0x0000000f & v); return buffer; } @@ -117,7 +117,7 @@ char const *ssl_version_by_num(uint64_t v) * @param high version to convert. * @return pointer to a static buffer containing the version range string. */ -char const *ssl_version_range(uint64_t low, uint64_t high) +char const *ssl_version_range(uint32_t low, uint32_t high) { /* 12 (version) + 3 ( - ) + 12 (version) */ static char buffer[28]; @@ -141,12 +141,12 @@ char const *ssl_version(void) { static char buffer[256]; - uint64_t v = (uint64_t) SSLeay(); + uint32_t v = SSLeay(); - snprintf(buffer, sizeof(buffer), "%s 0x%.9" PRIx64 " (%s)", + snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)", SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */ v, - ssl_version_by_num((uint64_t) v)); + ssl_version_by_num(v)); return buffer; }