[PATCH 1/1] fix libssl version check

Christian Hesse list at eworm.de
Thu Oct 16 19:20:57 CEST 2014 

Arran Cudbard-Bell <a.cudbardb at freeradius.org> on Thu, 2014/10/16 11:57:
> 
> On 16 Oct 2014, at 10:25, Herwin Weststrate <herwin at quarantainenet.nl>
> wrote:
> 
> > On 16-10-14 15:29, Christian Hesse wrote:
> >> Arran Cudbard-Bell <a.cudbardb at freeradius.org> on Thu, 2014/10/16 09:14:
> >>> 
> >>> On 16 Oct 2014, at 06:15, Christian Hesse <list at eworm.de> wrote:
> >>> 
> >>>> From: Christian Hesse <mail at eworm.de>
> >>>> 
> >>>> When doing bitwise AND leading zeros do not matter, trailing ones do.
> >>> 
> >>> That's not all you changed, the mask bits are different, why?
> >> 
> >> I think I changed it to how it was intended. The update from openssl
> >> 1.0.1i to 1.0.1j broke my system again as wrong bits were compared.
> >> 
> >> These are the correct masks:
> >> 
> >> 0x0000000f -> status
> >> 0x00000ff0 -> patch
> >> 0x000ff000 -> fix
> >> 0x0ff00000 -> minor
> >> 0xf0000000 -> major
> >> 
> >> Or did I miss anything?
> > 
> > The format is described in ssleay(3) and copied in the code above the
> > function that's been updated:
> > 
> >  OpenSSL version number consists of:
> >  MMNNFFPPS: major minor fix patch status
> > 
> > So it's actually 0xff0000000 to get the major version (although it may
> > take a while before we'll actually get to version 16 ;)) and for
> > readability, the other ones should have an extra 0 at the beginning. The
> > first line of the patch (the status mismatch check) should be left as it
> > is now.
> 
> OPENSSL_VERSION_NUMBER is a numeric release version identifier:
> 
>  MNNFFPPS: major minor fix patch status
> 
> The status nibble has one of the values 0 for development, 1 to e for betas
> 1 to 14, and f for release.
> 
> for example
> 
>  0x000906000 == 0.9.6 dev
>  0x000906023 == 0.9.6b beta 3
>  0x00090605f == 0.9.6e release
> 
> Versions prior to 0.9.3 have identifiers < 0x0930. Versions between 0.9.3
> and 0.9.5 had a version identifier with this interpretation:
> 
>  MMNNFFRBB major minor fix final beta/patch
> 
> for example
> 
>  0x000904100 == 0.9.4 release
>  0x000905000 == 0.9.5 dev
> 
> So OpenSSL versions >= 0.9.6 only used a nibble for the major version
> number.
> 
> > The rest of the code looks to me like a confusion between big-endian and
> > little-endian.
> 
> Yes, that was the issue.
> 
> > The patch set looks pretty sane to me, as long as the
> > extra 0 or f is added.
> > I haven't tested if the endianness is actually the same as the
> > documentation suggests.
> 
> It failed to fix some other issues, I just rolled my own locally.

Thanks a lot!

I will complain if openssl 1.0.1k breaks my setup. ;)
-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Chris           get my mail address:    */=0;b=c[a++];)
putchar(b-1/(/*               gcc -o sig sig.c && ./sig    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20141016/ea897148/attachment.pgp>

More information about the Freeradius-Devel mailing list