Blob Blame Raw
From 6d296f2c4f3c58742543cc0508642c6d06747aea Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu, 16 Oct 2014 11:16:57 -0400
Subject: [PATCH 1/1] Fix OpenSSL version check issues

---
 src/include/radiusd.h |  4 ++--
 src/main/version.c    | 40 ++++++++++++++++++++--------------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index 53a1f3e..1bf15d7 100644
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -598,8 +598,8 @@ void		pairlist_free(PAIR_LIST **);
 /* version.c */
 int		rad_check_lib_magic(uint64_t magic);
 int 		ssl_check_consistency(void);
-char const	*ssl_version_by_num(uint64_t version);
-char const	*ssl_version_range(uint64_t low, uint64_t high);
+char const	*ssl_version_by_num(uint32_t version);
+char const	*ssl_version_range(uint32_t low, uint32_t high);
 char const	*ssl_version(void);
 void		version(void);
 
diff --git a/src/main/version.c b/src/main/version.c
index 8b56ffa..fd97970 100644
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -38,7 +38,7 @@ static long ssl_built = OPENSSL_VERSION_NUMBER;
 /** Check built and linked versions of OpenSSL match
  *
  * OpenSSL version number consists of:
- * MMNNFFPPS: major minor fix patch status
+ * MNNFFPPS: major minor fix patch status
  *
  * Where status >= 0 && < 10 means beta, and status 10 means release.
  *
@@ -56,11 +56,11 @@ int ssl_check_consistency(void)
 	/*
 	 *	Status mismatch always triggers error.
 	 */
-	if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) {
+	if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) {
 	mismatch:
 		ERROR("libssl version mismatch.  built: %lx linked: %lx",
-		       (unsigned long) ssl_built,
-		       (unsigned long) ssl_linked);
+		      (unsigned long) ssl_built,
+		      (unsigned long) ssl_linked);
 
 		return -1;
 	}
@@ -70,14 +70,14 @@ int ssl_check_consistency(void)
 	 *	1.0.0 and only allow moving backwards within a patch
 	 *	series.
 	 */
-	if (ssl_built & 0xff) {
-		if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) ||
-		    (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch;
+	if (ssl_built & 0xf00000000) {
+		if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) ||
+		    (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch;
 	/*
 	 *	Before 1.0.0 we require the same major minor and fix version
 	 *	and ignore the patch number.
 	 */
-	} else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch;
+	} else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch;
 
 	return 0;
 }
@@ -89,22 +89,22 @@ int ssl_check_consistency(void)
  * @param v version to convert.
  * @return pointer to a static buffer containing the version string.
  */
-char const *ssl_version_by_num(uint64_t v)
+char const *ssl_version_by_num(uint32_t v)
 {
 	/* 2 (%s) + 1 (.) + 2 (%i) + 1 (.) + 2 (%i) + 1 (c) + 1 (-) + 2 (%i) + \0 */
 	static char buffer[13];
 	char *p = buffer;
 
-	p += sprintf(p, "%i.%i.%i",
-		     (int) ((0xff0000000 & v) >> 28),
-		     (int) ((0x00ff00000 & v) >> 20),
-		     (int) ((0x0000ff000 & v) >> 12));
+	p += sprintf(p, "%u.%u.%u",
+		     (0xf0000000 & v) >> 28,
+		     (0x0ff00000 & v) >> 20,
+		     (0x000ff000 & v) >> 12);
 
-	if ((0x000000ff0 & v) >> 4) {
-		*p++ =  (char) (0x60 + ((0x000000ff0 & v) >> 4));
+	if ((0x00000ff0 & v) >> 4) {
+		*p++ =  (char) (0x60 + ((0x00000ff0 & v) >> 4));
 	}
 
-	sprintf(p, "-%i", (int) (0x00000000f & v));
+	sprintf(p, "%x", 0x0000000f & v);
 
 	return buffer;
 }
@@ -117,7 +117,7 @@ char const *ssl_version_by_num(uint64_t v)
  * @param high version to convert.
  * @return pointer to a static buffer containing the version range string.
  */
-char const *ssl_version_range(uint64_t low, uint64_t high)
+char const *ssl_version_range(uint32_t low, uint32_t high)
 {
 	/* 12 (version) + 3 ( - ) + 12 (version) */
 	static char buffer[28];
@@ -141,12 +141,12 @@ char const *ssl_version(void)
 {
 	static char buffer[256];
 
-	uint64_t v = (uint64_t) SSLeay();
+	uint32_t v = SSLeay();
 
-	snprintf(buffer, sizeof(buffer), "%s 0x%.9" PRIx64 " (%s)",
+	snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)",
 		 SSLeay_version(SSLEAY_VERSION),		/* Not all builds include a useful version number */
 		 v,
-		 ssl_version_by_num((uint64_t) v));
+		 ssl_version_by_num(v));
 
 	return buffer;
 }
-- 
2.1.4