aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/c_src/crypto.c
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2014-09-09 16:49:22 +0200
committerSverker Eriksson <[email protected]>2014-09-09 16:49:22 +0200
commitebd23a3de8418fd70a8d12dfc90bce0fa283f4e5 (patch)
treeb084da9f67ccf6c3be3cb19caa9314df3743d043 /lib/crypto/c_src/crypto.c
parentf551de9de308ae5f21adc0e59806eab39146da7d (diff)
parente58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9 (diff)
downloadotp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.tar.gz
otp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.tar.bz2
otp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.zip
Merge branch 'sverk/crypto-check-version/OTP-12146' into maint
* sverk/crypto-check-version/OTP-12146: crypto: Verify OpenSSL library major version at load
Diffstat (limited to 'lib/crypto/c_src/crypto.c')
-rw-r--r--lib/crypto/c_src/crypto.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index e55a03d26a..e7215eeb64 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*);
/*
#define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n")
#define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1)
+#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2)
*/
#define PRINTF_ERR0(FMT)
#define PRINTF_ERR1(FMT,A1)
+#define PRINTF_ERR2(FMT,A1,A2)
#ifdef __OSE__
@@ -506,6 +508,23 @@ static int init_ose_crypto() {
#define CHECK_OSE_CRYPTO()
#endif
+
+static int verify_lib_version(void)
+{
+ const unsigned long libv = SSLeay();
+ const unsigned long hdrv = OPENSSL_VERSION_NUMBER;
+
+# define MAJOR_VER(V) ((unsigned long)(V) >> (7*4))
+
+ if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) {
+ PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION"
+ " lib=%lx header=%lx\n", libv, hdrv);
+ return 0;
+ }
+ return 1;
+}
+
+
#ifdef HAVE_DYNAMIC_CRYPTO_LIB
# if defined(DEBUG)
@@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
if (!INIT_OSE_CRYPTO())
return 0;
+ if (!verify_lib_version())
+ return 0;
+
/* load_info: {301, <<"/full/path/of/this/library">>} */
if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array)
|| tpl_arity != 2