aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2014-09-08 12:12:56 +0200
committerSverker Eriksson <[email protected]>2014-09-08 12:12:56 +0200
commite58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9 (patch)
treec3b912b3d0329ae3373b56520382efee235ce3b1 /lib/crypto
parent6e2fd45bad619fd7e06f21798eac94d415dff64e (diff)
downloadotp-e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9.tar.gz
otp-e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9.tar.bz2
otp-e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9.zip
crypto: Verify OpenSSL library major version at load
to prevent strange memory corruption crashes due to mismatch between header and library versions.
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/c_src/crypto.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index e55a03d26a..e7215eeb64 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*);
/*
#define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n")
#define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1)
+#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2)
*/
#define PRINTF_ERR0(FMT)
#define PRINTF_ERR1(FMT,A1)
+#define PRINTF_ERR2(FMT,A1,A2)
#ifdef __OSE__
@@ -506,6 +508,23 @@ static int init_ose_crypto() {
#define CHECK_OSE_CRYPTO()
#endif
+
+static int verify_lib_version(void)
+{
+ const unsigned long libv = SSLeay();
+ const unsigned long hdrv = OPENSSL_VERSION_NUMBER;
+
+# define MAJOR_VER(V) ((unsigned long)(V) >> (7*4))
+
+ if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) {
+ PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION"
+ " lib=%lx header=%lx\n", libv, hdrv);
+ return 0;
+ }
+ return 1;
+}
+
+
#ifdef HAVE_DYNAMIC_CRYPTO_LIB
# if defined(DEBUG)
@@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
if (!INIT_OSE_CRYPTO())
return 0;
+ if (!verify_lib_version())
+ return 0;
+
/* load_info: {301, <<"/full/path/of/this/library">>} */
if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array)
|| tpl_arity != 2