diff options
author | Sverker Eriksson <[email protected]> | 2014-09-09 16:49:22 +0200 |
---|---|---|
committer | Sverker Eriksson <[email protected]> | 2014-09-09 16:49:22 +0200 |
commit | ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5 (patch) | |
tree | b084da9f67ccf6c3be3cb19caa9314df3743d043 /lib | |
parent | f551de9de308ae5f21adc0e59806eab39146da7d (diff) | |
parent | e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9 (diff) | |
download | otp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.tar.gz otp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.tar.bz2 otp-ebd23a3de8418fd70a8d12dfc90bce0fa283f4e5.zip |
Merge branch 'sverk/crypto-check-version/OTP-12146' into maint
* sverk/crypto-check-version/OTP-12146:
crypto: Verify OpenSSL library major version at load
Diffstat (limited to 'lib')
-rw-r--r-- | lib/crypto/c_src/crypto.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index e55a03d26a..e7215eeb64 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*); /* #define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n") #define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1) +#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2) */ #define PRINTF_ERR0(FMT) #define PRINTF_ERR1(FMT,A1) +#define PRINTF_ERR2(FMT,A1,A2) #ifdef __OSE__ @@ -506,6 +508,23 @@ static int init_ose_crypto() { #define CHECK_OSE_CRYPTO() #endif + +static int verify_lib_version(void) +{ + const unsigned long libv = SSLeay(); + const unsigned long hdrv = OPENSSL_VERSION_NUMBER; + +# define MAJOR_VER(V) ((unsigned long)(V) >> (7*4)) + + if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) { + PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION" + " lib=%lx header=%lx\n", libv, hdrv); + return 0; + } + return 1; +} + + #ifdef HAVE_DYNAMIC_CRYPTO_LIB # if defined(DEBUG) @@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) if (!INIT_OSE_CRYPTO()) return 0; + if (!verify_lib_version()) + return 0; + /* load_info: {301, <<"/full/path/of/this/library">>} */ if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array) || tpl_arity != 2 |