diff options
author | des <des@FreeBSD.org> | 2016-01-19 16:18:26 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2016-01-19 16:18:26 +0000 |
commit | 14172c52f89fa504003826ed2e4e2c0ac246505d (patch) | |
tree | bc48bd740145eea64393ed391fc1d972c83f991c /crypto/openssh/entropy.c | |
parent | 456370e53073cd38d0ddc4001283f1c131d1428e (diff) | |
parent | 64c731d52472fb486558425128009691392e0bef (diff) | |
download | FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.zip FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.tar.gz |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
Diffstat (limited to 'crypto/openssh/entropy.c')
-rw-r--r-- | crypto/openssh/entropy.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/crypto/openssh/entropy.c b/crypto/openssh/entropy.c index 2d483b3..1e9d52a 100644 --- a/crypto/openssh/entropy.c +++ b/crypto/openssh/entropy.c @@ -43,6 +43,8 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#include "openbsd-compat/openssl-compat.h" + #include "ssh.h" #include "misc.h" #include "xmalloc.h" @@ -209,16 +211,7 @@ seed_rng(void) #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; #endif - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ - u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; - if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || - (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) + if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); |