[Openvpn-devel] Fix float comparisons of OPENVPN_VERSION_NUMBER

Message ID 20200220083825.29131-1-arne@rfc2549.org
State Rejected
Headers show
Series [Openvpn-devel] Fix float comparisons of OPENVPN_VERSION_NUMBER | expand

Commit Message

Arne Schwabe Feb. 19, 2020, 9:38 p.m. UTC
These checks are probably the result of copying a
check from the LibreSSL and modifying it to be
a OpenSSL check. For some arcane reason LibreSSL decided
that its version number should be a long float (double) rather
than an integer.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/ssl_openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Arne Schwabe Feb. 19, 2020, 9:42 p.m. UTC | #1
Am 20.02.20 um 09:38 schrieb Arne Schwabe:
> These checks are probably the result of copying a
> check from the LibreSSL and modifying it to be
> a OpenSSL check. For some arcane reason LibreSSL decided
> that its version number should be a long float (double) rather
> than an integer.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>  src/openvpn/ssl_openssl.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 21651a3e..bcdfb543 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -231,7 +231,7 @@ tls_version_max(void)
>       * We only need to check this for OpenSSL versions that can be
>       * upgraded to 1.1.1 without recompile (>= 1.1.0)
>       */
> -    if (OpenSSL_version_num() >= 0x1010100fL)
> +    if (OpenSSL_version_num() >= 0x1010100L)
>      {
>          return TLS_VER_1_3;
>      }
> @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
>          crypto_msg(M_FATAL, "Cannot create SSL object");
>      }
>  
> -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)    \
> +#if (OPENSSL_VERSION_NUMBER < 0x1010000L)    \
>      || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
>      STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
>  #else
> @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
>              printf("%s\n", pair->iana_name);
>          }
>      }
> -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
> +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L)
>      sk_SSL_CIPHER_free(sk);
>  #endif
>      SSL_free(ssl);
> 


Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL
has has its patch version to be 0f.

Arne
Илья Шипицин Feb. 19, 2020, 11:01 p.m. UTC | #2
чт, 20 февр. 2020 г. в 13:44, Arne Schwabe <arne@rfc2549.org>:

> Am 20.02.20 um 09:38 schrieb Arne Schwabe:
> > These checks are probably the result of copying a
> > check from the LibreSSL and modifying it to be
> > a OpenSSL check. For some arcane reason LibreSSL decided
> > that its version number should be a long float (double) rather
> > than an integer.
> >
> > Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> > ---
> >  src/openvpn/ssl_openssl.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> > index 21651a3e..bcdfb543 100644
> > --- a/src/openvpn/ssl_openssl.c
> > +++ b/src/openvpn/ssl_openssl.c
> > @@ -231,7 +231,7 @@ tls_version_max(void)
> >       * We only need to check this for OpenSSL versions that can be
> >       * upgraded to 1.1.1 without recompile (>= 1.1.0)
> >       */
> > -    if (OpenSSL_version_num() >= 0x1010100fL)
> > +    if (OpenSSL_version_num() >= 0x1010100L)
> >      {
> >          return TLS_VER_1_3;
> >      }
> > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char
> *cipher_list,
> >          crypto_msg(M_FATAL, "Cannot create SSL object");
> >      }
> >
> > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)    \
> > +#if (OPENSSL_VERSION_NUMBER < 0x1010000L)    \
> >      || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <=
> 0x2090000fL)
> >      STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
> >  #else
> > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char
> *cipher_list,
> >              printf("%s\n", pair->iana_name);
> >          }
> >      }
> > -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
> > +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L)
> >      sk_SSL_CIPHER_free(sk);
> >  #endif
> >      SSL_free(ssl);
> >
>
>
> Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL
> has has its patch version to be 0f.
>

can you also close it here https://patchwork.openvpn.net/patch/1015/ ?
to prevent someone from taking it accidently


>
> Arne
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 20 февр. 2020 г. в 13:44, Arne Schwabe &lt;<a href="mailto:arne@rfc2549.org">arne@rfc2549.org</a>&gt;:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am 20.02.20 um 09:38 schrieb Arne Schwabe:<br>
&gt; These checks are probably the result of copying a<br>
&gt; check from the LibreSSL and modifying it to be<br>
&gt; a OpenSSL check. For some arcane reason LibreSSL decided<br>
&gt; that its version number should be a long float (double) rather<br>
&gt; than an integer.<br>
&gt; <br>
&gt; Signed-off-by: Arne Schwabe &lt;<a href="mailto:arne@rfc2549.org" target="_blank">arne@rfc2549.org</a>&gt;<br>
&gt; ---<br>
&gt;  src/openvpn/ssl_openssl.c | 6 +++---<br>
&gt;  1 file changed, 3 insertions(+), 3 deletions(-)<br>
&gt; <br>
&gt; diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c<br>
&gt; index 21651a3e..bcdfb543 100644<br>
&gt; --- a/src/openvpn/ssl_openssl.c<br>
&gt; +++ b/src/openvpn/ssl_openssl.c<br>
&gt; @@ -231,7 +231,7 @@ tls_version_max(void)<br>
&gt;       * We only need to check this for OpenSSL versions that can be<br>
&gt;       * upgraded to 1.1.1 without recompile (&gt;= 1.1.0)<br>
&gt;       */<br>
&gt; -    if (OpenSSL_version_num() &gt;= 0x1010100fL)<br>
&gt; +    if (OpenSSL_version_num() &gt;= 0x1010100L)<br>
&gt;      {<br>
&gt;          return TLS_VER_1_3;<br>
&gt;      }<br>
&gt; @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list,<br>
&gt;          crypto_msg(M_FATAL, &quot;Cannot create SSL object&quot;);<br>
&gt;      }<br>
&gt;  <br>
&gt; -#if (OPENSSL_VERSION_NUMBER &lt; 0x1010000fL)    \<br>
&gt; +#if (OPENSSL_VERSION_NUMBER &lt; 0x1010000L)    \<br>
&gt;      || (defined(LIBRESSL_VERSION_NUMBER) &amp;&amp; LIBRESSL_VERSION_NUMBER &lt;= 0x2090000fL)<br>
&gt;      STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);<br>
&gt;  #else<br>
&gt; @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list,<br>
&gt;              printf(&quot;%s\n&quot;, pair-&gt;iana_name);<br>
&gt;          }<br>
&gt;      }<br>
&gt; -#if (OPENSSL_VERSION_NUMBER &gt;= 0x1010000fL)<br>
&gt; +#if (OPENSSL_VERSION_NUMBER &gt;= 0x1010000L)<br>
&gt;      sk_SSL_CIPHER_free(sk);<br>
&gt;  #endif<br>
&gt;      SSL_free(ssl);<br>
&gt; <br>
<br>
<br>
Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL<br>
has has its patch version to be 0f.<br></blockquote><div><br></div><div>can you also close it here <a href="https://patchwork.openvpn.net/patch/1015/">https://patchwork.openvpn.net/patch/1015/</a> ?</div><div>to prevent someone from taking it accidently<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Arne<br>
<br>
_______________________________________________<br>
Openvpn-devel mailing list<br>
<a href="mailto:Openvpn-devel@lists.sourceforge.net" target="_blank">Openvpn-devel@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br>
</blockquote></div></div>

Patch

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 21651a3e..bcdfb543 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -231,7 +231,7 @@  tls_version_max(void)
      * We only need to check this for OpenSSL versions that can be
      * upgraded to 1.1.1 without recompile (>= 1.1.0)
      */
-    if (OpenSSL_version_num() >= 0x1010100fL)
+    if (OpenSSL_version_num() >= 0x1010100L)
     {
         return TLS_VER_1_3;
     }
@@ -2104,7 +2104,7 @@  show_available_tls_ciphers_list(const char *cipher_list,
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)    \
+#if (OPENSSL_VERSION_NUMBER < 0x1010000L)    \
     || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
@@ -2134,7 +2134,7 @@  show_available_tls_ciphers_list(const char *cipher_list,
             printf("%s\n", pair->iana_name);
         }
     }
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000L)
     sk_SSL_CIPHER_free(sk);
 #endif
     SSL_free(ssl);