[openssl-project] A proposal for an updated OpenSSL version scheme (v2)
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Sep 22 05:12:21 UTC 2018
> On Sep 22, 2018, at 12:50 AM, Tim Hudson <tjh at cryptsoft.com> wrote:
>
> The impact of the breaking change on anyone actually following our documented encoding cannot.
> i.e. openssh as one example Richard pointed out.
The only use of OPENSSL_VERSION_NUMBER bits in OpenSSH (which is not yet ported to
1.1.x upstream BTW, so hardly relevant really) is:
ssh_compatible_openssl(long headerver, long libver)
{
long mask, hfix, lfix;
/* exact match is always OK */
if (headerver == libver)
return 1;
/* for versions < 1.0.0, major,minor,fix,status must match */
if (headerver < 0x1000000f) {
mask = 0xfffff00fL; /* major,minor,fix,status */
return (headerver & mask) == (libver & mask);
}
/*
* For versions >= 1.0.0, major,minor,status must match and library
* fix version must be equal to or newer than the header.
*/
mask = 0xfff0000fL; /* major,minor,status */
hfix = (headerver & 0x000ff000) >> 12;
lfix = (libver & 0x000ff000) >> 12;
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
return 1;
return 0;
}
all other uses as a simple ordinal. In the above function they expect
stability of the ABI for matching first three nibbles and release
status. Which makes a case for Richard's encoding scheme as being
more compatible with one of the more prominent applications that depends
on the encoding.
The proposal to move the minor version into nibbles 2 and 3 breaks this
OpenSSH function.
--
Viktor.
More information about the openssl-project
mailing list