OPENSSL_VERSION_NUMBER not an unsigned Int

Fri, 21 Apr 2017 14:18:04 -0700 

Hi,
Working with patches for Postfix I noticed you use a non-standard way to test for OpenSSL version numbers. You're using comparisons to an unsigned int constant whereas OPENSSL_VERSION_NUMBER has only ever been defined as an int see 
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/opensslv.h#L33
I've not encountered this notation before in code.
Atached patch modifies existing OPENSSL_VERSION_NUMBER checks to regular checks.
This is helpful when checking for OPENSSL_VERSION_NUMBER checks when porting for LibreSSL or BoringSSL. 

Cheers,

Bernard.


--- src/global/mail_params.h.orig	2017-02-19 02:58:20.000000000 +0100
+++ src/global/mail_params.h	2017-04-21 23:02:34.753882000 +0200
@@ -1350,7 +1350,7 @@
 extern char *var_smtpd_tls_dh1024_param_file;
 
 #define VAR_SMTPD_TLS_EECDH	"smtpd_tls_eecdh_grade"
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
 #define DEF_SMTPD_TLS_EECDH	"auto"
 #else
 #define DEF_SMTPD_TLS_EECDH	"strong"
@@ -3152,7 +3152,7 @@
   * TLS cipherlists
   */
 #ifdef USE_TLS
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
 #define PREFER_aNULL "aNULL:-aNULL:"
 #else
 #define PREFER_aNULL ""
@@ -3233,8 +3233,8 @@
 
  /* The tweak for CVE-2010-4180 is needed in some versions prior to 1.0.1 */
  /* The tweak for CVE-2005-2969 is needed in some versions prior to 1.0.0 */
-#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x1000100fUL)
-#if (OPENSSL_VERSION_NUMBER < 0x1000000fUL)
+#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x1000100fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
 #define TLS_BUG_TWEAKS		"CVE-2005-2969 CVE-2010-4180"
 #else
 #define TLS_BUG_TWEAKS		"CVE-2010-4180"
--- src/tls/tls_dh.c.orig	2016-12-27 00:47:24.000000000 +0100
+++ src/tls/tls_dh.c	2017-04-21 23:03:23.656584000 +0200
@@ -94,7 +94,7 @@
 #define TLS_INTERNAL
 #include <tls.h>
 #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_ECDH)
 #include <openssl/ec.h>
 #endif
 
@@ -244,7 +244,7 @@
 
 void    tls_auto_eecdh_curves(SSL_CTX *ctx)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_ECDH)
     SSL_CTX *tmpctx;
     int    *nids;
     int     space = 5;
@@ -314,7 +314,7 @@
      * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
      * auto-negotiated.
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
 	msg_warn("failed to enable automatic ECDHE curve selection");
 	tls_print_errors();
@@ -327,7 +327,7 @@
 
 void    tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000000fL && !defined(OPENSSL_NO_ECDH)
     int     nid;
     EC_KEY *ecdh;
     const char *curve;
@@ -337,14 +337,14 @@
 #define TLS_EECDH_NONE		1
 #define TLS_EECDH_STRONG	2
 #define TLS_EECDH_ULTRA		3
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
 #define TLS_EECDH_AUTO		4
 #endif
     static NAME_CODE eecdh_table[] = {
 	"none", TLS_EECDH_NONE,
 	"strong", TLS_EECDH_STRONG,
 	"ultra", TLS_EECDH_ULTRA,
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
 	"auto", TLS_EECDH_AUTO,
 #endif
 	0, TLS_EECDH_INVALID,
@@ -364,7 +364,7 @@
     case TLS_EECDH_ULTRA:
 	curve = var_tls_eecdh_ultra;
 	break;
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
     case TLS_EECDH_AUTO:
 	tls_auto_eecdh_curves(server_ctx);
 	return;

Reply via email to