libcrypto failure on Openssh
Michael Richardson
mcr at sandelman.ca
Mon Feb 27 16:00:10 UTC 2023
Hareesh Das Ulleri <hareesh.ulleri at ovt.com> wrote:
> When I tried to connect via OpenSSH it fails because of libcrypto
> error. In debug it found, it fails when an OpenSSH unprivileged child
> task calls a EVP_CipherInit function in OpenSSL and this calls my
> provider, which tries to open my device file which eventually fails.
> My provider handles the file open operations in
> OSSL_FUNC_CIPHER_NEWCTX, Not sure this is the right approach for
> openssl provider or not !
> Anyone knows or tried this scenario before ? What is the right approach
> of OpenSSL provider functions to handle file access in this scenario?
Could the open file have been marked to close upon fork()?
(I don't know of a way to do that, but there are lots of new fangled
permissions in Linux)
More likely, the OpenSSH child is closing all unneeded file descriptors, and
you need to find a way to avoid having yours closed. Or you need to open the
FD again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230227/77419d9f/attachment.sig>
More information about the openssl-users
mailing list