[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Fri Dec 8 15:09:38 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  ea4e868a3c6872f4944dd5469518f8b10ee3432c (commit)
       via  ad74ff046bea5b1f77ff7425598802b91924652d (commit)
      from  fae00c9321e9d843355b37358a12756634e267e6 (commit)


- Log -----------------------------------------------------------------
commit ea4e868a3c6872f4944dd5469518f8b10ee3432c
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat Nov 25 12:08:47 2017 +0100

    In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()
    
    Otherwise, any command that relies on ssl modules may fail, because
    SSL_add_ssl_module() will be called after the config file has already
    been loaded.
    
    Fixes #4788
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4792)
    
    (cherry picked from commit 0488c0bbbe87eee3a800797b91350c653e9f1711)

commit ad74ff046bea5b1f77ff7425598802b91924652d
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat Nov 25 12:02:58 2017 +0100

    In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
    
    IF OPENSSL_init_ssl() is called with the option flag
    OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
    (i.e. there will be an attempt to load libssl_conf.so or whatever
    corresponds to that on non-Unix platforms).  Therefore, at least
    SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
    called.  The base ssl init does that, plus adds all kinds of ciphers
    and digests, which is harmless.
    
    Fixes #4788
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4792)
    
    (cherry picked from commit 0a90a6831e02e00d9043ada635421cfd3da5ffe2)

-----------------------------------------------------------------------

Summary of changes:
 apps/openssl.c | 4 ++--
 ssl/ssl_init.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/openssl.c b/apps/openssl.c
index b99bfa8..6e7b02c 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -69,8 +69,8 @@ static int apps_startup()
 #endif
 
     /* Set non-default library initialisation settings */
-    if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
-                             | OPENSSL_INIT_LOAD_CONFIG, NULL))
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                          | OPENSSL_INIT_LOAD_CONFIG, NULL))
         return 0;
 
 #ifndef OPENSSL_NO_UI
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index b286a98..3e62d48 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -191,11 +191,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
         return 0;
     }
 
-    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
-                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
-    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)

More information about the openssl-commits mailing list