[openssl-dev] EPIPE handling

Pádraig Brady P at draigBrady.com
Tue Feb 10 15:35:15 UTC 2015

I was trying to generate random numbers to a pipe yesterday,
and was surprised by the openssl command's handling of EPIPE.

  strace openssl rand -base64 10000000 | head -n1

That will redundantly write all the data (ignoring the EPIPE error),
even when the pipe is closed.

For the enc command though, the EPIPE error is not ignored,
which is also problematic, resulting in an unwanted diagnostic:

  strace openssl enc -aes-256-ctr -pass pass:seed -nosalt </dev/zero | head -c1 >/dev/null

Both these issues could be avoided by not ignoring SIGPIPE, which I verified with:

diff --git a/apps/apps.h b/apps/apps.h
index 2e346f9..69bcbba 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -163,7 +163,7 @@ extern BIO *bio_err;
 #  include <signal.h>
 # endif

-# ifdef SIGPIPE
+# if defined SIGPIPE && defined IGNORE_SIGPIPE
 #  define do_pipe_sig()   signal(SIGPIPE,SIG_IGN)
 # else
 #  define do_pipe_sig()

What's the reason exactly that openssl is messing with SIGPIPE?
If this really needs to be controlled for some edge case,
could perhaps the default be changed; at least for the standalone apps?


More information about the openssl-dev mailing list