[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Nov 13 22:24:01 UTC 2015
On Fri 2015-11-13 16:16:56 -0500, Viktor Dukhovni wrote:
> This is very difficult, because most applications use libcrypto
> algorithms indirectly, via EVP_get_cipherbyname(), EVP_get_digestbyname()
> and so on. So the code will link, but there'll be runtime errors
> due to missing ciphers or digests.
I'm less sympathetic in this case, since these functions have
well-defined semantics when a cipher has been removed (or simply isn't
present in the first place): they return NULL on error, and if code X
doesn't handle errors properly, it's up to code X to fix that problem.
Of course, no one will catch this at compile time, or even at dynamic
link time -- it'll get "caught" at runtime, which probably means
codepaths that haven't been tickled maybe ever.
At any rate, it's not hard to search for uses of EVP_get_*byname [0] --
places where those are used with hard-coded strings without error
checking can be ferreted out and fixed, and places where they're invoked
indirectly should probably just pass the error message upward in the
stack, no?
--dkg
[0] https://codesearch.debian.net/perpackage-results/EVP_get_%5Ba-z%5D*byname/2/page_0
More information about the openssl-dev
mailing list