[openssl-dev] [openssl.org #4215] Results of regression for some apps
Dmitry Belyavsky
beldmit at gmail.com
Sat May 14 21:42:50 UTC 2016
Dear Stephen,
On Fri, May 13, 2016 at 2:41 PM, Stephen Henson via RT <rt at openssl.org>
wrote:
> On Mon Jan 04 14:07:23 2016, beldmit at gmail.com wrote:
> > Hello!
> >
> > I found the following problems running my cipher suite with openssl 1.1.0
> >
> > 1. Some apps try to load the default config file twice. In case when we
> > load an engine via the config file and the engine prevents itself from
> > loading more than once, it causes errors.
> >
> > The attached patch contains fixes for the 'req' and 'ts' utilities, but
> may
> > be there are some more utilities with specific config files.
> >
> > 2. The 'smime' utility erroneously regards the '-signer' option to be the
> > name of input file. It's wrong when the utility uses this option in
> -verify
> > mode. So the attached patch makes this option to be processed as string,
> > not as input.
> >
> > 3. The 'cms' and 'smime' utilities do not accept the '-inform smime'
> > options. It may be a bug or not a bug (files in SMIME format are
> accepted)
> > but it is definitely an incompatibility.
> >
>
> Can you indicate if #1 is still a problem and if so give some details on
> how to
> reproduce it?
>
Yes. The bug is still reproducable with the req command.
To reproduce it, you need to specify the OPENSSL_CONF variable.
(You have to load the engine via config to enable the algorithms on startup
of the openssl).
The engine you load through the config must return an error on loading 2nd
time (as ccgost engine does).
So using the req command like this:
OPENSSL_CONF=openssl.conf openssl req -new -key mykey.pem
Will cause an error like this:
140444282672896:error:26078067:engine routines:engine_list_add:conflicting
engine id:crypto/engine/eng_list.c:116:
140444282672896:error:2606906E:engine routines:ENGINE_add:internal list
error:crypto/engine/eng_list.c:268:
140444282672896:error:260B6067:engine routines:dynamic_load:conflicting
engine id:crypto/engine/eng_dyn.c:544:
140444282672896:error:260BC066:engine routines:int_engine_configure:engine
configuration error:crypto/engine/eng_cnf.c:190:section=cryptocom_section,
name=dynamic_path, value=/path/to/libengine.so
140444282672896:error:0E07606D:configuration file
routines:module_run:module initialization
error:crypto/conf/conf_mod.c:221:module=engines, value=engine_section,
retcode=-1
To prevent it, it seems to me that it's necessary to check
whether the value of the variable 'template' does not match the variable
'default_config_file'
as the config file specified in the default_config_file variable is already
loaded.
>
> #2 and #3 should be addressed now.
>
> Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160515/16114203/attachment.html>
More information about the openssl-dev
mailing list