[openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jan 23 16:31:08 UTC 2015
On Fri, Jan 23, 2015 at 04:06:47PM +0000, Richard Moore wrote:
> > This is an interesting one because the problem is clear - the openssl
> > utility exits if it gets any error other than "file doesn't exist" trying
> > to open its configuration file - but the solution is not.
>
> The real problem isn't with openssl the utility. The problem (and it's a
> major one) is that this behaviour occurs when using openssl as a library
> and causes the application using openssl to terminate. This is appallingly
> bad practice for a library.
The documentation for OPENSSL_config() says that errors are silently
ignored. However, the code (1.0.1) prints error messages to stderr
and calls exit(1). That's a bug I think.
Proposed fix below (leaving the stderr bits in place for now, but
those also are questionable).
There are also two mysterious exit(1) calls in the rsax engine.
Worth taking a look at.
--
Viktor.
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index d03de24..f8146bd 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -99,7 +99,6 @@ void OPENSSL_config(const char *config_name)
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
- exit(1);
}
return;
diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c
index 8362754..86ee9d8 100644
--- a/crypto/engine/eng_rsax.c
+++ b/crypto/engine/eng_rsax.c
@@ -434,10 +434,10 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
BN_lshift(&two_512, BN_value_one(), 512);
if (0 == (m[7] & 0x8000000000000000)) {
- exit(1);
+ goto err;
}
if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */
- exit(1);
+ goto err;
}
/* Precompute m1 */
More information about the openssl-users
mailing list