[openssl-users] error message oddity

Michael Wojcik Michael.Wojcik at microfocus.com
Tue Nov 27 18:55:35 UTC 2018


You might want to check what strerror_r gives you, rather than strerror, since on GCC platforms that's what OpenSSL uses.


Also, OpenSSL builds its table of error strings at startup (or, for older versions, when you tell it to). It's conceivable an application's NLS settings changed between the time when OpenSSL built its table and the time when the error occurred, which could result in different text from OpenSSL and from a strerror or strerror_r at the point of failure.

________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Jakob Bohm via openssl-users <openssl-users at openssl.org>
Sent: Monday, November 26, 2018 11:13:35 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] error message oddity

On 25/11/2018 22:30, Viktor Dukhovni wrote:
>> On Nov 25, 2018, at 4:23 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>>
>> That isn't the package name, it is text defined in openssl/opensslv.h
> That happens when "OPENSSL_FIPS" is defined:
>
>    # define OPENSSL_VERSION_NUMBER  0x101000b0L
>    # ifdef OPENSSL_FIPS
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-fips-dev  xx XXX xxxx"
>    # else
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-dev  xx XXX xxxx"
>    # endif
>
> Given no FIPS for 1.1.x, perhaps that "#ifdef" should be "#if 0".  With
> 1.1.x the "Configure" arguments should not mention "fips".
>
A better solution would be to have a separate part of the 1.1.0/1.1.1
headers error out hard (with #error) if attempting to build with
OPENSSL_FIPS defined.

This would preserve all the FIPS-related stuff (such as the above
version naming code) for when a FIPS module for 1.1.x is provided,
while leaving the blocking of accidental miscompilation in a clear
location having no other effects.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181127/a82690d8/attachment.html>


More information about the openssl-users mailing list