On Fri, Jan 23, 2015 at 04:06:47PM +0000, Richard Moore wrote: > > This is an interesting one because the problem is clear - the openssl > > utility exits if it gets any error other than "file doesn't exist" trying > > to open its configuration file - but the solution is not. > > The real problem isn't with openssl the utility. The problem (and it's a > major one) is that this behaviour occurs when using openssl as a library > and causes the application using openssl to terminate. This is appallingly > bad practice for a library. The documentation for OPENSSL_config() says that errors are silently ignored. However, the code (1.0.1) prints error messages to stderr and calls exit(1). That's a bug I think. Proposed fix below (leaving the stderr bits in place for now, but those also are questionable). There are also two mysterious exit(1) calls in the rsax engine. Worth taking a look at. -- Viktor. diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index d03de24..f8146bd 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -99,7 +99,6 @@ void OPENSSL_config(const char *config_name) ERR_print_errors(bio_err); BIO_free(bio_err); } - exit(1); } return; diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c index 8362754..86ee9d8 100644 --- a/crypto/engine/eng_rsax.c +++ b/crypto/engine/eng_rsax.c @@ -434,10 +434,10 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) BN_lshift(&two_512, BN_value_one(), 512); if (0 == (m[7] & 0x8000000000000000)) { - exit(1); + goto err; } if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ - exit(1); + goto err; } /* Precompute m1 */