missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 23, 2015 at 04:06:47PM +0000, Richard Moore wrote:

> > This is an interesting one because the problem is clear - the openssl
> > utility exits if it gets any error other than "file doesn't exist" trying
> > to open its configuration file - but the solution is not.
>
> The real problem isn't with openssl the utility. The problem (and it's a
> major one) is that this behaviour occurs when using openssl as a library
> and causes the application using openssl to terminate. This is appallingly
> bad practice for a library.

The documentation for OPENSSL_config() says that errors are silently
ignored.  However, the code (1.0.1) prints error messages to stderr
and calls exit(1).  That's a bug I think.

Proposed fix below (leaving the stderr bits in place for now, but
those also are questionable).

There are also two mysterious exit(1) calls in the rsax engine.
Worth taking a look at.

-- 
	Viktor.

diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index d03de24..f8146bd 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -99,7 +99,6 @@ void OPENSSL_config(const char *config_name)
             ERR_print_errors(bio_err);
             BIO_free(bio_err);
         }
-        exit(1);
     }
 
     return;
diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c
index 8362754..86ee9d8 100644
--- a/crypto/engine/eng_rsax.c
+++ b/crypto/engine/eng_rsax.c
@@ -434,10 +434,10 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
     BN_lshift(&two_512, BN_value_one(), 512);
 
     if (0 == (m[7] & 0x8000000000000000)) {
-        exit(1);
+        goto err;
     }
     if (0 == (m[0] & 0x1)) {    /* Odd modulus required for Mont */
-        exit(1);
+        goto err;
     }
 
     /* Precompute m1 */


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux