Re: error message oddity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You might want to check what strerror_r gives you, rather than strerror, since on GCC platforms that's what OpenSSL uses.


Also, OpenSSL builds its table of error strings at startup (or, for older versions, when you tell it to). It's conceivable an application's NLS settings changed between the time when OpenSSL built its table and the time when the error occurred, which could result in different text from OpenSSL and from a strerror or strerror_r at the point of failure.


From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Jakob Bohm via openssl-users <openssl-users@xxxxxxxxxxx>
Sent: Monday, November 26, 2018 11:13:35 AM
To: openssl-users@xxxxxxxxxxx
Subject: Re: error message oddity
 
On 25/11/2018 22:30, Viktor Dukhovni wrote:
>> On Nov 25, 2018, at 4:23 PM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote:
>>
>> That isn't the package name, it is text defined in openssl/opensslv.h
> That happens when "OPENSSL_FIPS" is defined:
>
>    # define OPENSSL_VERSION_NUMBER  0x101000b0L
>    # ifdef OPENSSL_FIPS
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-fips-dev  xx XXX xxxx"
>    # else
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-dev  xx XXX xxxx"
>    # endif
>
> Given no FIPS for 1.1.x, perhaps that "#ifdef" should be "#if 0".  With
> 1.1.x the "Configure" arguments should not mention "fips".
>
A better solution would be to have a separate part of the 1.1.0/1.1.1
headers error out hard (with #error) if attempting to build with
OPENSSL_FIPS defined.

This would preserve all the FIPS-related stuff (such as the above
version naming code) for when a FIPS module for 1.1.x is provided,
while leaving the blocking of accidental miscompilation in a clear
location having no other effects.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux