The previous bug was on the function ERR_load_crypto_strings( ) and this OpenSSL user has filed, the bug exists in ERR_load_SSL_strings( ) .
The reason for this bug is
1. The static variable, "done" used in the function
ERR_load_crypto_strings( ).
The purpose of this variable is to bypass the load function
process, if it is called again and again. At the first instance of the call to
this function, the value of the variable done is set to 1. But on call to the
function ERR_free_strings( ) the value of done is not reset to 0. By
disabling the check for the flag done is set or not, we got the output as
error:0607A082:digital envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key
length
error:0607A082:digital envelope routines:func(122):reason(130)
error:0607A082:digital envelope routines:func(122):reason(130)
Which shows only the library name in which the error has occured.
2. The function ERR_load_crypto_strings( ) internally calls 25
load functions for various cryptographic algorithms. In each load function a
static variable "init" is used for the same purpose as mentioned above.
And by disabling the check for the flag init, the required reson text is
obtained.
3. The value of the flags done and init is not RESET in the function ERR_free_strings( ), rather it just clears the memory.
FYI: The same bug exists fips' error load function ERR_load_FIPS_strings( ).
A patch to fix this bug is provided in the file attached.
But this but must be put to the notice of the OpenSSL development community as the patch affects 53 files (including FIPS code).
3. The value of the flags done and init is not RESET in the function ERR_free_strings( ), rather it just clears the memory.
FYI: The same bug exists fips' error load function ERR_load_FIPS_strings( ).
A patch to fix this bug is provided in the file attached.
But this but must be put to the notice of the OpenSSL development community as the patch affects 53 files (including FIPS code).
On 3/30/06, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
I thought we'd already established this as a bug?
When a state is changed, the marker of the state needs to change, as
well. The fact that freeing the strings doesn't clear the "loaded"
flag is... well, overlooking something obvious.
On 3/29/06, Viji <[EMAIL PROTECTED]> wrote:
>
> Hello All,
>
> It seems there is a bug in ERR_load_SSL_strings() function when called more
> than once. ERR_error_string() doesnot print the error message.
>
>
> This can be reproduced using the following sample program.
> ====================================================
> #include <openssl/err.h>
> #include <openssl/ssl.h>
>
> int main()
> {
>
> ERR_load_SSL_strings();
> printf("%s\n",ERR_error_string(336109761,NULL));
> ERR_free_strings();
>
> ERR_load_SSL_strings();
> printf("%s\n",ERR_error_string(336109761,NULL));
> ERR_free_strings();
>
> return 0;
> }
> ====================================================
>
> # cc err.c -lcrypto -lssl
> # ./a.out
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher
> error:1408A0C1:lib(20):func(138):reason(193)
>
> This is because ERR_load_SSL_strings() sets a static variable when it is
> called and it dooesnot unset this variable in ERR_free_strings(). So any
> further call to ERR_load_SSL_strings() does nothing and returns.
>
> Please provide ur views on this.
>
> Thanks,
> Vijayalakshmi.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
diff.log
Description: Binary data
