Attempt to log an error if init failed

If init failed we'd like to set an error code to indicate that. But if init failed then when the error system tries to load its strings its going to fail again. We could get into an infinite loop. Therefore we just set a single error the first time around. After that no error is set. Reviewed-by: N Rich Salz <rsalz@openssl.org>

Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if init failed then when the error system tries to load its strings its going to fail again. We could get into an infinite loop. Therefore we just set a single error the first time around. After that no error is set. Reviewed-by: N Rich Salz <rsalz@openssl.org>
302f7588 · Matt Caswell · 0fc32b07 · 302f7588 · 302f7588 · 302f7588
10 changed file
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -114,6 +114,11 @@ int errstr_main(int argc, char **argv)
        if (!opt_ulong(*argv, &l))
            ret++;
        else {
+            /* We're not really an SSL application so this won't auto-init, but
+             * we're still interested in SSL error strings
+             */
+            OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+                             | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
            ERR_error_string_n(l, buf, sizeof buf);
            BIO_printf(bio_out, "%s\n", buf);
        }

--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -363,11 +363,9 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
    }

    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) {
-        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_NOT_INITED);
        return 0;
    }
    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
-        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_NOT_INITED);
        return 0;
    }


--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
 /* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -84,6 +84,9 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = {
    {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
    {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
    {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
+    {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START),
+     "OPENSSL_INIT_crypto_library_start"},
+    {ERR_FUNC(CRYPTO_F_OPENSSL_MEMDUP), "OPENSSL_MEMDUP"},
    {0, NULL}
 };


--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -223,6 +223,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
    {ERR_R_INTERNAL_ERROR, "internal error"},
    {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+    {ERR_R_INIT_FAIL, "init fail"},

    {0, NULL},
 };

--- a/crypto/init.c
+++ b/crypto/init.c
@@ -628,8 +628,21 @@ static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
 */
 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
 {
-    if (stopped)
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START,
+                      ERR_R_INIT_FAIL);
+        }
        return 0;
+    }

    ossl_init_once_run(&base, ossl_init_base);


--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -627,6 +627,7 @@ void ERR_load_CRYPTO_strings(void);
 # define CRYPTO_F_INT_DUP_EX_DATA                         106
 # define CRYPTO_F_INT_FREE_EX_DATA                        107
 # define CRYPTO_F_INT_NEW_EX_DATA                         108
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START       116
 # define CRYPTO_F_OPENSSL_MEMDUP                          114

 /* Reason codes. */

--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -309,7 +309,7 @@ typedef struct err_state_st {
 # define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
 # define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
 # define ERR_R_DISABLED                          (5|ERR_R_FATAL)
-# define ERR_R_NOT_INITED                        (6|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)

 /*
 * 99 is the maximum possible ERR_R_... code, higher values are reserved for

--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1986,6 +1986,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
+# define SSL_F_OPENSSL_INIT_SSL_LIBRARY_START             342
 # define SSL_F_READ_STATE_MACHINE                         352
 # define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
 # define SSL_F_SSL3_CALLBACK_CTRL                         233

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -95,7 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
    {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
     "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
-    {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "dtlsv1_listen"},
+    {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
    {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
     "dtls_construct_change_cipher_spec"},
    {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST),
@@ -103,6 +103,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
    {ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
     "dtls_get_reassembled_message"},
    {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
+    {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START),
+     "OPENSSL_INIT_ssl_library_start"},
    {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
    {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
    {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},

--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -301,8 +301,20 @@ static void ssl_library_stop(void)
 */
 int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
 {
-    if (stopped)
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START, ERR_R_INIT_FAIL);
+        }
        return 0;
+    }

    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))