OpenSSL 3.0 hangs on exit with FIPS and badly formatted config file #12496
Labels
branch: master
Merge to master branch
triaged: bug
The issue/pr is/fixes a bug
triaged: OTC evaluated
This issue/pr was triaged by OTC
Projects
Milestone
If the FIPS provider is loaded manually and the providers section of the config file contains any lines with
name=value
where no[value]
section exists, OpenSSL hangs on exit().Section 7.1 of https://wiki.openssl.org/index.php/OpenSSL_3.0 says to put these lines "near the beginning" of the config file:
If these lines are placed at the very beginning of the config file, the existing default section becomes part of the
[provider_sect]
section and the existingHOME = .
line causes OpenSSL to hang on exit() because there is no[.]
section. Likewise, if you were to addfoo = bar
under[provider_sect]
without creating a[bar]
section, OpenSSL will hang on exit().The problem only occurs under certain specific circumstances:
OSSL_PROVIDER_load()
EVP_get_digestbyname()
EVP_DigestInit_ex()
)OR
OSSL_PROVIDER_load()
EVP_MD_fetch()
(whether or not it is actually used later)OR
OSSL_PROVIDER_load()
OSSL_PROVIDER_unload()
prior to exit().The first two scenarios above cause OpenSSL to hang whether or not the FIPS provider is manually unloaded prior to exit().
The text was updated successfully, but these errors were encountered: