Global declared object of OpenSSLInit class (PdfEncrypt.cpp) can throw exception from constructor and crash application on start

[nntrifonov]

Hi!

There is an OpenSSLInit class in PdfEncrypt.cpp and the global s_SSL object of this class.
Class has a constructor that can throw an exception. The problem is that it cannot be catched because s_SL constructor is called before main(). In case of an error during initialization of OpenSSL, the program crashes before the start of main().
It is better to redesign OpenSSLInit.

[ceztko]

This risk of failures during static fields initialization may be considered acceptable in some cases but I understand your point since here we are calling an external library. An improvement here may come later (0.11): I have some code parked that will move the init in a common place to be called in various places.

[igormironchik]

Confirm, this is exactly this issue.

[ceztko]

Ok, please understand that moving to lazy initialization won't fix this issue for you. You must bind to a openssl build that has legacy algorithms, or lazily crash in PoDoFo only if RC4 algorithms are needed by the actual document but OpenSSL support is not available. Patches welcome to add the latter.

[igormironchik]

Ok, please understand that moving to lazy initialization won't fix this issue for you.

Sure, thanks. OpenSSL from Conan is unusable...

[ceztko]

It is workable with some modifications to PoDoFo, but it won't work with RC4 encrypted documents. You can point out this to the Conan index.

[nntrifonov]

Hi!
OpenSSL 3 tries to load legacy.dll. If it is not in path it returns NULL and PoDoFo throws exceptions.
Set OPENSSL_MODULES system variable to specify the path to DLL.

[ceztko]

Implemented in 09cb7e1 . It didn't come for free, so I hope it was worth.