From 02fd65d9fc788d4e8e18c251840f300031577d70 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 19 Mar 2018 03:35:38 +0000
Subject: Correct mistake of loading the default openssl.conf by default during
 autoinit.

This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as
OpenSSL. As a result, by default the openssl.conf file is not loaded during
autoinit, which makes autoinit safe for pledge(stdio).

ok jsing@
---
 src/lib/libcrypto/conf/conf_sap.c | 31 ++++++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

(limited to 'src/lib/libcrypto/conf')

diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
index f1844f69f4..98497025ee 100644
--- a/src/lib/libcrypto/conf/conf_sap.c
+++ b/src/lib/libcrypto/conf/conf_sap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.12 2018/03/17 16:20:01 beck Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.13 2018/03/19 03:35:38 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -108,8 +108,8 @@ OPENSSL_config_internal(void)
 	return;
 }
 
-void
-OPENSSL_config(const char *config_name)
+int
+OpenSSL_config(const char *config_name)
 {
 	/* Don't override if NULL */
 	/*
@@ -120,11 +120,19 @@ OPENSSL_config(const char *config_name)
 	if (config_name != NULL)
 		openssl_config_name = config_name;
 
-	(void) OPENSSL_init_crypto(0, NULL);
+	if (OPENSSL_init_crypto(0, NULL) == 0)
+		return 0;
 
-	(void) pthread_once(&openssl_configured, OPENSSL_config_internal);
+	if (pthread_once(&openssl_configured, OPENSSL_config_internal) != 0)
+		return 0;
 
-	return;
+	return 1;
+}
+
+void
+OPENSSL_config(const char *config_name)
+{
+	(void) OpenSSL_config(config_name);
 }
 
 static void
@@ -132,8 +140,17 @@ OPENSSL_no_config_internal(void)
 {
 }
 
+int
+OpenSSL_no_config(void)
+{
+	if (pthread_once(&openssl_configured, OPENSSL_no_config_internal) != 0)
+		return 0;
+
+	return 1;
+}
+
 void
 OPENSSL_no_config(void)
 {
-	(void) pthread_once(&openssl_configured, OPENSSL_no_config_internal);
+	(void) OpenSSL_no_config();
 }
-- 
cgit v1.2.3-55-g6feb