From e464d58452a0842aa8954833a7d46480949f5a6b Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 19 Mar 2018 03:35:38 +0000
Subject: Correct mistake of loading the default openssl.conf by default during
 autoinit.

This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as
OpenSSL. As a result, by default the openssl.conf file is not loaded during
autoinit, which makes autoinit safe for pledge(stdio).

ok jsing@
---
 src/lib/libcrypto/crypto_init.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/crypto_init.c')

diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c
index f3d1a2bce9..ed2b5d4810 100644
--- a/src/lib/libcrypto/crypto_init.c
+++ b/src/lib/libcrypto/crypto_init.c
@@ -25,6 +25,9 @@
 #include <openssl/err.h>
 #include "cryptlib.h"
 
+int OpenSSL_config(char *);
+int OpenSSL_no_config(char *);
+
 static pthread_t crypto_init_thread;
 
 static void
@@ -35,7 +38,6 @@ OPENSSL_init_crypto_internal(void)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_ciphers();
 	OpenSSL_add_all_digests();
-	OPENSSL_config(NULL);
 }
 
 int
@@ -46,11 +48,16 @@ OPENSSL_init_crypto(uint64_t opts, const void *settings)
 	if (pthread_equal(pthread_self(), crypto_init_thread))
 		return 1; /* don't recurse */
 
-	if (opts & OPENSSL_INIT_NO_LOAD_CONFIG)
-		OPENSSL_no_config();
-
 	if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0)
 		return 0;
 
+	if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) &&
+	    (OpenSSL_no_config(NULL) == 0))
+		return 0;
+
+	if ((opts & OPENSSL_INIT_LOAD_CONFIG) &&
+	    (OpenSSL_config(NULL) == 0))
+		return 0;
+
 	return 1;
 }
-- 
cgit v1.2.3-55-g6feb