Bug with OpenSSL engine initialization in tls_engine_load_dynamic_generic

David Woodhouse dwmw2 at infradead.org
Mon Jun 6 23:51:37 PDT 2016

On Mon, 2016-06-06 at 17:56 +0200, Michael Schaller wrote:
> For me only remains one topic then. If specifying the pkcs11 engine
> and module path is on the way of deprecation (but IMHO not quite there
> yet) is it then worth fixing this issue? If yes, what about the
> proposed patch to not use ENGINE_by_id to check if an engine has been
> already loaded?

If I broke something last year (actually, I think it was December 2014)
when I cleaned up the auto-load code paths, then sure — we should
probably fix that.

If it's something that basically never worked, then there's no point in
fixing it now.

I suppose that if we take the holistic view, I really did break it last
year — not by anything I changed in hostap/wpa_supplicant, but by
changing engine_pkcs11 to install into the standand engine directory so
that ENGINE_by_id() *can* now find it.

Perhaps just avoid the ENGINE_by_id() *if* there are explicit pre
commands. In that case we'll do it through the dynamic engine anyway,
and we don't need the fallback of iterating over the list?

(That code path is broken if you need to use the dynamic engine to load
the one you want, and if there are *no* 'pre' commands, right?...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160607/c23403c9/attachment-0001.bin>

More information about the Hostap mailing list