The pandemic of incomplete OpenSSL error handling
6 hours ago
- #Security
- #OpenSSL
- #Error Handling
- A bug report for APT highlighted TLS failures on FIPS systems due to MD5 errors, suggesting use of ERR_clear_error() around TLS operations.
- The author opposes this as a bad practice, arguing that discarding unrelated errors is unsafe and that the root cause should be fixed instead.
- ERR_clear_error() is widely used as a best practice in many codebases, but it leads to a systemic issue of incomplete error handling.
- Another anti-pattern involves checking top-level errors after OpenSSL operations and discarding them if deemed not severe, which also silences unrelated errors.
- Developers are encouraged to inspect code for ERR_clear_error() calls and consider using ERR_set_mark() for safer error stack management.
- A call is made to OpenSSL authors to avoid promoting practices that compromise security and trust in software.